How to create a vpn/ssh tunnel: Difference between revisions

From DISI
Jump to navigation Jump to search
 
(15 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= FOR MAC OS =
= Generate SSH key =
Go to the app store and search for “ssh tunnel manager”
First, copy this command into your termimal
ssh-key -t rsa
Then it will ask you where you want to save the ssh keypair. If you already have a key saved in /Users/user/.ssh/id_rsa, please save your new key somewhere else to avoid overwriting existing key
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): /Users/user/.ssh/bkslab_key
Lastly, it will ask you for passphrase. You don't need to provide passphrase, just hit Enter
Enter passphrase (empty for no passphrase):


Download this free app.
The public key can be found in the location where you specified earlier (ie: /Users/user/.ssh/bkslab_key.pub)
Send it to the person who creates you your account, so they can add it into portal.


Click the “Show in menu bar” button on the upper lefthand corner.
= FOR LINUX AND MAC OS =


Open it and then click the little ‘+’ sign on the bottom part of the white box.
I am going to illustrate how to create a ssh tunnel using a couple examples.


Enter the following information:
Pretend ''you want to create a ssh tunnel from your laptop to gimel through the portal.''
 
First open two terminals.  In one terminal type the following:


For the Name field, name it whatever you want.
ssh <options/flags> localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l <username>
ssh -vCL localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l jjg


Login: your_user_name
In the other terminal type:


Host: portal.uoft.bkslab.org
ssh -p 2222 <username>@localhost
ssh -p 2222 jjg@localhost


Port: 62
Then when you log in type hostname and you will see that you are logged into gimel!


Then click on the Options button in the bottom righthand corner.
Here's another example, say ''you want to scp files directly from your laptop to your home directory on gimel.''


Make sure “Handle authentication” is checked and check the “Enable SOCKS4 proxy”.
First open two terminals.  In one terminal type the following:


Make sure the port is 1080 (or something above port 1024).
ssh <options/flags> localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l <username>
ssh -vCL localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l jjg


Your screen should look like this:
In the other terminal type:
scp -P 2222 file_you_want_to_copy <username>@localhost:~


 
== Troubleshooting ==
[[File:tunnelMac.png]]
If you see this error:
 
Unable to negotiate with 169.230.26.166 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
 
Please follow this instruction to fix it :  
Then close the SSH Tunnel Manager.
https://www.iclarified.com/87910/how-to-fix-no-matching-host-key-type-found-on-mac
 
Go to System Preferences -> Network
 
Click on the connection you are connected to (ie Airport, Ethernet, etc).
 
Then click on Advanced in the bottom right corner.
 
Then click on Proxies up in the top right of the box.
 
Then check SOCKS Proxy
 
Then under “SOCKS PROXY SERVER” enter localhost and to the right 1080 (or whatever port you decided to use previously).
 
It should look like this:
 
 
[[File:proxy1080.png]]
 
 
Click OK, then apply.
 
Then go to the ssh Tunnel Manger and click the “play”button on the right hand side:
 
It should say connected and possibly prompt you for your password (the one associated with your ssh key).
 
To test if your tunnel is good, go to: http://whatismyipaddress.com/
 
This will tell you what ip address you have.  If it says the IP address of the remote host you're connecting to in putty, you are good to go! :) 
 
Your computer will now act as if you were connected to the internet in the lab.
 
 
When you’re done with the vpn session click on the ssh Tunnel Manager and click the “stop” button.
 
Then go to System Preferences -> Network -> Advanced -> Proxies
 
and uncheck the SOCKS Proxy, click OK, then apply.
 
That’s it!


= FOR WINDOWS OS =
= FOR WINDOWS OS =

Latest revision as of 22:13, 7 October 2024

Generate SSH key

First, copy this command into your termimal

ssh-key -t rsa

Then it will ask you where you want to save the ssh keypair. If you already have a key saved in /Users/user/.ssh/id_rsa, please save your new key somewhere else to avoid overwriting existing key

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): /Users/user/.ssh/bkslab_key

Lastly, it will ask you for passphrase. You don't need to provide passphrase, just hit Enter

Enter passphrase (empty for no passphrase):

The public key can be found in the location where you specified earlier (ie: /Users/user/.ssh/bkslab_key.pub) Send it to the person who creates you your account, so they can add it into portal.

