Sample code for 30+ languages & platforms
PureBasic

SSH Tunnel Inside another SSH Tunnel

See more SSH Tunnel Examples

Demonstrates how to create a TCP/IP socket connection through an SSH tunnel that is dynamic port forwarded through another SSH tunnel.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkSocket.pb"
IncludeFile "CkSshTunnel.pb"
IncludeFile "CkDateTime.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    tunnel.i = CkSshTunnel::ckCreate()
    If tunnel.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    sshHostname.s = "www.ssh-serverA.com"
    sshPort.i = 22

    ; Connect to an SSH server and establish the SSH tunnel:
    success = CkSshTunnel::ckConnect(tunnel,sshHostname,sshPort)
    If success = 0
        Debug CkSshTunnel::ckLastErrorText(tunnel)
        CkSshTunnel::ckDispose(tunnel)
        ProcedureReturn
    EndIf

    ; Authenticate with the SSH server via a login/password
    ; or with a public key.  
    ; This example demonstrates SSH password authentication.
    success = CkSshTunnel::ckAuthenticatePw(tunnel,"mySshLogin","mySshPassword")
    If success = 0
        Debug CkSshTunnel::ckLastErrorText(tunnel)
        CkSshTunnel::ckDispose(tunnel)
        ProcedureReturn
    EndIf

    ; Indicate that the background SSH tunnel thread will behave as a SOCKS proxy server
    ; with dynamic port forwarding:
    CkSshTunnel::setCkDynamicPortForwarding(tunnel, 1)

    ; We may optionally require that connecting clients authenticate with our SOCKS proxy server.
    ; To do this, set an inbound username/password.  Any connecting clients would be required to 
    ; use SOCKS5 with the correct username/password.
    ; If no inbound username/password is set, then our SOCKS proxy server will accept both
    ; SOCKS4 and SOCKS5 unauthenticated connections.

    CkSshTunnel::setCkInboundSocksUsername(tunnel, "chilkat123")
    CkSshTunnel::setCkInboundSocksPassword(tunnel, "password123")

    ; Start the listen/accept thread to begin accepting SOCKS proxy client connections.
    ; Listen on port 1080.
    success = CkSshTunnel::ckBeginAccepting(tunnel,1080)
    If success = 0
        Debug CkSshTunnel::ckLastErrorText(tunnel)
        CkSshTunnel::ckDispose(tunnel)
        ProcedureReturn
    EndIf

    ; Now that a background thread is running a SOCKS proxy server that forwards connections
    ; through an SSH tunnel, it is possible to use any Chilkat implemented protocol that is SOCKS capable,
    ; such as HTTP, POP3, SMTP, IMAP, FTP, Socket, etc.  The protocol may use SSL/TLS because the SSL/TLS
    ; will be passed through the SSH tunnel to the end-destination.  Also, any number of simultaneous
    ; connections may be routed through the SSH tunnel.

    tunnelB.i = CkSocket::ckCreate()
    If tunnelB.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Indicate that the socket object is to use our portable SOCKS proxy/SSH tunnel running in our background thread.
    CkSocket::setCkSocksHostname(tunnelB, "localhost")
    CkSocket::setCkSocksPort(tunnelB, 1080)
    CkSocket::setCkSocksVersion(tunnelB, 5)
    CkSocket::setCkSocksUsername(tunnelB, "chilkat123")
    CkSocket::setCkSocksPassword(tunnelB, "password123")

    ; Open a new SSH tunnel through the existing tunnel (via what we treat as a SOCKS5 proxy,
    ; but it is actually a dynamic port-forwarded SSH tunnel).
    success = CkSocket::ckSshOpenTunnel(tunnelB,"www.ssh-serverB.com",22)
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnelB)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        ProcedureReturn
    EndIf

    ; Authenticate with ssh-serverB.com
    success = CkSocket::ckSshAuthenticatePw(tunnelB,"uname","pwd")
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnelB)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        ProcedureReturn
    EndIf

    ; OK, the SSH tunnel (within a tunnel) is setup.  Now open a channel within the tunnel.
    ; Once the channel is obtained, the Socket API may
    ; be used exactly the same as usual, except all communications
    ; are sent through the channel in the SSH tunnel.
    ; Any number of channels may be created from the same SSH tunnel.
    ; Multiple channels may coexist at the same time.

    ; Connect to an NIST time server and read the current date/time
    channel.i = CkSocket::ckCreate()
    If channel.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    maxWaitMs.i = 4000
    useTls.i = 0
    success = CkSocket::ckSshNewChannel(tunnelB,"time-c.nist.gov",37,useTls,maxWaitMs,channel)
    If success = 0
        Debug CkSocket::ckLastErrorText(tunnelB)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    ; The time server will send a big-endian 32-bit integer representing
    ; the number of seconds since since 00:00 (midnight) 1 January 1900 GMT.
    ; The ReceiveInt32 method will receive a 4-byte integer, but returns
    ; 1 or 0 to indicate success.  If successful, the integer
    ; is obtained via the ReceivedInt property.
    bigEndian.i = 1
    success = CkSocket::ckReceiveInt32(channel,bigEndian)
    If success = 0
        Debug CkSocket::ckLastErrorText(channel)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        CkSocket::ckDispose(channel)
        ProcedureReturn
    EndIf

    dt.i = CkDateTime::ckCreate()
    If dt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkDateTime::ckSetFromNtpTime(dt,CkSocket::ckReceivedInt(channel))

    ; Show the current local date/time
    bLocalTime.i = 1
    Debug "Current local date/time: " + CkDateTime::ckGetAsRfc822(dt,bLocalTime)

    ; Close the SSH channel.
    success = CkSocket::ckClose(channel,maxWaitMs)
    If success = 0
        Debug CkSocket::ckLastErrorText(channel)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        CkSocket::ckDispose(channel)
        CkDateTime::ckDispose(dt)
        ProcedureReturn
    EndIf

    ; Stop the background listen/accept thread:
    waitForThreadExit.i = 1
    success = CkSshTunnel::ckStopAccepting(tunnel,waitForThreadExit)
    If success = 0
        Debug CkSshTunnel::ckLastErrorText(tunnel)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        CkSocket::ckDispose(channel)
        CkDateTime::ckDispose(dt)
        ProcedureReturn
    EndIf

    ; Close the SSH tunnel (would also kick any remaining connected clients).
    success = CkSshTunnel::ckCloseTunnel(tunnel,waitForThreadExit)
    If success = 0
        Debug CkSshTunnel::ckLastErrorText(tunnel)
        CkSshTunnel::ckDispose(tunnel)
        CkSocket::ckDispose(tunnelB)
        CkSocket::ckDispose(channel)
        CkDateTime::ckDispose(dt)
        ProcedureReturn
    EndIf



    CkSshTunnel::ckDispose(tunnel)
    CkSocket::ckDispose(tunnelB)
    CkSocket::ckDispose(channel)
    CkDateTime::ckDispose(dt)


    ProcedureReturn
EndProcedure