Difference between revisions of "SSH Tunnel Utility"

From HSYCO
Jump to navigation Jump to search
Line 1: Line 1:
 
[[Category:Manager]]
 
[[Category:Manager]]
 
[[File:Manager SSH Tunnel Utility Icon.png|class=appIcon]]
 
[[File:Manager SSH Tunnel Utility Icon.png|class=appIcon]]
The SSH Tunnel Utility is an application that allows you to easily setup repetitive polling read requests and monitor the performance and status of each request.
+
The SSH Tunnel Utility allows to create secure reverse SSH-based connection tunnels to a remote SSH server (hub). Up to three concurrent tunnels can be established, one for local SSH console access, one for the HTTPS Web server connections and one additional (AUX) tunnel to any local service network port like, for example, the Modbus TCP Gateway server.
  
Each read request is defined with a repeat interval in seconds. The Modbus Utility internal scheduler will try to repeat the execution of each request as close as possible to the preset interval. It will also sequence all requests to the same Modbus I/O server so they never overlap.
+
[[File:SSHTunnelUtility1.png|border|600px|center|SSH Tunnel Utility]]
  
You can optionally assign a variable to each request for conditional execution. If a variable is defined, it has to exist and have value “1” to activate the request polling. Requests that are not active are highlighted in grey.
 
  
The optional "Error Tolerance" parameter is used to set the number of consecutive errors accepted before the Modbus error data point is set to report an error condition. The default is zero, so that even a single error will set the error data point. For example, setting the error tolerance to two means that up to two consecutive errors will be tolerated, and only the third consecutive error will set the error data point.
+
A tunnel is configured by setting the local TCP port of a network server, and the remote TCP port for the tunnel on the remote SSH server. Connecting to the TCP port associated to a tunnel on the remote server will route the connection and all established traffic, through the tunnel, to the local TCP port defined in the tunnel configuration.
  
The optional "Error Skip Interval" defines for how long the Modbus Utility should stop executing a Modbus request if an error occurs.
+
Thanks to the SSH tunnels, a local HSYCO Server that lacks inbound connectivity, could still be accessed via a remote and accessible SSH server configured as a tunnel end-point.
  
 +
The tunnel configuration parameters can be modified only when tunneling is not enabled.
  
[[File:SSHTunnelUtility1.png|border|600px|center|SSH Tunnel Utility]]
+
The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).
  
 +
In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.
  
The Modbus Utility tracks the actual repeat interval and compares it with the defined interval. If the difference is more than 25% from the target value, the request is marked as “slow” and highlighted in yellow. The difference between defined and actual interval is reported in the “delta” field.  
+
If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.
  
Requests that return errors are also tracked and highlighted in red.
+
Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.
  
The minimum and maximum response time is also tracked for each request, and displayed in the “min. time” and “max. time” fields in the requests list.
 
  
You can reset the status, delta, minimum and maximum time using the “refresh” button.
+
The configuration API
  
You can use filters to only show a subset of requests in the user interface. Entering a text in the search field will only show requests having a data point name that contains the search text. You can also filter by status, selecting slow, skipped, errors, or successful requests.
+
The SSH Tunnel Utility can be dynamically configured, and the tunnel service enabled and disabled, with USER calls in ENVENTS and the user() command in Java or JavaScript.
  
{{note|Note that filters act globally, so if you set a filter all other users will also share the same view of the filtered list. Also note that, to reduce performance overhead, the status and performance data in the list of requests stops being updated after about 60 seconds of inactivity. This is also shared by all users. The refresh of requests’ data has no effect on the actual request scheduler, that runs independently and is never interrupted.}}
+
In the following EVENTS example, the tunnel is enabled at 08:00 and disabled at 18:00.
  
The Modbus Utility configuration is stored in a human readable file named modbus-scheduler.ini and located in HSYCO’s main directory. If you manually edit this file, it will be automatically reloaded within a few seconds after it is saved. In a high availability setup, the Modbus Utility is also automatically mirrored from the master to the slave server.
+
TIME 0800 : USER sshtunnel.enable = true
 +
TIME 1800 : USER sshtunnel.enable = false

Revision as of 16:57, 14 October 2020

Manager SSH Tunnel Utility Icon.png The SSH Tunnel Utility allows to create secure reverse SSH-based connection tunnels to a remote SSH server (hub). Up to three concurrent tunnels can be established, one for local SSH console access, one for the HTTPS Web server connections and one additional (AUX) tunnel to any local service network port like, for example, the Modbus TCP Gateway server.

SSH Tunnel Utility


A tunnel is configured by setting the local TCP port of a network server, and the remote TCP port for the tunnel on the remote SSH server. Connecting to the TCP port associated to a tunnel on the remote server will route the connection and all established traffic, through the tunnel, to the local TCP port defined in the tunnel configuration.

Thanks to the SSH tunnels, a local HSYCO Server that lacks inbound connectivity, could still be accessed via a remote and accessible SSH server configured as a tunnel end-point.

The tunnel configuration parameters can be modified only when tunneling is not enabled.

The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).

In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.

If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.

Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.


The configuration API

The SSH Tunnel Utility can be dynamically configured, and the tunnel service enabled and disabled, with USER calls in ENVENTS and the user() command in Java or JavaScript.

In the following EVENTS example, the tunnel is enabled at 08:00 and disabled at 18:00.

TIME 0800 : USER sshtunnel.enable = true
TIME 1800 : USER sshtunnel.enable = false