Differences between revisions 4 and 5
Revision 4 as of 2006-05-30 05:43:58
Size: 1329
Editor: rowlf
Comment:
Revision 5 as of 2006-05-30 05:48:56
Size: 1791
Editor: rowlf
Comment:
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
Copy {{{/home/vpn/.ssh/id_dsa}}} locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (PuTTYgen is available on Linux as well) to save it into PuTTY's own format. Use the format client_key.PPK or similar. Copy {{{/home/vpn/.ssh/id_dsa}}} locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (PuTTYgen is available on Linux as well) to save it into PuTTY's own format. Use the format {{{client_key.PPK}}} or similar.
Line 29: Line 29:

The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to {{{localhost:23}}} (on the Windows PC) will be forwarded to the Control server at {{{192.168.100.1}}}. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used:
{{{
plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23
}}}

Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN.

This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database.

Generate the ssh key

Assuming a vpn users has been created: 

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/vpn/.ssh/id_dsa):
Created directory '/home/vpn/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vpn/.ssh/id_dsa.
Your public key has been saved in /home/vpn/.ssh/id_dsa.pub.
The key fingerprint is:
04:b0:6f:ff:2e:13:73:fb:aa:f1:d0:ee:3f:02:aa:b2 vpn@localhost.localdomain

$ mv .ssh/id_dsa.pub .ssh/authorized_keys

Copy /home/vpn/.ssh/id_dsa locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (PuTTYgen is available on Linux as well) to save it into PuTTY's own format. Use the format client_key.PPK or similar.

Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink]: 

plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23

The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to localhost:23 (on the Windows PC) will be forwarded to the Control server at 192.168.100.1. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used: 

plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23

SSHTunnel (last edited 2013-09-18 06:09:33 by localhost)