HOW TO: create a SSH connection from Win2k and connect to Win2k behind Linksys

Wed, 18 Feb 2004 07:06:45 -0800

HOW TO: create a SSH connection from Windows 2000 and connect to Windows 2000 behind a Linksys Router

After about three days of poring through various FAQ's, mailing lists, and scattered bits of knowledge found throughout the internet, I finally accomplished my goal of connecting to my home computer from work. I can't believe how much a pain it was but I finally figured it out and I want to give back to the community by writing this HOW TO and thank all the experts including James Weatherall, William Hooper, Teng-Fong Seak, and the VNC list for their wisdom.

Here's my scenario:
At home I have a Windows 2000 Professional box (SP4) behind a Linksys Router (BEFW11S4, firmware ver. 1.44.2z) connected to the internet through a DSL modem.

At work I have a Windows 2000 Professional box (SP2) behind a corporate firewall connected to the internet through my company' ISP.

Let's pretend you have 30 minutes before you go to work and you want to set this all up so you can create a SSH/VNC session from work to your home computer.

STEP 1: Gather Network Information
1) Turn on your home computer
2) Open a web browser like Internet Explorer
3) Go to your Linksys admin page by entering the address: 192.168.1.1
4) A login prompt will appear, click in the password field and enter the Linksys admin password. The default is: admin
5) Click on the Status tab and record the information for WAN IP address (this is your real ip on the internet) and WAN DNS address (if you don't know already, these are the servers that will resolve all those url's you enter into ip addresses).

STEP 2: Get your Computers Name
1) Find My Computer on your desktop, right-click on it, and choose Properties.
2) Click the Network Identification tab
3) Click Properties button
4) Record the Computer Name information

STEP 3: Forward Port on Linksys Router to your computer
1) Open a web browser like Internet Explorer
2) Go to your Linksys admin page by entering the address: 192.168.1.1
3) A login prompt will appear, click in the password field and enter the Linksys admin password. The default is: admin
4) Click Advanced tab and then click the Forwarding tab
5) Click the UPnP Forwarding button
6) In the first available listing for Application Name, enter: SSH
7) For Ext. Port, enter: port 22
8) For protocol, select TCP
8) For Int. Port, enter: port 22
9) For IP Address, enter: 95
13) Check the enable box
14) Click OK button

STEP 4: Set Static IP on your Computer
1) Click Start | Settings | Control Panel
2) Double-click Network and Dial-up Connections
3) Right-click on Local Area Connection and choose Properties
4) Highlight Internet Protocol (TCP/IP)
5) Click the Properties button
6) Select the option: Use the following IP Address
7) For the IP address field, enter: 192.168.1.95
8) For the Subnet Mask, enter: 255.255.255.0
9) For the Default gateway, enter: 192.168.1.1
10) Select the option: Use the following DNS server addresses
11) For the Preferred DNS server, enter the first DNS address you got from STEP 1.5
12) For the Alternate DNS server, enter the second DNS address you got from STEP 1.5
13) Cick OK and OK again to accept changes.
14) Windows will ask you to reboot. Make sure you can connect to the internet after you start up again.
Resource: http://www.linksys.com/tech_helper/advanced.html

STEP 5: Download & Install Cygwin [currently SSH Server (Cygwin) Cygwin Setup v2.416, Cygwin DLL v1.5.5 and OpenSSH v3.7.1p2]
1) Go to http://tech.erdelynet.com/cygwin-sshd.html

Note: The directions on the website are pretty accurate, except for step 5. I couldn't execute the command from there, so I just double-clicked on the Cygwin icon on my desktop to run the setup.

STEP 6: Install VNC Server
1) Go to http://www.realvnc.com or whatever flavor of VNC you want and download the Server package. There's a small handful of different VNC flavors out there, so pick one, download it, and install the server package on this machine. Make sure you setup a VNC server password.

STEP 7: Enable loopback (If you plan on using VNC on the same box you want to SSH into, you have to enable loopback)
1) Click Start | run
2) Type: Regedit
3) Click OK
4) Navigate through the folders: HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
5) Create the key: "AllowLoopback"=dword:00000001
6) Close out regedit, reboot, and go to work

Note: A lot of people wonder why anyone should do a loopback at all. Here's a pretty good explanation.

Why to Loopback in SSH?
http://www.realvnc.com/pipermail/vnc-list/2003-March/037978.html

STEP 8: Download Putty, Configure, & establish SSH session
1) Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2) Download Putty (currently .53b) to your computer at work
3) Double-click on Putty to start it up
4) On the left-hand side is the Category section, click on Session
5) In the Saved Sessions field, enter a name like SSH Home and click the Save button to save this session config
6) In the Host Name (or IP Address) field, enter your home computer's IP address. It's the WAN IP Address information you got from STEP 1.5
7) On the left-hand side is the Category section, click on Appearance
8) In the Window Title field, enter something like: SSH to Home
9) On the left-hand side is the Category section, click on SSH
10) Select Enable compression
11) Under Preferred SSH protocol version, select 2 only
12) On the left-hand side is the Category section, click on Tunnels
13) Under Port forwarding, select Local ports accept connections from other hosts
14) In the Source port field, enter: 5901
15) In the Destination field, enter: <home computer name>:5900
i.e. If my home computer's name was homepc, I would type: homepc:5900
You got this information in STEP 2.4
16) Click Add button
17) On the left-hand side is the Category section, click on Session
18) Click Save button to save this session configuration
19) Click Open button to create SSH connection
20) Enter an account username and password that has access on your home computer.

STEP 9: Download VNC Viewer, Configure, & connect to your home computer
1) Go to http://www.realvnc.com or whatever flavor of VNC you want and download the client package. There's a small handful of different VNC flavors out there, so pick one, download it, and run the client on your work machine.
2) For VNC server field, enter: localhost:1
3) Some articles say hextile is better. For those believers, click on Options, deselect Auto Select, choose hextile, and click OK
4) Click OK to the VNC prompt
5) Enter the VNC server password and you've just created a secure VNC connection to your home computer!!!

The Cygwin installation you did also installed SFTP onto your home computer. If you use something like WinSCP (http://winscp.sourceforge.net/eng/) you can securely SFTP files to your home computer. Nice, eh?

If you're like me, you're probably freaked out that you've opened up a port on your home's linksys router and are working on ways to improve security on your network. Here are a few places I frequent now:
http://www.securityfocus.com
http://labmice.techtarget.com/articles/securingwin2000.htm

If there are errors in this please feel free to point them out. Also if anyone would like to add screenshots, host this info on a site somewhere, etc. that would be great. Please remember to give credit. Thanks!!!!
_Stan Chu

***************************
OTHER great SSH/VNC Resources!!! (Some of them have pretty pictures!!!)

How to setup ssh to tunnel VNC traffic through the Internet
http://pigtail.net/LRP/vnc/

HOW-TO: VNC secure tunneling using Windows PuttY ssh client
http://freesco.no-ip.org/VNC/

Using SSH tunnels from M$ Windows
http://home.intergga.ch/Westrick/Using_SSH_tunnels_from_M$_Windows.pdf

_________________________________________________________________
Get fast, reliable access with MSN 9 Dial-up. Click here for Special Offer! http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to