Differences between revisions 3 and 4

Windows "direct" SSH access

This article explains how to access the SSH service on a D-ITET computer behind the ETH firewall from a Windows client outside of the ETH network (e.g. from home, abroad, ...) using the PuTTY SSH client software, without the VPN client.

What you need

You will need the following programs that can be downloaded from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html:

putty.exe
puttygen.exe
plink.exe
pageant.exe

Make sure these programs are installed in the system path (or all in the same directory), so the helper programs puttygen, plink, pageant needed will be found by PuTTY.

Configuration steps

Step 1: Generating a public/ private key pair

Make a new folder called "keys" in your home directory, e.g. "H:\keys".
Run puttygen. Make sure, that the type of key to generate is set to "RSA", then click then "Generate" button in the main window. Move your mouse pointer over the puttygen window during the key generation, to generate some random data for the key generation.
When the keys are generated, copy-paste the the ssh-public key (from the textfield described with "Public key for pasting into OpenSSH authorized_keys file:") into a text file (called H:\keys\putty_ssh_pubkey.txt). There should be only one ling line in that text file with no additional line breaks.
In the fields "Key passphrase:" / "Confirm passphrase:" of the puttygen window, enter a passphrase to protect the generated private key. Make sure you don't forget that password, as you will need it later...
Then save the generated public and private keys using the buttons "Save public key" / "Save private key" into two separate files, e.g. "H:\keys\putty_pubkey" and "H:\putty_privkey.ppk".
Close the puttygen application

Step 2: Installing the public key in the ssh authorized_keys2 file

Open the command prompt (Windows-R, enter "cmd"), the command prompt window should open.
Enter H:
Enter cd keys
Enter type putty_ssh_pubkey.txt >> H:\.ssh\authorized_keys_2
Note: if the .ssh directory does not yet exist, it must be created first (using mkdir H:\.ssh). Make sure the permissions are correct (under Linux, they should be "drwx

"; if not correct use chmod 700 .ssh)

Step 3: Configuring pageant (a key agent for PuTTY)

Open the command prompt (Windows-R, enter "cmd"), the command prompt window should open.
Enter pageant H:\putty_privkey.ppk
Enter the passphrase (the one entered in Step 1) when prompted
A small computer icon with a blue screen should now appear in the system tray.
Right-click that icon, choose "New session" from the context menu. The PuTTY window should now pop up; Configure it as described in step 4.

Step 4: Configuring PuTTY

In this example scenario, we want to connect to the student exercise room (targethost) computer tardis-c01 which is now behind the ETH firewall and which is not directly reachable via the SSH port (tcp/22) from outside ETHZ.
In the configuration tree, navigate to "Session". In the "Host Name (or IP address)" field, enter tardis-c01.ee.ethz.ch (or whatever targetserver you intend to reach). Note the hostname should be a fully qualified DNS name (i.e. with ".ee.ethz.ch" appended). Under "Connection type:" choose "SSH". Under "Saved sessions", enter tardis-c01.ee.ethz.ch or another comprehensive name describing the host. Then click the "Save" button.
In the configuration tree, navigate to "Connection", then "Data". In the panel shown, enter your ETH username (loginname) in the field "Auto-login username".
In the configuration tree, navigate to "Connection", then "Proxy". In the panel shown, choose Local for the "Proxy type". As "Proxy hostname", enter login.ee.ethz.ch and set the "Port" field to 22. Choose Yes for the option "Do DNS name lookup at proxy end:". In the "username" field, enter your ETH username (but leave the password field right next to it empty!). In the textfield "Telnet command or local proxy command" enter the following line:
```
plink -v -ssh -agent -hostkey 3b:b0:1a:8a:ea:0a:e5:ea:bb:9e:bb:5c:ef:24:c3:92 -nc %host:%port %user@%proxyhost
```
. Choose Yes for the option "Print proxy diagnostics in the terminal window".

-  ⇤ ← Revision 3 as of 2019-06-18 13:07:54 → 
  Size: 2914
  Editor: davidsch
  Comment:
+   ← Revision 4 as of 2019-06-18 13:37:34 → ⇥
  Size: 4479
  Editor: davidsch
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 32:
-== Step 3: Configuring pageant (a key agent) ==
+== Step 3: Configuring pageant (a key agent for PuTTY) ==
 Line 40:
+. In this example scenario, we want to connect to the student exercise room (targethost) computer {{{tardis-c01}}} which is now behind the ETH firewall and which is not directly reachable via the SSH port (tcp/22) from outside ETHZ.
 1. In the configuration tree, navigate to "Session". In the "Host Name (or IP address)" field, enter {{{tardis-c01.ee.ethz.ch}}} (or whatever targetserver you intend to reach). Note the hostname should be a fully qualified DNS name (i.e. with ".ee.ethz.ch" appended). Under "Connection type:" choose "SSH". Under "Saved sessions", enter {{{tardis-c01.ee.ethz.ch}}} or another comprehensive name describing the host. Then click the "Save" button.
 1. In the configuration tree, navigate to "Connection", then "Data". In the panel shown, enter your ETH username (loginname) in the field "Auto-login username".
 1. In the configuration tree, navigate to "Connection", then "Proxy". In the panel shown, choose {{{Local}}} for the "Proxy type". As "Proxy hostname", enter {{{login.ee.ethz.ch}}} and set the "Port" field to {{{22}}}. Choose {{{Yes}}} for the option "Do DNS name lookup at proxy end:". In the "username" field, enter your ETH username (but leave the password field right next to it empty!). In the textfield "Telnet command or local proxy command" enter the following line:{{{
plink -v -ssh -agent -hostkey 3b:b0:1a:8a:ea:0a:e5:ea:bb:9e:bb:5c:ef:24:c3:92 -nc %host:%port %user@%proxyhost
}}}. Choose {{{Yes}}} for the option "Print proxy diagnostics in the terminal window".

Wiki

Page