Friday, December 25, 2009

SSH Coolness ... even on Windows.

prerequisite concepts: prelude, basic config., port fwd, proxy conn.

I don't often have the opportunity to experiment on computers running Windows, but every once in a long while it simply cannot be avoided. I recently found myself wanting to look up a password in Revelation, a password manager for the Gnome Desktop on Linux; I have previously written about using OpenSSH's ProxyCommand directive to tunnel through a firewall and forward X11 (GUI) applications remotely from a an isolated workstation on a private LAN, the difference here was that I needed to forward that application to a Windows workstation.

I haven't used Windows enough to do this sort of thing for about ten years, so it took a bit of fiddling, but I eventually worked out the following methodology. Like the other posts in this series, it is assumed that the reader is familiar with the basics, specifically the use of PuTTY and Pageant to log in to Linux hosts using ssh keys; a windows installer is available to install all needed utilites, but the only others used in this experiment were PuTTYgen (to generate an SSH key) and plink which I simply tossed in the Windows directory so I wouldn't need a full path in the local proxy command (below). Some additional software is needed to run X Windows applications on Windows, and in this case I used Xming. I had never used Xming before, and may never need it again, but I was impressed that it was as easy as point, click, run-- as long as it's running in the background, it will do what's needed. All the configuration is done in PuTTY.

PuTTY: Session Settings Session Settings
A proxy connection has only a few specific settings, all others can be left at default values or the user's preference; this screen shot is only included to emphasize that the Session Host is the box on the private LAN running the application we want, not the proxy host which has the public Internet connection we will be using.

PuTTY: Proxy Settings Proxy Settings
The proxy hostname is the box with the public connection; it will use the local proxy command to connect our SSH client to the session host specified on the previous screen. Note that SSH will only use the Auto-login username (Connection=>Data=>Login Details) with the session host, which is why I have specified a username here.

PuTTY: X11 Forwarding Settings X11 Forwarding
There is nothing complicated about the X forwarding settings, this must be enabled in PuTTy, as well as on the remote Linux box, and on the proxy. In my case, the proxy was an Ubuntu server not running X Windows, so I first had to install xauth (sudo aptitude install xauth).