2

I would like to make HTTP requests over SSH tunnels using Twisted. I have seen examples of using Twisted to set up SSH local port forwarding, but that's not what I am after.

Instead, it seems to me it should be possible using Twisted to wrap the HTTP traffic inside SSH tunnel directly - ie. without having to set up Twisted to listen on a local port for forwarding traffic.

I've checked how Twisted Conch command-line script does the local port forwarding, in conch.ssh.forwarding. Should that be somehow integrated with a HTTP client? Or, on the other hand, I've read that SSHChannel supports twisted.internet.interfaces.ITransport interface, so it could be given to Protocols to run them over the secure connection? Then there's the new-ish endpoints API in Twisted: I wonder if an endpoint for tunneling traffic from the ssh server onwards would make sense?

Or something else?

Petri
  • 4,796
  • 2
  • 22
  • 31

1 Answers1

2

I wonder if an endpoint for tunneling traffic from the ssh server onwards would make sense?

It would make a lot of sense.

There is an endpoint that connects a protocol to the stdio of a command running remotely using Conch - twisted.conch.endpoints.SSHCommandClientEndpoint. And development has started (but stalled, it seems) on an endpoint for connecting a protocol to a remote subsystem (eg sftp) using Conch. An endpoint for connecting to a remote address over a tunneled connection using Conch would make a great addition.

The branch which begins to implement SSHSubsystemClientEndpoint might be a useful thing to look at to get an idea of what is involved in writing this new endpoint. There may also be useful refactorings started in that branch that make it easier to add new endpoints like this (since the branch adds exactly the 2nd conch endpoint and probably had to do some work to make some code from the 1st conch endpoint more easily re-usable).

Jean-Paul Calderone
  • 47,755
  • 6
  • 94
  • 122