Sample code for 30+ languages & platforms
Tcl

SSH Tunnel Inside another SSH Tunnel

See more SSH Tunnel Examples

Demonstrates how to create a TCP/IP socket connection through an SSH tunnel that is dynamic port forwarded through another SSH tunnel.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set tunnel [new_CkSshTunnel]

set sshHostname "www.ssh-serverA.com"
set sshPort 22

# Connect to an SSH server and establish the SSH tunnel:
set success [CkSshTunnel_Connect $tunnel $sshHostname $sshPort]
if {$success == 0} then {
    puts [CkSshTunnel_lastErrorText $tunnel]
    delete_CkSshTunnel $tunnel
    exit
}

# Authenticate with the SSH server via a login/password
# or with a public key.  
# This example demonstrates SSH password authentication.
set success [CkSshTunnel_AuthenticatePw $tunnel "mySshLogin" "mySshPassword"]
if {$success == 0} then {
    puts [CkSshTunnel_lastErrorText $tunnel]
    delete_CkSshTunnel $tunnel
    exit
}

# Indicate that the background SSH tunnel thread will behave as a SOCKS proxy server
# with dynamic port forwarding:
CkSshTunnel_put_DynamicPortForwarding $tunnel 1

# We may optionally require that connecting clients authenticate with our SOCKS proxy server.
# To do this, set an inbound username/password.  Any connecting clients would be required to 
# use SOCKS5 with the correct username/password.
# If no inbound username/password is set, then our SOCKS proxy server will accept both
# SOCKS4 and SOCKS5 unauthenticated connections.

CkSshTunnel_put_InboundSocksUsername $tunnel "chilkat123"
CkSshTunnel_put_InboundSocksPassword $tunnel "password123"

# Start the listen/accept thread to begin accepting SOCKS proxy client connections.
# Listen on port 1080.
set success [CkSshTunnel_BeginAccepting $tunnel 1080]
if {$success == 0} then {
    puts [CkSshTunnel_lastErrorText $tunnel]
    delete_CkSshTunnel $tunnel
    exit
}

# Now that a background thread is running a SOCKS proxy server that forwards connections
# through an SSH tunnel, it is possible to use any Chilkat implemented protocol that is SOCKS capable,
# such as HTTP, POP3, SMTP, IMAP, FTP, Socket, etc.  The protocol may use SSL/TLS because the SSL/TLS
# will be passed through the SSH tunnel to the end-destination.  Also, any number of simultaneous
# connections may be routed through the SSH tunnel.

set tunnelB [new_CkSocket]

# Indicate that the socket object is to use our portable SOCKS proxy/SSH tunnel running in our background thread.
CkSocket_put_SocksHostname $tunnelB "localhost"
CkSocket_put_SocksPort $tunnelB 1080
CkSocket_put_SocksVersion $tunnelB 5
CkSocket_put_SocksUsername $tunnelB "chilkat123"
CkSocket_put_SocksPassword $tunnelB "password123"

# Open a new SSH tunnel through the existing tunnel (via what we treat as a SOCKS5 proxy,
# but it is actually a dynamic port-forwarded SSH tunnel).
set success [CkSocket_SshOpenTunnel $tunnelB "www.ssh-serverB.com" 22]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $tunnelB]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    exit
}

# Authenticate with ssh-serverB.com
set success [CkSocket_SshAuthenticatePw $tunnelB "uname" "pwd"]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $tunnelB]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    exit
}

# OK, the SSH tunnel (within a tunnel) is setup.  Now open a channel within the tunnel.
# Once the channel is obtained, the Socket API may
# be used exactly the same as usual, except all communications
# are sent through the channel in the SSH tunnel.
# Any number of channels may be created from the same SSH tunnel.
# Multiple channels may coexist at the same time.

# Connect to an NIST time server and read the current date/time
set channel [new_CkSocket]

set maxWaitMs 4000
set useTls 0
set success [CkSocket_SshNewChannel $tunnelB "time-c.nist.gov" 37 $useTls $maxWaitMs $channel]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $tunnelB]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    delete_CkSocket $channel
    exit
}

# The time server will send a big-endian 32-bit integer representing
# the number of seconds since since 00:00 (midnight) 1 January 1900 GMT.
# The ReceiveInt32 method will receive a 4-byte integer, but returns
# 1 or 0 to indicate success.  If successful, the integer
# is obtained via the ReceivedInt property.
set bigEndian 1
set success [CkSocket_ReceiveInt32 $channel $bigEndian]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $channel]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    delete_CkSocket $channel
    exit
}

set dt [new_CkDateTime]

CkDateTime_SetFromNtpTime $dt [CkSocket_get_ReceivedInt $channel]

# Show the current local date/time
set bLocalTime 1
puts "Current local date/time: [CkDateTime_getAsRfc822 $dt $bLocalTime]"

# Close the SSH channel.
set success [CkSocket_Close $channel $maxWaitMs]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $channel]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    delete_CkSocket $channel
    delete_CkDateTime $dt
    exit
}

# Stop the background listen/accept thread:
set waitForThreadExit 1
set success [CkSshTunnel_StopAccepting $tunnel $waitForThreadExit]
if {$success == 0} then {
    puts [CkSshTunnel_lastErrorText $tunnel]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    delete_CkSocket $channel
    delete_CkDateTime $dt
    exit
}

# Close the SSH tunnel (would also kick any remaining connected clients).
set success [CkSshTunnel_CloseTunnel $tunnel $waitForThreadExit]
if {$success == 0} then {
    puts [CkSshTunnel_lastErrorText $tunnel]
    delete_CkSshTunnel $tunnel
    delete_CkSocket $tunnelB
    delete_CkSocket $channel
    delete_CkDateTime $dt
    exit
}


delete_CkSshTunnel $tunnel
delete_CkSocket $tunnelB
delete_CkSocket $channel
delete_CkDateTime $dt