HOW TO: create a SSH connection from Win2k and connect to Win2k
behind Linksys
Stan Chu
merker19 "at" hotmail.com
Wed Feb 18 14:53:01 2004
HOW TO: create a SSH connection from Windows 2000 and connect to Windows
2000 behind a Linksys Router
After about three days of poring through various FAQ's, mailing lists, and
scattered bits of knowledge found throughout the internet, I finally
accomplished my goal of connecting to my home computer from work. I can't
believe how much a pain it was but I finally figured it out and I want to
give back to the community by writing this HOW TO and thank all the experts
including James Weatherall, William Hooper, Teng-Fong Seak, and the VNC list
for their wisdom.
Here's my scenario:
At home I have a Windows 2000 Professional box (SP4) behind a Linksys Router
(BEFW11S4, firmware ver. 1.44.2z) connected to the internet through a DSL
modem.
At work I have a Windows 2000 Professional box (SP2) behind a corporate
firewall connected to the internet through my company' ISP.
Let's pretend you have 30 minutes before you go to work and you want to set
this all up so you can create a SSH/VNC session from work to your home
computer.
STEP 1: Gather Network Information
1) Turn on your home computer
2) Open a web browser like Internet Explorer
3) Go to your Linksys admin page by entering the address: 192.168.1.1
4) A login prompt will appear, click in the password field and enter the
Linksys admin password. The default is: admin
5) Click on the Status tab and record the information for WAN IP address
(this is your real ip on the internet) and WAN DNS address (if you don't
know already, these are the servers that will resolve all those url's you
enter� into ip addresses).
STEP 2: Get your Computer�s Name
1) Find My Computer on your desktop, right-click on it, and choose
Properties.
2) Click the Network Identification tab
3) Click Properties button
4) Record the Computer Name information
STEP 3: Forward Port on Linksys Router to your computer
1) Open a web browser like Internet Explorer
2) Go to your Linksys admin page by entering the address: 192.168.1.1
3) A login prompt will appear, click in the password field and enter the
Linksys admin password. The default is: admin
4) Click Advanced tab and then click the Forwarding tab
5) Click the UPnP Forwarding button
6) In the first available listing for Application Name, enter: SSH
7) For Ext. Port, enter: port 22
8) For protocol, select TCP
8) For Int. Port, enter: port 22
9) For IP Address, enter: 95
13) Check the enable box
14) Click OK button
STEP 4: Set Static IP on your Computer
1) Click Start | Settings | Control Panel
2) Double-click Network and Dial-up Connections
3) Right-click on Local Area Connection and choose Properties
4) Highlight Internet Protocol (TCP/IP)
5) Click the Properties button
6) Select the option: Use the following IP Address
7) For the IP address field, enter: 192.168.1.95
8) For the Subnet Mask, enter: 255.255.255.0
9) For the Default gateway, enter: 192.168.1.1
10) Select the option: Use the following DNS server addresses
11) For the Preferred DNS server, enter the first DNS address you got from
STEP 1.5
12) For the Alternate DNS server, enter the second DNS address you got from
STEP 1.5
13) Cick OK and OK again to accept changes.
14) Windows will ask you to reboot. Make sure you can connect to the
internet after you start up again.
Resource: http://www.linksys.com/tech_helper/advanced.html
STEP 5: Download & Install Cygwin [currently SSH Server (Cygwin) Cygwin
Setup v2.416, Cygwin DLL v1.5.5 and OpenSSH v3.7.1p2]
1) Go to http://tech.erdelynet.com/cygwin-sshd.html
Note: The directions on the website are pretty accurate, except for step 5.
I couldn't execute the command from there, so I just double-clicked on the
Cygwin icon on my desktop to run the setup.
STEP 6: Install VNC Server
1) Go to http://www.realvnc.com or whatever flavor of VNC you want and
download the Server package. There's a small handful of different VNC
flavors out there, so pick one, download it, and install the server package
on this machine. Make sure you setup a VNC server password.
STEP 7: Enable loopback (If you plan on using VNC on the same box you want
to SSH into, you have to enable loopback)
1) Click Start | run
2) Type: Regedit
3) Click OK
4) Navigate through the folders: HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
5) Create the key: "AllowLoopback"=dword:00000001
6) Close out regedit, reboot, and go to work
Note: A lot of people wonder why anyone should do a loopback at all. Here's
a pretty good explanation.
Why to Loopback in SSH?
http://www.realvnc.com/pipermail/vnc-list/2003-March/037978.html
STEP 8: Download Putty, Configure, & establish SSH session
1) Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2) Download Putty (currently .53b) to your computer at work
3) Double-click on Putty to start it up
4) On the left-hand side is the Category section, click on Session
5) In the Saved Sessions field, enter a name like SSH Home and click the
Save button to save this session config
6) In the Host Name (or IP Address) field, enter your home computer's IP
address. It's the WAN IP Address information you got from STEP 1.5
7) On the left-hand side is the Category section, click on Appearance
8) In the Window Title field, enter something like: SSH to Home
9) On the left-hand side is the Category section, click on SSH
10) Select Enable compression
11) Under Preferred SSH protocol version, select 2 only
12) On the left-hand side is the Category section, click on Tunnels
13) Under Port forwarding, select Local ports accept connections from other
hosts
14) In the Source port field, enter: 5901
15) In the Destination field, enter: <home computer name>:5900
i.e. If my home computer's name was homepc, I would type: homepc:5900
You got this information in STEP 2.4
16) Click Add button
17) On the left-hand side is the Category section, click on Session
18) Click Save button to save this session configuration
19) Click Open button to create SSH connection
20) Enter an account username and password that has access on your home
computer.
STEP 9: Download VNC Viewer, Configure, & connect to your home computer
1) Go to http://www.realvnc.com or whatever flavor of VNC you want and
download the client package. There's a small handful of different VNC
flavors out there, so pick one, download it, and run the client on your work
machine.
2) For VNC server field, enter: localhost:1
3) Some articles say hextile is better. For those believers, click on
Options, deselect Auto Select, choose hextile, and click OK
4) Click OK to the VNC prompt
5) Enter the VNC server password and you've just created a secure VNC
connection to your home computer!!!
The Cygwin installation you did also installed SFTP onto your home computer.
If you use something like WinSCP (http://winscp.sourceforge.net/eng/) you
can securely SFTP files to your home computer. Nice, eh?
If you're like me, you're probably freaked out that you've opened up a port
on your home's linksys router and are working on ways to improve security on
your network. Here are a few places I frequent now:
http://www.securityfocus.com
http://labmice.techtarget.com/articles/securingwin2000.htm
If there are errors in this please feel free to point them out. Also if
anyone would like to add screenshots, host this info on a site somewhere,
etc. that would be great. Please remember to give credit. Thanks!!!!
_Stan Chu
***************************
OTHER great SSH/VNC Resources!!! (Some of them have pretty pictures!!!)
How to setup ssh to tunnel VNC traffic through the Internet
http://pigtail.net/LRP/vnc/
HOW-TO: VNC secure tunneling using Windows PuttY ssh client
http://freesco.no-ip.org/VNC/
Using SSH tunnels from M$ Windows
http://home.intergga.ch/Westrick/Using_SSH_tunnels_from_M$_Windows.pdf
_________________________________________________________________
Get fast, reliable access with MSN 9 Dial-up. Click here for Special Offer!
http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/