I have several remote Linux "boxes" collecting sensor data that I occasionally need to SSH into for troubleshooting, etc. The problem is that all of these boxes are behind firewalls as is expected so it's impossible to SSH or SCP into the boxes without having the network administrator open Port 22 inbound to each box at each location. Of course I have never found a network administrator willing to do that for obvious reasons. I know that there are solutions out there but they all seem overly complicated to me and most are unreliable. This solution can be used stand-alone, or the code can easily be integrated into your B4J application to allow remote access to the host computer.
So this B4J Application allows me to transparently access my Linux boxes using standard Windows applications such as PUTTY and WINSCP so I can have access to a remote terminal and transfer files as if I were connecting directly to the box.
The program is basically a TCP "proxy" server. But it uses a MQTT tunnel at both ends for communications. No inbound ports need to be opened at the remote location. In most cases outbound connections to all ports are open so there should be no issues accessing the MQTT server.
Steps to Accomplish remote access.
1. Compile the program into a JAR file. I use Java8. Have not tried it with other Java versions. But I see no reason why it would not work.
2. Copy the mqttproxy.JAR and mqttproxy.CFG files to the remote computer and also copy it to the local computer that has the programs that you generally use for remote SSH and SCP access such as PUTTY and WINSCP.
3. On the remote computer edit the mqttproxy.cfg file:
dest_IP=localhost
dest_port=22
local_port=2222 # <- Not relevant
mqtt_server=mqtt.xyz.com:1883 # <- The mqtt server you will be using
mqtt_username=user # <- your mqtt username
mqtt_password=pass # <- your mqtt password
mqtt_topic=mqttproxy/ABC/ # <- mqtt root topic (suggest leaving it the same initially)
mqtt_qos=0
program_mode=remote # <- IMPORTANT!!
4. On the local computer edit the mqttproxy.cfg file:
dest_IP=localhost # <- Not relevant
dest_port=22 # <- Not relevant
local_port=2222 # <- This is the port you will be connecting to
mqtt_server=mqtt.xyz.com:1883 # <- The mqtt server you will be using
mqtt_username=user # <- your mqtt username
mqtt_password=pass # <- your mqtt password
mqtt_topic=mqttproxy/ABC/ # <- mqtt root topic (suggest leaving it the same initially)
mqtt_qos=0
program_mode=local # <- IMPORTANT!!
5. Run PUTTY or WINSCP on the local computer
You will connect to "localhost" Port 2222
This is a "proxy" to "localhost" Port 22 (SSH/SCP) on the remote computer. Communications will take place with the MQTT server acting as a "tunnel".
Notes:
* As mentioned above I have tested it with the JAR complied with Oracle Java 8, but it should would with any Java JDK.
* I am using my own MQTT server hosted on a VPS. Have not tested it on any of the "free" MQTT servers out there. It does generate a lot of traffic so there may be issues with the free ones. If anyone has success with the free servers I would love to know. [edit - Aug 31, 2024 - It does work well with the public Mosquitto Test server - See Post# 19 below]
* I set the MQTT QOS to 0 which appears to be the fastest. This application needs a responsive mqtt server.
* The MQTT topic is the "root" topic. If you look at the code you will see that sub-topics are appended to it for each end of the connection. If you have multiple remote computers, you can identify each one by this root topic. In my example "ABC" identifies the remote computer.
* This version only allows ONE connection at a time. So for example, you cannot open a PUTTY and WINSCP session at the same time. Should be easy to overcome, but I did not have a need for it so I did not pursue it. Maybe someone else can add that feature.
* The program is not limited to just remote access. You can use it as a proxy tunnel for any two TCP connections behind firewalls without having to open inbound ports.
Hope you find it useful.
Enjoy!
Update - 2024-06-24
V1.1 - Revised ConnectToServer() so that it returns after making the connection. This reduces the possibility of multiple instances of the function running when connections are made.
Fixed "incoming packet was garbled" error when SSH connection is first made.
So this B4J Application allows me to transparently access my Linux boxes using standard Windows applications such as PUTTY and WINSCP so I can have access to a remote terminal and transfer files as if I were connecting directly to the box.
The program is basically a TCP "proxy" server. But it uses a MQTT tunnel at both ends for communications. No inbound ports need to be opened at the remote location. In most cases outbound connections to all ports are open so there should be no issues accessing the MQTT server.
Steps to Accomplish remote access.
1. Compile the program into a JAR file. I use Java8. Have not tried it with other Java versions. But I see no reason why it would not work.
2. Copy the mqttproxy.JAR and mqttproxy.CFG files to the remote computer and also copy it to the local computer that has the programs that you generally use for remote SSH and SCP access such as PUTTY and WINSCP.
3. On the remote computer edit the mqttproxy.cfg file:
dest_IP=localhost
dest_port=22
local_port=2222 # <- Not relevant
mqtt_server=mqtt.xyz.com:1883 # <- The mqtt server you will be using
mqtt_username=user # <- your mqtt username
mqtt_password=pass # <- your mqtt password
mqtt_topic=mqttproxy/ABC/ # <- mqtt root topic (suggest leaving it the same initially)
mqtt_qos=0
program_mode=remote # <- IMPORTANT!!
4. On the local computer edit the mqttproxy.cfg file:
dest_IP=localhost # <- Not relevant
dest_port=22 # <- Not relevant
local_port=2222 # <- This is the port you will be connecting to
mqtt_server=mqtt.xyz.com:1883 # <- The mqtt server you will be using
mqtt_username=user # <- your mqtt username
mqtt_password=pass # <- your mqtt password
mqtt_topic=mqttproxy/ABC/ # <- mqtt root topic (suggest leaving it the same initially)
mqtt_qos=0
program_mode=local # <- IMPORTANT!!
5. Run PUTTY or WINSCP on the local computer
You will connect to "localhost" Port 2222
This is a "proxy" to "localhost" Port 22 (SSH/SCP) on the remote computer. Communications will take place with the MQTT server acting as a "tunnel".
Notes:
* As mentioned above I have tested it with the JAR complied with Oracle Java 8, but it should would with any Java JDK.
* I am using my own MQTT server hosted on a VPS. Have not tested it on any of the "free" MQTT servers out there. It does generate a lot of traffic so there may be issues with the free ones. If anyone has success with the free servers I would love to know. [edit - Aug 31, 2024 - It does work well with the public Mosquitto Test server - See Post# 19 below]
* I set the MQTT QOS to 0 which appears to be the fastest. This application needs a responsive mqtt server.
* The MQTT topic is the "root" topic. If you look at the code you will see that sub-topics are appended to it for each end of the connection. If you have multiple remote computers, you can identify each one by this root topic. In my example "ABC" identifies the remote computer.
* This version only allows ONE connection at a time. So for example, you cannot open a PUTTY and WINSCP session at the same time. Should be easy to overcome, but I did not have a need for it so I did not pursue it. Maybe someone else can add that feature.
* The program is not limited to just remote access. You can use it as a proxy tunnel for any two TCP connections behind firewalls without having to open inbound ports.
Hope you find it useful.
Enjoy!
Update - 2024-06-24
V1.1 - Revised ConnectToServer() so that it returns after making the connection. This reduces the possibility of multiple instances of the function running when connections are made.
Fixed "incoming packet was garbled" error when SSH connection is first made.
Attachments
Last edited: