Diff for "SSHTunnel"

Creating a SSH tunnel without a password. This is useful for establishing secure connections on older versions of Linux which don't support OpenVPN.

This guide is based on the [http://robin.crecom.com.au/knowledge/linux/vpn%20setup.htm Linux VPN Setup] guide in the knowledge database.

Generate the ssh key

Assuming a vpn users has been created and is the currently active user:

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/vpn/.ssh/id_dsa):
Created directory '/home/vpn/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vpn/.ssh/id_dsa.
Your public key has been saved in /home/vpn/.ssh/id_dsa.pub.
The key fingerprint is:
04:b0:6f:ff:2e:13:73:fb:aa:f1:d0:ee:3f:02:aa:b2 vpn@localhost.localdomain

$ mv .ssh/id_dsa.pub .ssh/authorized_keys

Copy /home/vpn/.ssh/id_dsa locally to a Windows machine and load it through [http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe PuTTYgen] (available on Linux) to save it into PuTTY's own format. Use the filename format client_key.PPK or similar.

Test the key with [http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe PLink] (available on Linux):

plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:192.168.100.1:23

The above Plink line will create a SSH connection to the Bracey gateway, then telnet connection attempts to localhost:23 on the Windows PC will be forwarded to the Control server at 192.168.100.1 behind the gateway. If the Control server has a port forward and is available through the Internet via port SSH but the client only has telnet the following line should be used:

plink.exe -N -C -2 -i brace_key.PPK vpn@60.240.47.233 -L 23:127.0.0.1:23

This has been used setup so that Bracey staff can access Control securely remotely with there Telnet only TUN clients. Similar SSH connections have been made to allow remote secure VNC connections.