[JSch-users] Local port forwarding to use remote servlet is very slow on first connection.

Thu, 24 May 2012 09:03:12 -0700 

Hello,


I've been using JSch for a project that needs to interrogate a servlet on a
remote server trough a ssh tunnel (local port forwarding).

It worked fine with one of the servers I use but as I'm trying to use my
program with another server, it is now very slow. To illustrate what I'm
observing, here's a small piece of code I'm using for testing purpose on
the client side:

    public boolean fun(String param) {
        GenericSSHDownloader downloader = getGenericSSHDownloader();

        if (!downloader.isConnected())
            return false;

        while (true) {
            boolean hadTunnelOpen = true;

            int port = -1;
            if (!downloader.hasForwarding(getName() + ":forwarding")) {
                port = downloader.getFreePort();

                hadTunnelOpen = false;
            } else {
                port = downloader.getForwardingPort(getName() +
":forwarding");
            }

            System.out.println("port: " + port);

            if (port == -1) {
                Logger.logger().log("Could not find free local port",
LogLevel.ERROR);
                return false;
            }

            if (!downloader.openTunnel(getName() + ":forwarding", port,
"localhost", getRemotePort())) {
                Logger.logger().log("Could not open tunnel",
LogLevel.ERROR);
                return false;
            }

            String returnMessage = "";

            URL url = null;
            try {
                url = new URL("http://localhost:"; + port +
"/action.do?param=" + param);
            } catch (MalformedURLException e) {
                Logger.logger().log("Message Digest: malformed URL: " +
e.getMessage(), LogLevel.ERROR);
                downloader.closeTunnel(getName() + ":forwarding");
                return false;
            }
            URLConnection conn = null;
            try {
                conn = url.openConnection();

                conn.connect();
            } catch (IOException e) {
                Logger.logger().log("Message Digest: IO exception on open
connection: " + e.getMessage(), LogLevel.ERROR);
                e.printStackTrace();
                downloader.closeTunnel(getName() + ":forwarding");
                return false;
            }

            System.out.println("SET TIMEOUT TO 15000 " + (new
DateTime()).toLocalTime());
            conn.setReadTimeout(15000);

            try {
                BufferedReader in = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
                String inputLine;

                while ((inputLine = in.readLine()) != null)
                    returnMessage += inputLine;
                in.close();
            } catch (IOException e) {
                Logger.logger().log("Message Digest: IO error on read input
stream: " + e.getMessage(), LogLevel.ERROR);
                e.printStackTrace();
                downloader.closeTunnel(getName() + ":forwarding");
                return false;
            }

            if (!hadTunnelOpen)
                downloader.closeTunnel(getName() + ":forwarding");

            System.out.println("GOT TOKEN " + (new
DateTime()).toLocalTime());
        }
    }

Before calling the function, no tunnel is opened (hadTunnelOpen is false)
so my code opens one, does its job and closes it at the end of each loop.
Doing so, between each execution of the loop, 10 seconds pass (not
acceptable of course).
The code hangs just after "SET TIMEOUT TO 15000" on the line where I try to
get an InputStream.

However, if open a tunnel before, the function detects it (hadTunnelOpen is
true) and thus neither opens it at the beginning of the loop nor closes it
between each loop. During the first loop, it again takes 10 seconds to open
an input stream but after that it goes very fast as shown below (along with
the complete Logger output since the program startup).

Is there something I am doing wrong?


Thanks in advance for your answers.