FOR LINUX AND MAC OS

I am going to illustrate how to create a ssh tunnel using a couple examples.

Pretend you want to create a ssh tunnel from your laptop to gimel through the portal.

First open two terminals. In one terminal type the following:

ssh <options/flags> localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l <username>
ssh -vCL localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l jjg

In the other terminal type:

ssh -p 2222 <username>@localhost
ssh -p 2222 jjg@localhost

Then when you log in type hostname and you will see that you are logged into gimel!

Here's another example, say you want to scp files directly from your laptop to your home directory on gimel.

First open two terminals. In one terminal type the following:

ssh <options/flags> localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l <username>
ssh -vCL localhost:2222:gimel:22 -D1080 portal3.ucsf.bkslab.org -l jjg

In the other terminal type:

scp -P 2222 file_you_want_to_copy <username>@localhost:~

Troubleshooting

If you see this error:

Unable to negotiate with 169.230.26.166 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

Please follow this instruction to fix it :

https://www.iclarified.com/87910/how-to-fix-no-matching-host-key-type-found-on-mac

FOR WINDOWS OS

Open putty.exe and select the session that you want to use as a ssh tunnel (ie portal.uoft.bkslab.org).

Then click on Connection -> SSH -> tunnels

In Source Port enter 1080 (or any port above 1024).

Then click the Dynamic button and then click Add.

It should look like this:


Proxy1.png


Then go back to Session and click Save.

Then download the "standard" version of FoxyProxy here: http://getfoxyproxy.org/downloads.html

Once you’ve downloaded it there should be a little fox picture next to the url bar (upper right hand corner of web browser). Click on that little picture and select Options from the dropdown list.

You should see this:


Foxy1.png


Click on Add New Proxy

Then click on the General tab.

Enter a proxy name and then select the Proxy Details tab.

Enter “localhost” in “Host or IP Address” and 1080 for “Port” (or whatever port number you entered in putty).

Click the “SOCKS proxy?” Button and make sure the “SOCKS v5” button is also clicked.

Your screen should look like this:


Foxy2.png


Then click Save.

Then click on the fox again on the upper right hand corner and click on “Us proxy whatever_you_named_it Proxy for all URLs”

Then click on putty and open your session. A terminal will pop up and ask for your passphrase. Enter your passphrase (for your ssh key). That’s it!


To test if your tunnel is good, go to: http://whatismyipaddress.com/

This will tell you what ip address you have. If it says the IP address of the remote host you're connecting to in putty, you are good to go! :)

This session will remain open as long as your ssh putty session is open.


To scp files in Windows through this ssh tunnel, download WinSCP here: http://winscp.net/download/winscp551setup.exe

Once it finishes downloading, run it and go through all the prompts. You can (if you want) to import all your existing sessions from putty, but it’s really not necessary.

Once it’s done, open it.

Click on “New Site”.

Then, in the File protocol drop down menu, select SCP.

In Host name, put the host name or IP address of the machine you want to transfer files to.

Keep the port number as 22. It should look something like this:


Scp1.png


Then click on Advanced -> Connection -> Proxy

Click on the “Proxy type” drop down menu and select SOCKS5.

For “Proxy host name” write localhost. Make the port number 1080 (or whatever port you chose to use in putty).

it should look like this:


Scp2.png


Click OK, then Save.

It will prompt you to enter a name, call it whatever makes sense to you.

Assuming that your putty session is still open, click Login.

It should prompt you to enter your username and password in the bottom.

You should then see a screen that looks like this:


Scp3.png


To transfer files from one to the other, select the file that you want to transfer and then click “Upload” to transfer files to the server and then specify which folder you want to save it to. If you are downloading files from the server to your computer, click the file you want to download and then click “Download” and specify where you want to download it to.

To exit, click on session -> disconnect


When you are done with your vpn session, exit from the ssh putty session (type exit on the terminal screen).

Then, on your browser, click on the little fox in the upper right hand corner and select “Disable FoxyProxy”.