Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using Redis over secured connection

Tags:

c#

.net

ssh

redis

ssh-tunnel

I have a remote Linux box running a Redis server listening on an open port. I would like to encrypt the traffic, but Redis doesn't support SSH. The suggested solution is to use a SSH tunnel, but I haven't much experience with that.

I tried to connect a RedisClient (ServiceStack.Redis) object to a local port that is forwarded through an SSH (SSH.NET) tunnel to the remote linux box:

static void Main(string[] args)
    {
        using (var client = new SshClient("example.org", "sshuser", "sshpassword"))
        {
            client.Connect();
            var port = new ForwardedPortLocal("localhost", 1234, " example.org ", 1234);
            client.AddForwardedPort(port);
            port.Exception += (sender, e) => Console.WriteLine(e.Exception.ToString());
            port.Start();
            using (var redisClient = new RedisClient("localhost", 1234, "redispassword"))
            {
                var values = redisClient.As<string>();
                const string dansFord = "Dan's Ford Mustang";
                values.Store(dansFord);
                Console.WriteLine("Redis has " + values.GetAll().Count + " entries");
                values.GetAll().ToList().ForEach(Console.WriteLine); 
            }
            Console.ReadLine();
            port.Stop();
            client.Disconnect();
        }
    }

This doesn't work since the RedisClient can't connect to the non-existant server on localhost and the forwarding doesn't seem to work. My questions are:

  1. Is it possible to use the SSH tunnel of SSH.NET for the RedisClient?
  2. Am I just using the SshClient wrong?
  3. Is there an easier way to accomplish an encrypted connection to a remote Redis server?

I can't apply any OS level tweaks so the solution should be purely .NET up to 4.5.1. The solution posted here requires a commercial library while I have to rely on free ones.

Thanks!

like image 672
marce Avatar asked Jan 09 '14 20:01

marce

People also ask

Is Redis connection encrypted?

In-transit encryption is optional and can only be enabled on Redis replication groups when they are created. You enable in-transit encryption on a replication group by setting the parameter TransitEncryptionEnabled to true (CLI: --transit-encryption-enabled ) when you create the replication group.

Should I use TLS for Redis?

By default, Redis uses mutual TLS and requires clients to authenticate with a valid certificate (authenticated against trusted root CAs specified by ca-cert-file or ca-cert-dir ). You may use tls-auth-clients no to disable client authentication.

How do I run Redis in protected mode?

Redis Check Protected Mode You can do this using the config command. In this case, the protected mode is disabled. Change the value of protected mode to your desired value. Once the configuration is set, restart the Redis server to apply the changes.

1 Answers

Answers:

  1. Is it possible to use the SSH tunnel of SSH.NET for the RedisClient? Yes
  2. Am I just using the SshClient wrong? Yes
  3. Is there an easier way to accomplish an encrypted connection to a remote Redis server? I don't think so. Redis suggests using an SSL proxy but that seems more complicated

By the way, your code works after a few changes.

  • used "127.0.0.1" instead of "localhost".

Using localhost might cause problems because localhost can resolve to an IPv6 address which might not be supported by the port forwarding..?

  • the port forwarding should be setup like this:

var port = new ForwardedPortLocal("127.0.0.1", 42421, "127.0.0.1", 6379);

42421 is a port on your local computer. It must be available. All traffic sent to this port will be forwarded.

6379 is the port on your remote server where redis server is listening.

  • when connecting with the redis client, use the IPv4 address:

var redisClient = new RedisClient("127.0.0.1", 42421)

42421 is the same port that you used above for the forwarding.

like image 72
Chris Avatar answered Oct 04 '22 12:10

Chris
Sign in to Comment

Related questions

Replace Unicode (Tamil) string using Regular Expression C#
Parameter validation, or let it fail?
JSON.NET serialization if override ToString
Using Default Parameter in Stored Procedure call
"layout renderer failed" error in xamarin
Is there still any development on SIMD in Mono?
Entity Framework - Affect of MultipleActiveResultSets on Caching
How to use SQLite on new Windows 8.1 Store app (Visual Studio 2013)
System.Xml.XmlException - Root element is missing
save a JPEG in progressive format [closed]
Roles.GetRolesForUser throws exception Object reference not set to an instance of an object
Hash integer array
PetaPoco - setting transaction isolation level
Sitecore Solr remove versions from index
SelectMany Anonymous Type and Skip Iterations
Can I "prime" the CLR GC to expect profligate memory use?
Push a stack onto another stack
How can I filter by nested properties in OData?
Connecting to a remote shared folder results in "multiple connections not allowed" error, but trying to disconnect causes "connection does not exist"
Using a custom SynchronizationContext to serialize execution when using async/await

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!