The communications via unsecure network is a part of inter process communication (IPC). Various concepts are discussed on this website.
To illustrate the mechanisms, two programs are used as examples below.
The programm client.sh
sends a request to the programm server.sh
. The server
responds to the request.
Multiple requests and DDoS defense must be necessary.
The following table gives an overview:
A score is used for evaluation:
technology | Score | ENC | SCH | INI | EOC | FRE | MCO | DDD |
---|---|---|---|---|---|---|---|---|
TEC: apache+php+bash | 5.00 | 5 | 5 | 5 | 5 | 5 | 5 | 5 |
TEC: mini_httpd+cgi+bash | 4.71 | 3 | 5 | 5 | 5 | 5 | 5 | 5 |
TEC: tcpserver+nc+gpg | 4.71 | 3 | 5 | 5 | 5 | 5 | 5 | 5 |
TEC: tcpserver+nc | 4.28 | 0 | 5 | 5 | 5 | 5 | 5 | 5 |
TEC: stunnel | 4.14 | 5 | 5 | 3 | 5 | 5 | 3 | 3 |
TEC: opessl | 4.14 | 5 | 5 | 4 | 5 | 5 | 0 | 5 |
TEC: ncat | 4.00 | 5 | 5 | 5 | 5 | 3 | 5 | 0 |
TEC: tinysshd | 3.85 | 5 | 3 | 5 | 3 | 3 | 5 | 3 |
TEC: mosquitto | 3.57 | 5 | 0 | 3 | 5 | 5 | 5 | 2 |
TEC: socat | 2.71 | 5 | 5 | 4 | 0 | 0 | 0 | 5 |
The score calculation:
The server starts via:
tcpserver -c 1 -t 1 -l127.0.0.1 -H -R -v 0 12345 ./server
The client starts via:
nc -q 1 127.0.0.1 12345
The blockdiagramm locks like the following set
___________ _____________________ | | | | | client.sh | <>---<> | tcpserver server.sh | |___________| |_____________________|
A client request can be handeld:
respond=`echo 'request' | nc -q1 <host> <port>`
If the program server.sh
has been changed, it will be available at the next call from client.sh
.
openssl s_client -quiet -verify 0 -cert cert.pem -key key.pem -connect localhost:port
The idea is to use a own script instead of a terminal.
A server must be installed centrally. Subscribers and publishers connect to this server.
_______________________ _______________________ | | | | +---> | sub | client.sh | pub | >---> mosquittio-server >---> | sub | server.sh | pub | >---+ | |_______________________| |_______________________| | | | +-----------------------------------< mosquittio-server <-----------------------------------+
The tool ncat from the nmap
package use ssl as option. A server like tcpserver for multiple connections starts with:
socat -d -d -d -d -T30 -t 30 OPENSSL-LISTEN:12345,reuseaddr,pf=ip4,fork,cert=cert.pem,cafile=cert.crt,compress=auto,keepalive,ignoreeof SYSTEM:./server.sh
The client can be started by …
echo 'hello' | socat -T30 -t 30 - OPENSSL:127.0.0.1:12345,cafile=cert.crt,cert=cert.pem,verify=0,pf=ip4,compress=auto,keepalive,ignoreeof
ERROR : The script server.sh
writes every second an anwser line, but the client gets only the first line.