Recipes » SSH Tunneling

SSH Tunneling

Last modified by Administrator on 2011/06/06 17:26

SSH Tunneling

Networking en

Some clients cannot use ProxyRA connector, because their workstation is either 64-bit architecture or Windows7, or runs a non-Windows operating system. To ensure their normal access to the Riga remote lab, additional solution is required. Since students (assuming they use Windows) are actually connecting to the Remote Desktop (TCP port 3389), it is sufficient to create an SSH tunnel to this port of the respective desktop in the laboratory. This instruction describes how such a tunnel can be configured on a Linux workstation.

Setup at the server side.

  1. Prepare a Linux server as an ESX guest. We assume this is Ubuntu 9.04 (or any other Debian-like Linux distribution).
  2. Install OpenSSH. Log in as a root and execute: 
    apt-get install openssh-server
  3. Edit the file /etc/ssh/sshd_config and set port number to 443 (port 22 is not allowed by the Riga firewall, only ports 80, 443, 1080 and also ping are).
  4. If you wish to prevent "root" password to be guessed by brute force, also edit the same configuration file thus: 
    #PermitRootLogin yes
PermitRootLogin no
  5. Restart the Open SSH server: 
    /etc/init.d/ssh restart
  6. Add Linux users by using the following commands: 
    adduser user01     (when prompted, enter password two times)
adduser user02
adduser user03

Student instruction

If ProxyRA connection for some reason is not possible on your workstation, consider using SSH tunnel in order to connect to the remote lab. Follow these steps:

  1. Install PuTTY.
  2. Configure SSH Session to the host 80.232.177.186 and port 443 (please note that the default port 22 would not work).
    ssh-connection.png
  3. For the same SSH Session create tunnels (in fact, you will need only one of these tunnels, depending on whether you are student01, student02 or student03). In PuTTY left navigation select Connection > SSH > Tunnels.
    1. Set source port to 10161, set destination to 172.17.120.161:3389, click Add
    2. Set source port to 10162, set destination to 172.17.120.162:3389, click Add
    3. Set source port to 10163, set destination to 172.17.120.163:3389, click Add
      ssh-tunnels.png
  4. Save that session by some name, e.g. "rem-lab", as you may need to open it multiple times. To do this, navigate in the PuTTY left navigation bar to Session, write name rem-lab in the Saved Sessions field, click Save.
  5. Log in by using your user credentials. ("user01", "user02", etc. with the password indicated in your student information sheet).
  6. After that open your Remote desktop with one of the following commands: 
    mstsc.exe  /v:127.0.0.1:10161   (for student01)
mstsc.exe  /v:127.0.0.1:10162   (for student02)
mstsc.exe  /v:127.0.0.1:10163   (for student03)
    Please be careful about the number of your remote desktop, because only one student can use the given remote desktop (plus its ProxySG deployed inline) at a time.


Tags:  

Tags:
Created by Kalvis Apsītis on 2009/09/21 19:37
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 3.0.36132 - Documentation