Menu
I have a remote Linux box running a Redis server listening on an open port. I would like to encrypt the traffic, but Redis doesn't support SSH. The suggested solution is to use a SSH tunnel, but I haven't much experience with that.
I tried to connect a RedisClient (ServiceStack.Redis) object to a local port that is forwarded through an SSH (SSH.NET) tunnel to the remote linux box:
static void Main(string[] args)
{
using (var client = new SshClient("example.org", "sshuser", "sshpassword"))
{
client.Connect();
var port = new ForwardedPortLocal("localhost", 1234, " example.org ", 1234);
client.AddForwardedPort(port);
port.Exception += (sender, e) => Console.WriteLine(e.Exception.ToString());
port.Start();
using (var redisClient = new RedisClient("localhost", 1234, "redispassword"))
{
var values = redisClient.As<string>();
const string dansFord = "Dan's Ford Mustang";
values.Store(dansFord);
Console.WriteLine("Redis has " + values.GetAll().Count + " entries");
values.GetAll().ToList().ForEach(Console.WriteLine);
}
Console.ReadLine();
port.Stop();
client.Disconnect();
}
}
This doesn't work since the RedisClient can't connect to the non-existant server on localhost and the forwarding doesn't seem to work. My questions are:
I can't apply any OS level tweaks so the solution should be purely .NET up to 4.5.1. The solution posted here requires a commercial library while I have to rely on free ones.
Thanks!
672
In-transit encryption is optional and can only be enabled on Redis replication groups when they are created. You enable in-transit encryption on a replication group by setting the parameter TransitEncryptionEnabled to true (CLI: --transit-encryption-enabled ) when you create the replication group.
By default, Redis uses mutual TLS and requires clients to authenticate with a valid certificate (authenticated against trusted root CAs specified by ca-cert-file or ca-cert-dir ). You may use tls-auth-clients no to disable client authentication.
Redis Check Protected Mode You can do this using the config command. In this case, the protected mode is disabled. Change the value of protected mode to your desired value. Once the configuration is set, restart the Redis server to apply the changes.
Answers:
By the way, your code works after a few changes.
Using localhost might cause problems because localhost can resolve to an IPv6 address which might not be supported by the port forwarding..?
var port = new ForwardedPortLocal("127.0.0.1", 42421, "127.0.0.1", 6379);
42421 is a port on your local computer. It must be available. All traffic sent to this port will be forwarded.
6379 is the port on your remote server where redis server is listening.
var redisClient = new RedisClient("127.0.0.1", 42421)
42421 is the same port that you used above for the forwarding.
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
