2006-04-06, 07:23 AM
Using SSH to secure your network means that instead of having many open ports to the internet to which attackers can come in, you have one, secured, port. From this one port you can set up what's called a tunnel, to other ports, LAN based machines and even to internet based services.
For example, my machines at home a running behind a router, on that router you could open up any port 2222, for example (22 is the SSH standard port, you can use this, but why let script kiddies know you're there??).
On the router set up your port 2222 to forward to a local machine on your network - caled computer1 on port 22.
Then from outside you network (anywhere with an internet connection) and using a terminal client like putty, you can connect to you internet IP address and port 2222 to be connected to computer1 on port 22 inside your local network.
Now this is just the start.
Once that is verified you can set set up a tunnel.
Inside putty, in the connection options there is an option for tunnels. We're going to set up a tunnel to the GBPVR Enhanced web admin residing on computer1. In this case the machine with the SSH server.
In putty, under tunnels you will create a new tunnel with your source port 7467 and destination set to localhost:7647
That's pretty much it. Now from the internet, start your putty session, Once connected start up your browser and point it to http://localhost:7647/gbpvr/logon.aspx this is transmitted down the putty session and pops out the other side and is directed to the localhost:7647 inside your home network...neat huh???
For multiple machines you just change the destinaion port of the putty tunnel to be machine:port. This will make the transmission got down into the tunnel and pop out the other side then from the ssh server machine it will be transmitted on the local network to machine:port just like your were on the local LAN.
Here is a link I've always followed for setting up an SSH server of one of my windows machines.
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
I hope I made that easy enough to follow. The URL above has a bit more on tunnelling, I've successfully had pop3, GBPVR EWA, RealVNC, Ca Unicenter Remote Control, various other websites all working the same way.
You just need to make sure that on the machine out in the internet that the port you set up in putty is not being used, since to go down in the tunnel is is always a connection to localhost.
For example, my machines at home a running behind a router, on that router you could open up any port 2222, for example (22 is the SSH standard port, you can use this, but why let script kiddies know you're there??).
On the router set up your port 2222 to forward to a local machine on your network - caled computer1 on port 22.
Then from outside you network (anywhere with an internet connection) and using a terminal client like putty, you can connect to you internet IP address and port 2222 to be connected to computer1 on port 22 inside your local network.
Now this is just the start.
Once that is verified you can set set up a tunnel.
Inside putty, in the connection options there is an option for tunnels. We're going to set up a tunnel to the GBPVR Enhanced web admin residing on computer1. In this case the machine with the SSH server.
In putty, under tunnels you will create a new tunnel with your source port 7467 and destination set to localhost:7647
That's pretty much it. Now from the internet, start your putty session, Once connected start up your browser and point it to http://localhost:7647/gbpvr/logon.aspx this is transmitted down the putty session and pops out the other side and is directed to the localhost:7647 inside your home network...neat huh???
For multiple machines you just change the destinaion port of the putty tunnel to be machine:port. This will make the transmission got down into the tunnel and pop out the other side then from the ssh server machine it will be transmitted on the local network to machine:port just like your were on the local LAN.
Here is a link I've always followed for setting up an SSH server of one of my windows machines.
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
I hope I made that easy enough to follow. The URL above has a bit more on tunnelling, I've successfully had pop3, GBPVR EWA, RealVNC, Ca Unicenter Remote Control, various other websites all working the same way.
You just need to make sure that on the machine out in the internet that the port you set up in putty is not being used, since to go down in the tunnel is is always a connection to localhost.
