If you set up some kind of SSH Connection on a windows computer over the past few years, be it to connect to the university’s network or to secure a line for an insecure FTP Transfer,you have probably encountered the program PuTTy on the way to salvation. It’s easy to use, free and OSSish powerful. What many people don’t know about PuTTy though, is what other powers aside from or better in addition to SSH slumber inside the little executable.
I was no exception to this when I decided to fool around a bit with my AVM Fritz!Box (Broadband Router quite common in Germany and Austria that runs with Linux) and installed - among other amusing things - the dropbear SSH Server on it. I was then able to connect to my home network from all around the world using just my dyndns-account and PuTTy, or better his cousin PuTTyPortable, which runs from thumb drives without leaving traces behind on the host
After going through the massive troubles of installing and configuring dropbear via FTP and VM, I first started to think about the use I could get out of this.
note: I didn’t intend to give instructions of how to use PuTTy or to set up those functions I mention, more to give some inspiration. Google helps all, but if someone is interested in a particular HowTo, just ask, I’m here ;).
First of all, I found out that I could use my encrypted Connection to eliminate some holes in my Firewall, VNC always being a big thorn in my side. If I use the standard ports, it’s insecure, and if I use custom ports, I’m bound to fail to remember them when needed. With the SSH Connection, I only have to remember one custom port (in fact, PuTTy does remember it), and I can spare the additional effort and cpu time for encrypting VNC sessions, as well as I could stuff all commonly used holes in my firewall.
Incredibly simple, but at the same time incredibly effective. If you want something like this, the tunneling function (also port forwarding) is for you. It also allowed me - with some tweaking on the router as well - to view the html-based configuration side from outside over the secure line, taking a look at the list of calls received in absence.
The next useful function I could think of was to use my secure Connection to obscure my internet traffic. Not to circumvent IP-Checks, but to prevent the casual network analyzer of having anything to work with besides my current IP at home. No destination, no protocol, no data. Setting it up was even easier than setting up the port tunnels, which, from time to time, tend to be a real pain in the ass, so to speak. For every open SSH Connection and without further configuration, PuTTy procures a full-fledged SOCKS proxy server for you. Ain’t that nice? And with plugins like QuickProxy for Firefox you are free to switch it on or off as you like. Which, of course, is also available as a portable version. But you all knew that already.
The third function I use pretty often was a nasty one to get by, but it was definitely worth the trouble, since it fits my setting nigh perfectly. I’m quite fond of VPNs, but I have yet to encounter a VPN-software that really satisfies me and my personal needs and/or beliefs. So, among the other amusing programs I set up on my router (as mentioned above), was a VPN-server, to allow me to connect to my network-enabled hard drives at home. To cut it short, it worked, I felt secure and all, but it was impossible to take the solution with me, since all VPN-Implementations (OpenVPN, that is) required installation and the creation (and configuration) of a virtual network adapter. So I tried to bring up a feasible solution involving PuTTy.
The easy one was to use a protocol that allows you to transfer files, (s)FTP, SCP, or even HTTP, but all require a special server component to be run on the target, which is not possible for me without leaving one of my computer on, which is entirely out of the question. The NAS is even able to manage FTP, but it would require me to rely on FTP and FTP alone. No Samba and FTP at the same time for the same files. So I had to discard that as well.
The next thought was to just forward port 139 (used by windows filesharing services) to my target network. It would’ve worked, but it would’ve rendered me incapable of using the filesharing service for local shares. I’m using this solution at work, so it’s either home or work. It would work, I could only start up the connection of needed, and so on, but I wasn’t just happy with it, so I digged further.
If I had found a software for windows, that used not the windows filesharing service but an own implementation of it, I could just tell it to use another port and forward that one, but unfortunately, I found no such program.
The best I could come up with was to create a network adapter as VPN does, but without configuring anything on it except for a meaningless IP, and then forward all traffic on 10.0.0.1:139 to my network at home. Works like a charm, but if anyone ever happens to find a program like mentioned above, I would be more than happy to give it a try. Portable Applications preferred
Another function available, though I did not use it very often, was the forwarding of the X11-protocol used by common Linux-desktops, which gives you the power of controlling the remote computer similar to VNC but without the need for additional software.
The last one I want to mention is not one of PuTTy, but one that uses its opened shell to go through with it. A little program called etherwake can be run on common Linux-powered systems which enables you to start your computer without actually sitting in front of it via the magic of WOL (pun intended). A pre-set shell-script that’s run with a short command, a VNC server installed as a service, and you’re good to go. Connect the Router, wake up the computer, connect using VNC and take a look at the all-important document you left at home.
So, if you happen to own a Fritz!Box or one of them shiny, new, world-wide-available OpenSource-Routers, or just an old crappy computer that could deliver a reasonable SSH server for an equally reasonable amount of watts spent, maybe those ideas incorporated one for you.
Also, please notice that PuTTyTray works from Thumb Drives as well without leaving any Data behind (if you use the “session from file”-option), but has the advantage that it can be minimized to the system tray.
If you’re planning on keeping the connection up for quite some time, also remember to activate the “Keep Alive”-function
Edit: After getting rebuked for not doing it from the beginning, I’d like to incorporate some useful links that might get you started.
Complete Installation Guide for Telnet, FTP, SSH, WOL & VPN on a Fritz!Box, German.
You can also get this functions creating a nice and easy pseudo-firmware-image here, but I guess one could lack the insight needed to fill in all the right information if he never did it manually before. So, feel free to screw around using the above link and once you figured it all out, use this one. Also German, but with very little text
Another tutorial, this time for the Linksys WRT54G, including SSH and Tunneling.
0 comments:
Post a Comment