Sample code for 30+ languages & platforms
PureBasic

TLS Connection within SSH Tunnel (Port Forwarding)

See more Socket/SSL/TLS Examples

Demonstrates using Chilkat Socket to communicate to a TLS service through an SSH tunnel. This example will connect (through a port-forwarded SSH tunnel) to the GMAIL IMAP server via TLS and will receive the greeting.

Note: The Chilkat IMAP API provides direct support for using SSH tunneling with the IMAP protocol. This example serves only to demonstrate that, in general, TLS connections can be tunneled through SSH.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkSocket.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    tunnel.i = CkSocket::ckCreate()
    If tunnel.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    sshHostname.s = "sftp.example.com"
    sshPort.i = 22

    ; Connect to an SSH server and establish the SSH tunnel:
    success = CkSocket::ckSshOpenTunnel(tunnel,sshHostname,sshPort)
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnel)
        CkSocket::ckDispose(tunnel)
        ProcedureReturn
    EndIf

    ; Authenticate with the SSH server via a login/password
    ; or with a public key.
    ; This example demonstrates SSH password authentication.
    success = CkSocket::ckSshAuthenticatePw(tunnel,"mySshLogin","mySshPassword")
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnel)
        CkSocket::ckDispose(tunnel)
        ProcedureReturn
    EndIf

    ;  OK, the SSH tunnel is setup.  Now open a channel within the tunnel.
    ;  Once the channel is obtained, the Socket API may
    ;  be used exactly the same as usual, except all communications
    ;  are sent through the channel in the SSH tunnel.
    ;  Any number of channels may be created from the same SSH tunnel.
    ;  Multiple channels may coexist at the same time.

    ; Connect to the GMAIL IMAP server via TLS (through the port-forwarded SSH tunnel)
    channel.i = CkSocket::ckCreate()
    If channel.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    maxWaitMs.i = 4000
    useTls.i = 1
    success = CkSocket::ckSshNewChannel(tunnel,"imap.gmail.com",993,useTls,maxWaitMs,channel)
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnel)
        CkSocket::ckDispose(tunnel)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    ; If desired, visually inspect the LastErrorText to see that indeed the TLS
    ; protocol was run inside the SSH tunnel:
    Debug CkSocket::ckLastErrorText(tunnel)

    ; The first thing an IMAP server does is to send a greeting terminated with a CRLF.
    imapGreeting.s = CkSocket::ckReceiveToCRLF(channel)
    If CkSocket::ckLastMethodSuccess(channel) <> 1
        Debug CkSocket::ckLastErrorText(channel)
        CkSocket::ckDispose(tunnel)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    Debug imapGreeting

    ; Close the connection to imap.gmail.com.  This is actually closing our channel
    ; within the SSH tunnel, but keeps the tunnel open for the next port-forwarded connection.
    success = CkSocket::ckClose(channel,maxWaitMs)
    If success = 0
        Debug CkSocket::ckLastErrorText(channel)
        CkSocket::ckDispose(tunnel)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    ; Finally, close the SSH tunnel.
    success = CkSocket::ckSshCloseTunnel(tunnel)
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnel)
        CkSocket::ckDispose(tunnel)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    Debug "TLS SSH tunneling example completed."


    CkSocket::ckDispose(tunnel)
    CkSocket::ckDispose(channel)


    ProcedureReturn
EndProcedure