Securing qconn

By default, the traffic sent to qconn is unencrypted which leaves it vulnerable to interception. You can encrypt this traffic by tunnelling it through ssh. This will ensure that the traffic sent to qconn is secure.

To implement this security feature:

Configuring a connection on the target

To Configure a connection on the target:

  1. On the target, run sshd.
  2. Run qconn with the -l option.

    The -l option tells qconn to run in local mode, which means that it won't accept outside connections.

Configuring a connection on the host

To configure a connection on the host:

  1. Run the following command:
    ssh root@target_host -N -L 9000:localhost:8000 

    where:

    • -N — instructs ssh to not run a shell.
    • -L <local_port>:localhost:<target_port> — <local_port> is the host port used for tunneling purposes, which has to be "localhost" or 127.0.0.1, and <target_port> is the port where qconn is running, usually 8000.
  2. In the IDE, instead of specifying a target IP port in the target configuration, specify the local IP/port, such as: localhost:9000.

    That would open a connection redirection from this host to target, you will be prompted for either a password, pass phrase or nothing if the target knows your machine public key. Your connection will now be encrypted.