|
Size: 709
Comment:
|
Size: 2099
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Creating a SSH tunnel without a password. Based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Link VPN Setup] guide in the knowledge database. | Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN. This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database. |
| Line 4: | Line 6: |
| Assuming a vpn users has been created: | Assuming a vpn users has been created and is the currently active user: |
| Line 17: | Line 19: |
$ mv .ssh/id_dsa.pub .ssh/authorized_keys |
|
| Line 18: | Line 22: |
Copy {{{/home/vpn/.ssh/id_dsa}}} locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (available on Linux) to save it into PuTTY's own format using {{{Save private key}}} with no password. Use the filename format {{{client_key.PPK}}} or similar. Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink] (available on Linux): {{{ plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23 }}} The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to {{{localhost:23}}} on the Windows PC will be forwarded to the Control server at {{{192.168.100.1}}} behind the gateway. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used: {{{ plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23 }}} This has been used setup so that Bracey staff can access Control securely remotely with there Telnet only TUN clients. Similar SSH connections have been made to allow remote secure VNC connections. |
Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN.
This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database.
Generate the ssh key
Assuming a vpn users has been created and is the currently active user:
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/vpn/.ssh/id_dsa): Created directory '/home/vpn/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vpn/.ssh/id_dsa. Your public key has been saved in /home/vpn/.ssh/id_dsa.pub. The key fingerprint is: 04:b0:6f:ff:2e:13:73:fb:aa:f1:d0:ee:3f:02:aa:b2 vpn@localhost.localdomain $ mv .ssh/id_dsa.pub .ssh/authorized_keys
Copy /home/vpn/.ssh/id_dsa locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (available on Linux) to save it into PuTTY's own format using Save private key with no password. Use the filename format client_key.PPK or similar.
Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink] (available on Linux):
plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23
The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to localhost:23 on the Windows PC will be forwarded to the Control server at 192.168.100.1 behind the gateway. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used:
plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23
This has been used setup so that Bracey staff can access Control securely remotely with there Telnet only TUN clients. Similar SSH connections have been made to allow remote secure VNC connections.