By default, the traffic sent to qconn is unencrypted, which leaves it vulnerable to interception.
You can encrypt this traffic by tunnelling it through ssh, which ensures that the traffic is secure.
To implement this security feature:
To configure a secure connection between the host and target:
-
On the target, run sshd.
-
Start the qconn agent on the target, while specifying that it should accept connections only from
the local host:
qconn bind=127.0.0.1
-
On the host, establish an SSH tunnel by running ssh with the proper
options:
ssh qnxuser@target_host -N -L local_port:localhost:target_port
where:
- -N instructs ssh to not run a shell.
- -L local_port:localhost:target_port specifies the
local (host machine) port used for tunnelling (e.g., 9000), followed by the keyword localhost
(alternatively, you could use the address 127.0.0.1), then the target port where
qconn is running (usually 8000).
Note: Depending on the SSH client program (e.g., PuTTY), you might have to manually specify the local and remote ports
through UI fields instead of running the above command.
-
When creating a target connection in the IDE, instead of specifying the target's IP address and port,
you must specify the local IP port used for SSH tunnelling, as seen here:
This setting makes the IDE connect to the target through the established SSH tunnel.
The SSH service will forward all traffic from the local port to the target port.