Thursday, January 24, 2019

Windows Putty Reverse Tunnel/ OpenSSH Gotchas


OpenSSH Install
  • The configuration is stored in C:\ProgramData\SSH folder
  • Need to comment out #Match Group Administrators section
  • The ".ssh" folder must be validated for each user properly. Sometimes, if you create ".ssh", windows will create ",ssh" (comma instead of dot)
  • .ssh folder should only have permissions for SYSTEM, user and administrators. No other users at all
  • Make sure both SSH service and Authentication Agent services are running
PC behind firewall:

  1. Install Putty on the NUC
  2. In Putty, create a new session
    1. Host:
    2. In category on left, select Connection
      1. Under seconds between keepalives - set to 30
      2. Check Enable TCP Keepalives
    3. In category on left, select Connection > SSH > Auth
      1. Click on browse the select the key file
    4. In category on left, select Connection > SSH > Tunnels
      1. Source Port: 9999 (remember this)
      2. Destination: localhost:3389
      3. Change from Local to Remote
      4. Change from Auto to IPv4
      5. Click on Add
    5. In category on left, select session
    6. Under Save sessions, give a name "home-rdp-reverse"
    7. Click on Open to verify that the SSH session opens
  3. Create a batch file such as remote-link.bat with plink to run in a loop. plink is a putty utility where you can provide putty saved session name to execute. Something like:
    1. plink "home-rdp-reverse"
  4. Run this batch file to ensure that the connection is established properly without any issues
  5. Add batch file to startup so that it runs as soon as machine is started
  6. Restart the machine and verify
  7. Note: The port 9999 above is unique for this particular install. Each install will require its own source port which we can manage separately
Connected remotely:

  1. Open Putty on your machine and create a new session
    1. Repeat step 2.1 from above
    2. Repeat step 2.2 from above
    3. In category on left, select Connections > SSH > Tunnels
      1. Source Port: 5002
      2. Destination: localhost:9999 (this is the port for specific PC we want to RDP)
      3. Keep Local
      4. Change from Auto to IPv4
      5. Click on Add
    4. In category on left, select session
    5. Under Save sessions, give a name such as "college-server-rdp"
    6. Click on Open to verify that the SSH session opens
    7. Open Remote Desktop Connection client
    8. Connect to localhost:5002 (source port from above)
    9. Enter credentials applicable to machine in the college
Reference/ Help: https://vincetocco.com/how-to-setup-a-reverse-tunnel-with-putty/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)