thisblogblo.ws

Tunneling into your home network via SSH

Why should you tunnel into your network via SSH? The biggest reason is it’s encrypted.. but it’s also pretty easy to set up. A lot of people want to be able to Remote Desktop into their PC’s from work or wherever. And while you could just open up a port on your firewall, it’s extremely insecure to do so and most likely if trying to connect from your workplace they will have that outgoing port blocked.

The good news is, there are a couple ports that pretty much are never blocked. They are port 21, 80 and port 443. FTP, HTTP and HTTPS respectively. If you already have a Linux system installed and running somewhere on your network, chances are SSH is already installed and running. If you’re running Windows, you can download a Windows version of openSSH.

Once you install it (if you want to run it on a different port), you need to edit sshd_config file. For the Windows version of openSSH it is found in c:\program files\openssh\etc\ . For Linux it is somewhere in the neighborhood of /etc/ssh . All you need to do is edit the line that says:

#Port 22
And make it say:
Port 443

(note the # is missing) Now, restart the service

• Linux
• service sshd restart

• Windows
• net stop “openssh server”
• net start “openssh server”

With Linux, you’ll be able to log in with any users you’ve already created. With Windows you’ll need to read through the readme.txt file to add your windows users accounts to the ssh logins. Make sure you use an account that has a password!

After that is all complete you are done with the actual server portion. You will need to open up port 443 on your firewall as well so that you can access this server from outside your network.

On to the client side. Again if you working from a Linux box, ssh is probably already installed. If you’re on Windows you have a couple of options. You can install the Windows version of OpenSSH as you did previously for the server portion, or you can use something like PuTTY. I personally use PuTTY because it saves profiles etc, but you could make some command line batch files with OpenSSH.

On to the guts of how this works. When you make the connection to your SSH server from wherever, you will be connecting to port 443. What you want to do now is tunnel your local ports over that connection to remote ports on your network at home. So lets say you have a Windows box you want to Remote Desktop into that has an IP address of 192.168.0.145. With OpenSSH you would use a command like this:
ssh -p 443 -L 5000:192.168.0.145:3389 user@host.example.com

Lets break this command down:

• ssh (app you are running
• -p 443 (this tells it to use port 443 instead of the default of 22)
• -L 5000:192.168.0.145:3389 (this tells it that any traffic on the local port 5000 gets tunneled to port the remote port of 3389 on 192.168.0.145
• user@host.example.com (this tells ssh that you want to use the user named user and log into the server at host.example.com)

You can have as many -L options as you want in your command. One you issued the above command and logged in with the appropriate password, you would start your Remote Desktop client and enter the localhost:5000 in the Computer dialog. It would try to connect to your local port and get tunneled to the correct place and your Remote Desktop session will start.

With PuTTY, you would enter your host name in the session section, change the protocol to SSH and change the port to 443. Then under Connection > SSH > Tunnels you would enter the local port (5000) and in the Destination you would enter 192.168.0.145:3389 . (see below screenshots) Once you connect you could do the same as above to connect to your Remote Desktop session.

Remote Desktop is just one use. You could use this to tunnel a port to a squid proxy server, or to a mail server. SSH Tunneling is very useful for bypassing those annoying Websense proxies implemented at many corporations. Setting up a small Linux box with ssh and squid then tunneling into it from work with a command like:
ssh -p 443 -L 6000:192.168.0.144:3128 -L 5000:192.168.0.145:3389 user@example.com

Would give you access to your Remote Desktop session and a proxy connection that would tunnel all of your http traffic through your home network. (you would need to tell your web browser to go through localhost:6000 in this example). Not only would you not be subject to your companies filters, but its all encrypted so they wouldn’t even see what you were doing on the network.

The best part of all this is that all the traffic travels over a single connection so if you were to do a netstat -a or something similar, you would only see 1 connection.