How to setup a SSH Tunnel

Tuesday, August 16, 2011

How to: Setup a SSH Tunnel
The aim of an ssh tunnel is to enable some security on the information you are sending while on a possible un-secure network. From your current computer to another secure computer and from then on to wherever you want to go.



It is quite easy on a Unix box. All you need to do is make sure that ssh is running. Do a quick modify of the ssh config. Then all you have to do is connect to your home computer.
On windows its a bit harder but the principle is the same.

On Unix:


You need to find the file in your /etc/init.d/ called sshd this is your ssh daemon. (appropriately named no?) If you are not on debian/ubuntu then you'll need to find your directory. But its pretty simple. Its where all your other daemons are located. Now comes the magic part, all we need to do is edit your sshd.conf file and your up and running to allowing people to connect via ssh.

If for some reason that you don't have sshd in your init.d directory then go and install it via apt.

sudo apt-get install ssh

This will install openssh-server for you. As well as some blacklists. Dont worry this is all normal. Enter your sudo password and hey presto you now have ssh installed and running. When ssh installs it automatically configures itself and generates the needed keyfiles and certificates. More information on the matter look here.

Next we want to test it out and see if we can connect to it.
ssh localhost

And you are setup! Yes its was that easy. All you will need to do now is port forward "port 22" on your router and you will have a working ssh server which can be accessed from the outside world. Then we just use ssh-tunnelling-how-to to connect to your home network and you will be very secure.

Optional:
I would also suggest doing the following changes to your "sshd_config" file. Which will be located for you ubuntu/debian folks in /etc/ssh/sshd_config. So fire up your favourite text viewer and edit the following lines.

port (to something other than 22)
LoginGraceTime 30
PermitRootLogin no
PermitEmptyPasswords no

And you should be fine. Remember that once you make changes to the config file you will need to re-start sshd. so sudo /etc/init.d/sshd restart And the changes will be made :D

2 comments:

Randall A. said...

I tried to move away the mouse arrow in the first pic x]

Hento the loony repairman :D said...

if i get it right, this lets you tunnel trough data and traffic trough this port,from one pc to annother in secure way?, mmmh i always use free vpn providers but i guess extra security never hurts! thanks man im new to this, sinc eive been working for years with windows hehehe :D

Post a Comment