By default, the traffic sent to qconn is unencrypted and thus, vulnerable to interception.
You can encrypt this traffic by tunnelling it through ssh, which ensures that the traffic is secure.
To implement this security feature:
- The target has to have sshd installed and configured with either password authentication or public key
authentication for the root user.
- The host has to have an ssh client.
Configuring an SSH connection on the target
To configure a connection on the target:
- On the target, run sshd.
- Run qconn with the -l option.
The -l option tells qconn to run in local mode, which means that it will accept
connections only from the local host.
Configuring an SSH connection on the host
To configure a connection on the host:
- Run the following command:
ssh root@target_host -N -L 9000:localhost:8000
where:
- -N instructs ssh to not run a shell.
- -L local_port:localhost:target_port specifies the local (host machine)
port used for tunnelling (e.g., 9000), followed by the keyword localhost (alternatively, you
could use the address 127.0.0.1), then the target port where qconn is running (e.g., 8000).
- In the IDE, instead of specifying the target's IP address and port in the target
configuration, you must specify the local IP port used for SSH tunneling, such as: localhost:9000.
This opens a connection redirection from the host to the target, in which you will be prompted for a password,
passphrase, or nothing if the target recognizes your host's public key. Your connection will now be encrypted.