Securing qconn

By default, the traffic sent to qconn is unencrypted and thus, vulnerable to interception. You can encrypt this traffic by tunnelling it through ssh, which ensures that the traffic is secure.

To implement this security feature:

Configuring an SSH connection on the target

To configure a connection on the target:
  1. On the target, run sshd.
  2. Run qconn with the -l option.

    The -l option tells qconn to run in local mode, which means that it will accept connections only from the local host.

Configuring an SSH connection on the host

To configure a connection on the host:
  1. Run the following command:
    ssh root@target_host -N -L 9000:localhost:8000
    • -N instructs ssh to not run a shell.
    • -L local_port:localhost:target_port specifies the local (host machine) port used for tunnelling (e.g., 9000), followed by the keyword localhost (alternatively, you could use the address, then the target port where qconn is running (e.g., 8000).
  2. In the IDE, instead of specifying the target's IP address and port in the target configuration, you must specify the local IP port used for SSH tunneling, such as: localhost:9000.

    This opens a connection redirection from the host to the target, in which you will be prompted for a password, passphrase, or nothing if the target recognizes your host's public key. Your connection will now be encrypted.