|
Size: 709
Comment:
|
Size: 1965
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Creating a SSH tunnel without a password. Based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Link VPN Setup] guide in the knowledge database. | Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN. This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database. |
| Line 4: | Line 6: |
| Assuming a vpn users has been created: | Assuming a vpn users has been created and is the currently active user: |
| Line 17: | Line 19: |
$ mv .ssh/id_dsa.pub .ssh/authorized_keys |
|
| Line 18: | Line 22: |
Copy {{{/home/vpn/.ssh/id_dsa}}} locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (available on Linux) to save it into PuTTY's own format. Use the format {{{client_key.PPK}}} or similar. Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink] (available on Linux): {{{ plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23 }}} The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to {{{localhost:23}}} on the Windows PC will be forwarded to the Control server at {{{192.168.100.1}}} behind the gateway. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used: {{{ plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23 }}} This has been used setup so that Bracey staff can access Control securely remotely with there Telnet only TUN clients. |
Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN.
This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database.
Generate the ssh key
Assuming a vpn users has been created and is the currently active user:
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/vpn/.ssh/id_dsa): Created directory '/home/vpn/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vpn/.ssh/id_dsa. Your public key has been saved in /home/vpn/.ssh/id_dsa.pub. The key fingerprint is: 04:b0:6f:ff:2e:13:73:fb:aa:f1:d0:ee:3f:02:aa:b2 vpn@localhost.localdomain $ mv .ssh/id_dsa.pub .ssh/authorized_keys
Copy /home/vpn/.ssh/id_dsa locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (available on Linux) to save it into PuTTY's own format. Use the format client_key.PPK or similar.
Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink] (available on Linux):
plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23
The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to localhost:23 on the Windows PC will be forwarded to the Control server at 192.168.100.1 behind the gateway. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used:
plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23
This has been used setup so that Bracey staff can access Control securely remotely with there Telnet only TUN clients.