You need SSH access
We don’t like what we don’t know but the Secure Shell is one of those little UNIX things I cannot live without anymore. I can honestly say that OpenSSH has changed my life!
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The standard TCP port for SSH is 22. The best known example application is for remote login to computer systems by users. Say that you are working in a company which is overworried and panicking about Security. When you come into the Office and brought your own Laptop you plug it in you discover to your disappointment that you cannot access any websites anymore. This is because System Administrator like to have total control of what you can and can not do on the Local Area Network (LAN).
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The current version is 2 and therefore SSH is sometimes referred to as SSH2.
The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release. Personally I want to see this before believing it. Until MS finally comes with MS SSH I will keep using my own SSH server. Which is very stable and up for 24/7, 365 days a year.
What can OpenSSH offer?
Most people will say: ‘A remote shell’. This is true but there’s much more:
- Secure File Transfer (SFTP). Think of SFTP as a secure FTP Server. Secure because all data is transferred over SSH, which is secure by definition (it encrypts everything using the same Public and Private keys as the DES Encryption standard (Which is considered the most secure Encryption standard because it is not breakable by current hardware within a reasonable time period (years of computing). Every Linux or UNIX machine has OpenSSH and therefore a Secure File Transfer Protocol and thus can be used as a SFTP Server. SFTP Client software examples are WinSCP, Cyberduck and FileZilla.
- Port Tunelling. This is one of the most powerful features of SSH. It allows you to do things that your Network Administrators don’t want you to know. Because they will never find out if you do. For a nice example see the paragraph on how to Tunnel trough Proxy Servers below.
- Secure Remote Desktop.
- A true Linux environment, wherever you go.
- Graphical (GUI) Remote Access to your Linux Machine with X-SessionsThis is native Linux and UNIX functionality which allows you to access your System from anywhere as if you were using it from your home or Office. When you connect using the command:
ssh -x firstname.lastname@example.org
After you entered your password you will enter a new and wonderful world where you can surf the web, work with Office Applications and download from the web with amazing speed! Experience how to download a DVD in a matter of seconds! You will probably forget that you’re working remote on a Linux Server!
After your done and you want to download your files to your local machine, you simply use one of the SFTP clients. After logging in with your SFTP directory you will automatically come in your home directory.
What users say:
Hans: This OpenSSH Service is really amazing! My provider blocked the Pirate Bay last year. This isn’t a problem anymore! I download everything to my home directory and use WinSCP to download everything to my local machines.
Dick: I’m a volunteer for a foundation. I use the OpenSSH Service to run my own mailserver from my home. This wasn’t possible before because my ISP blocked port 25. Thank you for offering this great service!
John: As a System Administrator I often need to login my companie’s systems. This OpenSSH Service saves me hundreds of hours traveling! Thanks for your help!
How to tunnel trough a Proxy Server
This is (like other stories in this website) a true story.
Around 2007 (When I still actually was physical present at the companies which I uses to work for) I was at my office at ABN-AMRO in Amstelveen. While doing my daily job I realized that I needed a file which I had been working on in my home network the night before.
There was however one problem which prevented me from logging on into my home network. Although I had setup Remote Access on a few of my machines at home, the Network Administrators at ABN-AMRO wanted to have absolute control over what the users were doing on their network. To reach this goal they had placed a Proxy-Server in their network and all webbrowsers in the office were configured to use this.
I thought of a solution for this problem and a day later I could log into my home network from my Office in Amstelveen.
Here I will explain exactly how I made this possible:
- At home I installed a Virtual Machine with Fedora Linux. I could have used any Linux distribution but Fedora was the most popular at that time because it was small and fast.
- In the built-in OpenSHH Server I changed the default port (22) to 443 (https).This was essential because I had to use the Proxy Server, which can only use valid http protocols. (http and https).
- In the Office I downloaded putty.exe, an SSH client for Windows.
- I configured putty to use the ABN-AMRO Proxy Server.
- Because my OpenSSH server at home was listening on port 443 (https), I could login with putty in my home server.
- In putty I created a new port. (SSH ports in putty have a Local- and Distant IP Address and also Local and Distant ports for tunneling purposes).
- As the Local host and port I entered the Address of one of my home based machines which had a Remote Desktop server running. As the remote address I enter
- I could now start the RDP client, connect to 127.0.0.1:10000 and could work on my home based Windows machine as if I was working at home.
- Off course I could also do this the other way around, eg: Use my Office workstation at home.
Off course you are not limited to the example here. Port forwarding and tunneling can be useful in many cases such as tunneling your e-mail server’s port to bypass the port 25 restriction which ISPs like to present us.
Please note that this example only demonstrates the power of port tunneling. It’s much more powerful. Principally it’s possible to turn complete networks inside out, eg: Turn an Intranet to an extranet. I wouldn’t advice to do this with big companies, unless you really want to be kicked out!
Please also note that you are not limited to this example alone. You can use port forwarding and tunelling for many other useful purposes. For example to access email services which are blocked.
Setting up a Socks Proxy
SSH knows 2 types of tunnels: Local and Dynamic. In putty or your UX-Terminal you use the -L or -D flags of the SSH command.
With -L, SSH makes no attempt to understand the traffic. It just sends everything it receives on the local port to the target port – you determine the target port at the time the connection is made. With -D, SSH acts as a proxy server, and therefore can handle connections from multiple ports (for example, a browser configured to use it as a SOCKS proxy can then access HTTP, HTTPS, FTP, etc. over the same connection). And like with other proxy servers, it will use the traffic to determine the destination.
I can offer this service for just €5,- per month. You get your own home directory which you can use for your own purposes.Next to a guaranteed 100% uptime I provide help and support for free.