RPort
  • RPort Knowledge Base
  • 👀WHAT IS RPORT
    • Features and benefits of RPort
      • Full feature list
    • Screenshots
    • Release Notes
      • 1.1.2
      • 1.1.0
      • 1.0.5
      • 1.0.4
      • 1.0.3
      • 1.0.2
      • 1.0.1
  • 🚀GETTING STARTED
  • Install the RPort Server
    • Launch RPort in the cloud
    • Install on-premises
    • Install on Vultr
    • Install on Azure
    • Install on AWS EC2
    • Install on Digital Ocean
    • Install on Scaleway
    • Install on Google Compute
    • Install on Hetzner Cloud
    • Install RPort on any virgin cloud VM
    • Change the FQDN of the RPort server
    • Enable two factor authentication
      • Use push on mobile for 2FA
      • Use TOTP
  • Connecting Clients
  • Using the remote access
    • Creating tunnels
      • VNC via browser
      • VNC via VNC® Viewer from RealVNC®
      • RDP via Browser
    • Open SSH from the browser
    • Scp,sftp through a tunnel
  • Renaming and tagging of clients
  • Organize clients with groups
  • Activate the vault
  • Manage users and permissions
  • Video Courses
    • Installation Preparation
    • Install on Prem
    • Install on Cloud
    • Client installation
    • Remote Access
    • Network communication
  • 🗣️ NEED HELP?
    • Troubleshoot common problems
      • RPort Server not starting
      • Restart rport through a tunnel
      • Attributes file path not set
      • Recover lost passwords
      • Client is not connecting
      • Id is already in use
  • 🔦DIGGING DEEPER
    • Using the API
      • Create client credentials
    • RPort Technology Explained
      • RPort Security Model
    • Commands and Scripts
      • Executing commands
      • Executing scripts
      • Tacoscript
    • The scheduler
    • File copy and reception
    • Client Configuration Options
      • Supervision of OS updates
      • Script and command execution
    • Advanced client management
      • Install the RPort client manually
      • Uninstall the RPort client
    • Server Maintenance
      • Monitoring of RPortd
      • Updating RPort
      • Backing up the rport server
      • Renewing certificates
    • FAQ
      • How to use Cloudflare
    • High Availability
    • Install on macOS
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. DIGGING DEEPER

RPort Technology Explained

What happens behind the scenes

PreviousCreate client credentialsNextRPort Security Model

Last updated 1 year ago

Was this helpful?

How does RPort work?

Client-Server that overcomes NAT

RPort is based on a client-server principle. There is a central server. The clients connect to this server. This ensures that the server can always reach its clients, even if they change their IP address or are behind a NAT.

Encryption on application layer over HTTP

Clients establish their connection via HTTP. The use of HTTP proxies is supported. Within the HTTP connection, an SSH connection is established from the client to the server. Thus, the entire communication is encrypted. Proxies must allow HTTP CONNECT. Consequently, encryption happens at the application level and not at the transport level.

The client must know the fingerprint of the server before the connection is established. If the fingerprint does not match the server, the client refuses the connection. This prevents a possible man-in-the-middle attack.

The statically compiled client has all SSH libraries on board. It does not access SSH program files in the operating system.

Don't get confused. The above describes how communication is encrypted via SSH. The tunnels are not limited to use SSH for remote access only. Any protocol can be used. See .

RPort uses the SSH library . Only SSH2 is used with the aes128-ctr, aes192-ctr, aes256-ctr and aes128-gcm@openssh.com.

Authentication is not done with keys, but with username+password+fingerprint. The users determines the password strength.

Control Channel

Once the SSH connection tunnelled through HTTP is established, the client and server establish a so-called control channel based on web sockets. Through this channel, the server can send commands to the client. Whether and how the client passes commands to the operating system or a shell can be specified in great detail in the client configuration. For example, the user can only allow a service to be restarted or updates to be applied. Under Unix, this requires additional Sudo rules. The client has its own unprivileged user and does not run with root privileges.

Tunnelling for remote access from anywhere

If the user wants to access a TCP or UDP port of a client, for example port 22 for SSH or 3389 for the remote desktop, the server instructs the client to establish a reverse tunnel. This also happens via SSH through HTTP. This makes local ports of the clients available on the server. The ports forwarded in this way are protected by default with an access control list. Only the user who initiated the tunnel can use it. ACLs can be adjusted or disabled per tunnel. This allows services such as a web server to be shared on the Internet when systems are located behind NAT routers.

Tunnels are not limited to localhost. Any client can forward a remote TCP port to the server. This provides access to browser-based configurations of printers, NAS devices, routers, or switches.

Tunnels are not bound to a specific protocol on application level. RPort forwards raw TCP or UDP packets. On creation of a tunnel, you can optionally specify a protocol such as SSH or RDP etc. This information is just for convince to remind you, what the tunnel was created for. Once a tunnel is created, you can pass any application traffic through it.

RESTful API and a user interface based on modern vue.js

The RPort server is controlled via REST API. Since each client gets its own REST endpoint, the clients also become controllable via REST. This makes numerous automation use cases possible.

RPort also comes with a modern web interface. This allows the customer to conveniently manage their entire infrastructure.

🔦
GoSSH from Google
standard ciphers
below