SSH Tunnels – Part 2: Server Side

This post is the second in a series of three posts regarding SSH tunneling.  In this post I will demonstrate how to setup a basic SSH server that is configured to allow SSH tunneling.

 

SSH Tunnel Series

  • Part 1: Client Side:  Discusses connecting to an existing SSH server and using it to encrypt Internet traffic on untrusted networks.
  • Part 2: Server Side:  Discusses creating and configuring an SSH server.
  • Part 3: Network Side:  Discusses configuring your network to allow SSH connections from other networks, and tips and tools to make connections easier.

 


 

Installing & Configuring SSH Server

There are multiple pieces of software that will suffice as an SSH tunneling server.  The software I use below in my examples is free and easy to setup.  As this is an introductory tutorial on SSH tunneling, it does not touch upon advance configurations and use cases.  If you need that stronger security or additional options, you may need to seek out other programs.

Linux

Similar to the situation in part 1 of this series, it is easier to setup an SSH server in Linux than it is in Windows.

However, the number of Linux distributions in existence is mind-boggling, and many of those distributions have their own methods to install tools and manage software.  If you have a specific distribution you would like help with, let me know in the comments.  For now, I will discuss installing the necessary software on Ubuntu Linux in a manner that will work on several other popular distributions.

The easiest to use SSH server for Debian based distributions is OpenSSH.  Once this package is installed, you should be able to start using your SSH tunnel.  However, for security, there are a few settings that I recommend changing.  To begin, open a terminal window, and execute the following steps from within the terminal window.

  1. Execute the following command: sudo apt-get install openssh-server
    • You will likely be prompted for a password. This is your password that you use to login.
    • After typing in the password, you may receive a notification about what will be installed on your computer.  Type ‘y’ and press Enter to continue.

      Ubuntu 64-bit, Install openssh-server

      sudo apt-get install openssh-server

  2. Once installation is finished, execute this command: sudo nano /etc/ssh/sshd_config
    • nano is a terminal based text editor.  There are numerous other editors that can be used. I recommend nano here because it is installed by default in Ubuntu.
  3. In the text editor window that appeared, find the line that says “PermitRootLogin yes” and replace “yes” with “no”
    • This prevents the root user from connecting to your computer via SSH which is a huge security risk.  When using Ubuntu, you don’t use the root user, so it shouldn’t impact your experience.  But, it will provide a measure of security.

    Ubuntu 64-bit, edit sshd_config

    Change “PermitRootLogin yes” to “PermitRootLogin no”

  4. Now press “Ctrl+O”  followed by Enter to save your changes, and then “Ctrl+X” to close the editor.
  5. Now execute this command to restart the SSH server: sudo service ssh restart

And that’s it.  You should now have a functioning SSH server running on your computer that will allow logging in with your user remotely.  Now, you can create an SSH tunnel on another device as described in part 1 of this series.  The username and password for the connection will be your username and password used to login to Linux, and your port number will be 22.

 

Windows

  1.  Download freeSSHd from the following website: http://www.freesshd.com/?ctt=download
  2. Install freeSSHd
    • When asked to generate private keys, click “Yes.”
    • When asked whether you would like to run this program as a service, choose “Yes.”
    • If you are running Windows Vista and higher, you may be asked to allow administrator rights to the installer.  Allow them.
  3. Click “Finish” to close the setup window.
  4. Run the newly installed freeSSHd program (double-click on icon on the desktop, or find it in your programs list).
  5. After a short time, a new icon for this program will appear in your system tray, double-click it to open the settings.
  6. Open the “Tunneling” tab and check “Allow remote port forwarding.”
  7. Open the “Users” tab and click the “Add…” button.

    freeSSHd, add user

    Add a user to freeSSHd

  8. In the “Authorization” dropdown, choose “Password stored as SHA1 hash.”
  9. In “Login” field, type the username you wish to use for SSH tunneling.
  10. In the “Password” and “Password (again)” fields, type the password you wish to use for SSH tunneling.
  11. Check the “Tunneling” checkbox, then click “OK.”
  12. Depending on your system and setup, it may not be necessary, but I recommend restarting your computer.

And that’s it.  You should now have a functioning SSH server running on your computer that will allow logging in with the user you specified in steps 10 through 13.  Now, you can create an SSH tunnel on another device as described in part 1 of this series.  The port number for this SSH server will be port 22.

 

Mac OS X

Mac OS X is the easiest to setup of these three titans of the operating system world.  All the software required is already installed, it simply needs to be enabled.  Here’s how to enable it.

  1. Click the Apple logo in the top left of the menu bar.
  2. Click “System Preferences…”

    Mac OS X Menu Bar, System Preferences...

    Open “System Preferences”

  3. Click “Sharing”
  4. Check the box next to “Remote Login”

    Mac OS X, Sharing Settings

    Check the “Remote Login” option.

  5. Close the “Sharing” window.

 

And that’s it.  You should now have a functioning SSH server running on your computer that will allow logging in with your user remotely.  Now, you can create an SSH tunnel on another device as described in part 1 of this series.  The username and password for the connection will be your username and password used to login to your Mac, and your port number will be 22.

 


 

Make sure you check out the other parts of this series of posts.  This only covers part of the whole procedure.  If you have any issues setting up the SSH server, or suggestions on how I can improve this how-to guide, let me know in the comments below!  I’d also love to hear about any success stories or examples of how you utilize this ability.

2 Comments

Leave a Reply