Robert F. wrote in post #1033780:
Long time since I was actively involved in Ruby community so would
like to get your up-to-date view of what would be the simplest way to
support secure (ssh-encrypted typically) client/server communication
via JSON between ruby scripts. I want to use encrypted JSON since some
of the clients might later need to be implemented in other languages
than Ruby and JSON is widespread. But other ideas/comments also
If you’ve already decided you want to use ssh to handle the encryption,
then you would use ssh tunnelling. This lets you pass a TCP session
securely over ssh to a remote endpoint, but the two endpoints are not
doing any encryption.
Client ----- ssh ================ sshd ------ Server
ssh -L :: @
Your two other main options for securing the connection are SSL and
However, that doesn’t define what application-layer protocol you are
a protocol for request/response exchanges.
Many people just use JSON over HTTP/HTTPS - this is essentially the
RESTful approach. You GET a JSON object from a particular URL; or you
PUT or POST a JSON object to a URL, and get another JSON object in the
There is also a JSON RPC proposal - json-rpc.org - but I don’t know what
state this proposal is in, nor the ruby implementations of it.
In both cases, the semantics of handling interrupted communication are
up to you (e.g. if you POST an object but didn’t get a response, it’s
possible that the object was received and acted upon, but the response
was interrupted. What would happen if you resubmit the original request?
If this is a financial transaction, would the customer be charged
If you want the messaging layer to handle this sort of issue for you
then you should look at using a dedicated messaging layer instead (e.g.
an AMQP engine like rabbitmq)