Search code examples
javasshrmiputty

Java RMI using Tunnelling - an exception

This question became very long as we went through debugging steps. I will leave those for any future users who have problems with this, but a short version is here:

Short version

Using putty, instead of using "Dynamic" which means that it uses SOCKS, you should use "local" to connect to the SSH server.

See here: https://serverfault.com/questions/272754/what-is-the-difference-between-local-remote-dynamic-ssh-tunneling

Changing this fixed the exception which was:

    java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    java.io.EOFException
    at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
    at sun.rmi.server.UnicastRef.newCall(Unknown Source)
    at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
    at java.rmi.Naming.lookup(Unknown Source)
    at TMAClient.main(Client.java:22)
Caused by: java.io.EOFException

The second problem was that objects were not using the correct port for exporting. This needed changing to use super(1099) in the constructors for objects which extended UnicastRemoteObject.

Long version

I seem to be very close to getting my client speaking with my server by using an SSH tunnel and RMI, but I am getting an exception and i'm not sure why.

Both server and client are using JRE 8, and have a security.policy which grants all permissions (for now). I have tested the server and client when running on the same machine, this works. However, I am now trying to use an SSH tunel to get around a firewall problem.

On the VM which the server runs on, FreeSSHd is installed with port forwarding allowed. On the machine which has the client, I have set up putty with the following settings:

Host: Port: 23 (this is set up properly on the router to port forward etc).

Connection/SSH/Tunnels: Source port: 1099 Destination port: 1099 Dynamic Auto

When I call Naming.lookup() method on the client side, I get this exception:

java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    java.io.EOFException
    at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
    at sun.rmi.server.UnicastRef.newCall(Unknown Source)
    at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
    at java.rmi.Naming.lookup(Unknown Source)
    at TMAClient.main(Client.java:22)
Caused by: java.io.EOFException
    at java.io.DataInputStream.readByte(Unknown Source)
    ... 6 more
HelloClient exception: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    java.io.EOFException

The code on the client is like this:

System.setSecurityManager(new RMISecurityManager());
Naming.lookup("rmi://localhost/" + AUTH_OBJECT_BINDING);

I think this is probably because of some mistake in the settings in putty, but I am having problems diagnosing what is causing this. I have also tried with a source port of 1098 and destination of 1099, and changing the client to use localhost:1098 but this didn't work.

I know that if I change the port in the naming lookup to something other than 1099 or 1098 (depending how putty is set up), I get a connection refused exception. This suggests that it is connecting, but something is going wrong.

Any help is much appreciated.

After adding the VM arguments in the comments as suggested by EJP, I see this when starting up, but i'm not yet sure if this is important:

Jul 10, 2014 9:07:42 AM sun.rmi.server.UnicastServerRef logCall
FINER: RMI TCP Connection(1)-127.0.0.1: [127.0.0.1: sun.rmi.registry.RegistryImpl[0:0:0, 0]: void rebind(java.lang.String, java.rmi.Remote)]
Jul 10, 2014 9:07:42 AM sun.rmi.server.UnicastServerRef logCall
FINER: RMI TCP Connection(2)-127.0.0.1: [127.0.0.1: sun.rmi.transport.DGCImpl[0:0:0, 2]: java.rmi.dgc.Lease dirty(java.rmi.server.ObjID[], long, java.rmi.dgc.Lease)

putty tunnel config connection freeSSH - server side

Note - I have tried this with and without the forward/bind only to localhost settings. enter image description here connected

Solution

  • You don't need a security manager at the client unless the server is using the codebase feature.

    Run the server JVM with

    -Djava.rmi.server.logCalls=true

    and

    -Dsun.rmi.server.exceptionTrace=true

    so you can see whether you're even connecting to it. See this page for more things to set: the TCP transport logging could also be useful. Any exceptions of interest, post them here.

    Your SSH tunnel isn't set up right yet. Can you post a screenshot of your PUTTY tunnel config screen? NB you can't run it all on a single host, contrary to @ElliotFrisch's apparent suggestion above. You can't have both SSH and RMI listening at he same port in two different processes.

    The PUTTY tunnel should listen locally at port 1099 and forward to remote port 1099. I can't see that from what you posted.