Best regards,



Maximilien Renard


1: Connecting to xxxx.xx port 10004
1: Connection established
1: Remote version string: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
1: Local version string: SSH-2.0-JSCH-0.1.46
1: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
1: aes256-ctr is not available.
1: aes192-ctr is not available.
1: aes256-cbc is not available.
1: aes192-cbc is not available.
1: arcfour256 is not available.
1: CheckKexes: diffie-hellman-group14-sha1
1: diffie-hellman-group14-sha1 is not available.
1: SSH_MSG_KEXINIT sent
1: Connecting to xxxx.xx port 10004
1: SSH_MSG_KEXINIT received
1: kex: server->client aes128-ctr hmac-md5 none
1: kex: client->server aes128-ctr hmac-md5 none
1: SSH_MSG_KEXDH_INIT sent
1: expecting SSH_MSG_KEXDH_REPLY
1: Connection established
1: Remote version string: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
1: Local version string: SSH-2.0-JSCH-0.1.46
1: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
1: aes256-ctr is not available.
1: aes192-ctr is not available.
1: aes256-cbc is not available.
1: aes192-cbc is not available.
1: arcfour256 is not available.
1: CheckKexes: diffie-hellman-group14-sha1
1: diffie-hellman-group14-sha1 is not available.
1: SSH_MSG_KEXINIT sent
1: ssh_rsa_verify: signature true
2: Permanently added 'xxxx.xx' (RSA) to the list of known hosts.
1: SSH_MSG_NEWKEYS sent
1: SSH_MSG_NEWKEYS received
1: SSH_MSG_SERVICE_REQUEST sent
1: SSH_MSG_KEXINIT received
1: kex: server->client aes128-ctr hmac-md5 none
1: kex: client->server aes128-ctr hmac-md5 none
1: SSH_MSG_KEXDH_INIT sent
1: expecting SSH_MSG_KEXDH_REPLY
1: SSH_MSG_SERVICE_ACCEPT received
1: Authentications that can continue: publickey
1: Next authentication method: publickey
1: ssh_rsa_verify: signature true
1: Host 'xxxx.xx' is known and mathces the RSA host key
1: SSH_MSG_NEWKEYS sent
1: SSH_MSG_NEWKEYS received
1: SSH_MSG_SERVICE_REQUEST sent
1: SSH_MSG_SERVICE_ACCEPT received
1: Authentications that can continue: publickey
1: Next authentication method: publickey
1: Authentication succeeded (publickey).
1: Authentication succeeded (publickey).
port: 13334
SET TIMEOUT TO 15000 17:49:24.180
GOT TOKEN 17:49:34.312
port: 13334
SET TIMEOUT TO 15000 17:49:34.319
GOT TOKEN 17:49:34.377
port: 13334
SET TIMEOUT TO 15000 17:49:34.383
GOT TOKEN 17:49:34.440
port: 13334
SET TIMEOUT TO 15000 17:49:34.445
GOT TOKEN 17:49:34.502
port: 13334
SET TIMEOUT TO 15000 17:49:34.508
GOT TOKEN 17:49:34.567
port: 13334
SET TIMEOUT TO 15000 17:49:34.573
GOT TOKEN 17:49:34.632
port: 13334
SET TIMEOUT TO 15000 17:49:34.634
GOT TOKEN 17:49:34.692
port: 13334
SET TIMEOUT TO 15000 17:49:34.694
GOT TOKEN 17:49:34.751
port: 13334
SET TIMEOUT TO 15000 17:49:34.757
GOT TOKEN 17:49:34.826
port: 13334
SET TIMEOUT TO 15000 17:49:34.831
GOT TOKEN 17:49:34.893
port: 13334
SET TIMEOUT TO 15000 17:49:34.898
GOT TOKEN 17:49:34.956
port: 13334
SET TIMEOUT TO 15000 17:49:34.963
GOT TOKEN 17:49:35.018
port: 13334
SET TIMEOUT TO 15000 17:49:35.020
GOT TOKEN 17:49:35.079
port: 13334
SET TIMEOUT TO 15000 17:49:35.085
GOT TOKEN 17:49:35.146
port: 13334
SET TIMEOUT TO 15000 17:49:35.152
GOT TOKEN 17:49:35.213
port: 13334
SET TIMEOUT TO 15000 17:49:35.216
GOT TOKEN 17:49:35.273
port: 13334
SET TIMEOUT TO 15000 17:49:35.279

-- 
Ir Maximilien Renard

m...@euromedim.com
m...@kisanogroup.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to