I have a device in network. I would like to use SNMP to get information. Is it possible for using SSH and then SNMP for messages over ssh session ? I am using Java for implementation.
It seems snmp4j is not yet ready for the snmp via ssh.
Can you please give me some example, if its possible ?
Ideally, you should write your application software developers and ask them to support RFC5592, which is the standard for how to do "SNMP over SSH". Not every stack has support for it yet, but some do (like the most recent version of Net-SNMP).
Normally, SNMP runs over UDP; the SNMP implementations I know cannot directly use SSH.
However, you can tunnel UDP over SSH, and thus tunnel SNMP traffic.
One possibility is to tunnel using socat.
See e.g.
http://www.derkeiler.com/Newsgroups/comp.security.ssh/2007-01/msg00136.html
for an explanation.
You could probably also configure SNMP to run over TCP instead of UDP, which makes tunneling easier.
Related
Both grpc-java and grpc-c++ have the support for in-process channel, which is used if grpc client and server are in the same process.
So I have a question, is it possible to use java client to call c++ server in the same process using in-process channel?
No. The inprocess channels in each language are language-specific. You would need to use a normal channel and a port of localhost.
While it might be possible to use socketpair() to do something similar, it would require some effort to get working.
I'm looking for a secure way to tunnel RMI traffic.
In My application(java Webstart) i must assume that the only port that is open is port 80.
I have the looked att socketfactories for rmi but do i really need a proxy then.
I need to do all my tunneling on the client side.
The only firewall i am trying to get past is on the client side.
I'm not able to open 1099 with port ranges above.
Would be nice to see some implementations.
Thanks!
Port 1099 was reserved for RMI at IANA in about 1995. There is no reason for it not to be open for outbound access in the client-side firewall.
RMI can be made to use fixed port numbers by supplying a port number when constructing (super(port)) or exporting (exportObject(object, port)). Better still, if you create the Registry within the server JVM via LocateRegistry.createRegistry(), all subequently exported remote objects will use that port unless they specify a different port or they use a server socket factory.
BUT ... RMI already includes HTTP tunneling 'out of the box'. No external solution required. You have to deploy the RMI-Servlet provided with the JDK, at the server end.
(a)
although not the newest fashion, exposing remote services with Hessian and Burlap seems to be a simple solution to avoid problem working across firewalls: http://hessian.caucho.com/doc/
see sample code for the server and client side:
http://www.javatpoint.com/spring-remoting-by-hessian-example
(b) or consider using Spring HttpInvokder (see some sample code here: http://www.javatpoint.com/spring-remoting-by-http-invoker-example)
HttpInvokder provides more customization options through the RemoteInvocationFactory, RemoteInvocationExecutor and HttpInvokerRequestExecutor strategies (for example, to add custom context information (such as user credentials) to the remote invocation, or using java’s built-in object serialization etc.), see:
http://docs.spring.io/spring-framework/docs/2.0.x/api/org/springframework/remoting/support/RemoteInvocationFactory.html
I'm curious about how JConsole and JMX work together. Specifically, I have read this JConsole Guide which mentions that
jconsole uses a JMXConnector client to connect to the JMXConnectorServer in
the target application. If the application isn't started with the JMX agent
then there isn't a JMXConnectorServer and jconsole doesn't have anything to
connect too. In that case it uses a HotSpotTM VM specific mechanism to start
the JMX agent in the target VM. Once the agent is started then jconsole connects
as normal.
When I start jconsole it simply needs a port and hostname for the JMX information, so I'm wondering if its possible to access the MBeans through any arbitrary tcp connection (and thus any programming language), or if there is something special that jconsole is also doing?
I know how to access the MBean Factory though java, but I am curious if I can access these items through an arbitrary language via TCP or another straightforward mechanism. Also see link discussing rest connector.
By default, the JMX server provides connection via RMI. That will make it tricky to access the server through an arbitrary language.
However, the JMX server is not limited to RMI as the communication protocol. The architecture is extensible and pretty much any transport protocol might be used - but it would need to be written almost from scratch.
Take a look at Jolokia - they do a pretty amazing stuff to let you talk to the MBean servers via a bunch of protocols (REST is one of them), amongst other things.
My issue is a protocol that identifies terminals by it's sending IP. I want to manage the connections of several terminals to this server using some kind of proxy that implements that protocol.
So I have Terminal A which is identified by the server by the IP 1.2.3.4 and Terminal B which is identified by the server using the IP 5.6.7.8. Now the proxy will be in a local network with Terminal A and B.
When Terminal A wants to reach the server, it will query the proxy and the proxy needs to send the request on behalf of Terminal A using IP 1.2.3.4 to the server
When Terminal B wants to reach the server, it will query the proxy and the proxy needs to send the request on behalf of Terminal A using IP 5.6.7.8 to the server
Is it even possible to solve that issue in Java or do I have to do network voodoo on the router to achieve this?
Edit: to make things clear. I know what a network proxy is and what a router does. I also know how to solve my problem on a network level using advanced network voodoo if required. What I want to know is if my guess that the problem can't be solved using Java is correct. So the bottom line question is: can I use Java to send traffic using a specific network interface to which a specific IP has been assigned or do I have to rely on what the operating system does to route my traffic (in which case the advanced network voodoo would be required)?
Edit2: If routing of network traffic can be done in java, I'd just like a quick pointer where to look into. My own googling didn't return any useful results.
1) You already have some implementations for tcp tunelling with java. Below are some examples:
http://jtcpfwd.sourceforge.net/
http://sourceforge.net/projects/jttt/
2) Even with these existing implementations, you can still do you own by forwarding packets arriving in the proxy using java.net.Socket.
3) I still think that a better option would be a specific implementation using java.lang.Runtime.exec() and socat linux command. socat is just like the Netcat but with security and chrooting support and works over various protocols and through a files, pipes, devices, TCP sockets, Unix sockets, a client for SOCKS4, proxy CONNECT, or SSL etc. To redirect all port 80 conenctions to ip 202.54.1.5:
$ socat TCP-LISTEN:80,fork TCP:202.54.1.5:80
My program connects to an IRC room on freenode.net, it uses port 6667, apparently that port is blocked in my college so the project doesn't work there (I wish I had known that before I proposed that one, but it's due the next week so I can't make a new project now). I read that it was possible to tunnel that connection, but I'm not sure how to do it.
I read I had to use an SSH library but I can't find one that helps me tunneling the connection using a socket.
I found a package called ssh in MindTerm but a really old one, that basically does the process (I think) using these lines:
SSHSocketFactory fact = new SSHSocketFactory("ssh.freessh.biz", 22, new SSHPasswordAuthenticator("freessh", "7QO5dkmg<"));
ventanachat.socket = fact.createSocket(servidorirc, puerto);
It gives me: java.io.IOException: MindTerm do not support SSHv2 yet, enable SSHv1 compatibility in server
So I tried a new version that has ssh2 support, but I just can't get the same process since classes are different here and there's no documentation.
The socket is basically Socket socket = new Socket ("irc.freenode.net", 6667);
I am wondering what library could I use, and how?
You are liable to get into trouble for circumventing blocks of the IRC port.
I've got another idea. Download and install IRC server software on the machine you are doing development on. Then you should be able to connect to it from your client without anything blocking the port. (And if you still run into port problems, just configure the client and server use a different one.)
Alternatively, look at the answers to this SO question: Simple SSH Tunnel in Java
There's a couple of SSH libraries for Java present on the market and most of them support SSH tunneling. We offer SecureBlackbox product (Java edition) which has samples (including tunneling), documentation and support.
Ganymed and Jsch both support SSH tunnelling, and both are free.