There are several SSH clients for Windows. The ECE Site staff
strongly recommend that you use the version of SSH Secure
Shell supplied on the OSU Software To Go web site. It is provided
free for the OSU community, but you will need your OSU name.number
username and your OSU password.
Double click on the installer. Unless you store you installed
programs in a non-standard location, it is OK to just accept all the
default values during the installation.
Now we will configure the client. You will have noticed that two
icons have been placed on your desktop. One is the SSH Secure
Shell Client, the other is the SSH Secure File Transfer
Client. Double click the SSH Secure Shell Client
icon on the desktop. You may alternately go through the Start Menu
and select Programs then SSH Secure Shell
and then Secure Shell Client.
Now that the SSH Secure Shell Client has been started, go to
Edit pull down menu and select Settings. On
this screen you can enter the host you want to connect to by default,
as well as your username. Note that you can always change this at
connect time. Be sure to set the Encryption Algorithm to arcfour or
blowfish, and the compression to none. In the left hand pane click on
Tunneling. Make sure that Tunnel X11 Connections has a check mark in
it.
Now go under the File pull down menu, select
Save Settings to save these as your default settings.
Now, to connect to your default system you can simply move your
mouse over the SSH Client window and hit the Enter key.
Alternately, you can select Connect from the
File. A new window will pop up displaying your target
host name and your usrename. Hit the Connect button to
use this information. When you connect to a system for the first
time, you will be prompted to accept a host key. Always hit
Yes at this question. You will then be prompted for your
password. After this point you should be connected, and now can do
whatever you would do in telnet.
To perform Secure File Transfers, you need to start up a
Secure File Transfer Client. You can do this one of two
ways. First, you may start with an already open SSH Secure Shell
Client connection. From that window you can select New File
Transfer from the Window pull down menu. There is
a corresponding icon along the second row of the Secure Shell Client
window if you prefer to use that. Selecting this will open a Secure
File Transfer Client which is already connected to your remote
system.
If you prefer, you may also open a Secure File Transfer
Client without a Secure Shell Client already
running. The second icon that was placed on your desktop is a short
cut to the Secure File Transfer Client program. It is
also available from the SSH Secure Shell folder in the
Programs section of your Start menu. Using
either the short cut or the start menu, begin the Secure File
Transfer Client. You may use this to directly connect to any
ssh system, just as you did with the Secure Shell
Client.
The SSH Secure File Transfer Client is a fully GUI
interface to your remote file system. You may drag and drop just as
you would with any other Windows program.
X is an insecure protocol. It is possible to tunnel X through SSH,
using the SSH connection to encrypt the X connection, and thus
establish a secure X session.
The first step is to make sure that your SSH Client is tunneling X
connections as described above. You next have to configure your PC
based X client. For this example we will look at X-Win32, which is
available as OSU Site Licensed
Software. This documentation was written using SSH Secure Shell Client
3.2.9 and X-Win32 v7.10.
Install the X-Win32 client (see the OIT web site for more information about
this), and once it is properly installed in your PC, start it up. You should see
the blue X icon at the system tray, as shown in the figure (left-most side):
Next, run the SSH Secure Shell Client, assuming that you have it configured
as stated in the above passages, double check to ensure that your selected
profile has "Tunneling X11 connections" enabled and checked as shown:
Now that you have X-Win32 running and SSH configured for X11 connections, you
can connect to our ER4 Unix machines using SSH. Once you have logged in and at
the terminal screen, you can proceed to run the necessary commands to open your
applications (e.g. Cadence, MATLab). You should be able to open applications'
graphical interfaces just as you would running them via a local terminal.
Example:
Note 1: if you start X windows through SSH, you must leave the
original SSH window open, as it is tunneling the connection. If you
aren't tunneling X you can logout of the SSH window once your windows
come up.
Note 2: if you decide not to tunnel, you must NOT enter any
passwords using your X windows as they will NOT be encrypted, even if
you're using ssh on the unix machine. If you're going to enter
passwords, you should tunnel X through SSH, or use the SSH client on
your PC.
First you must set up the tunnel. Open the SSH Secure Shell
Client window. Select Settings from the
Edit pull down menu. In the left hand pane, under
Profile Settings, expand Tunneling and click
on Outgoing. Click on Add and make it look
like the following:
Click OK.
Note you may
have to restart the SSH client for this to take effect. Also note
that you may have to set up the tunnel for each profile you have.
Note Bene: this example establishes an ftp connection to the
host "eeftp.eng.ohio-state.edu". If you wish to connect to a
different host, say "ftp.ece.ohio-state.edu", you would
substitue that hostname under "Destination Host" in
the above example. Inconvenient though it may be, you will have
to change this destination host each time you wish to connect to
a different server.
Open WS_FTP (or your favorite FTP client). Create a
new profile that looks like:
Note, under the Advanced
tab, make sure Passive Transfers is checked; this should be the
default.
You should now be able to connect using this profile. But remember,
you must be connected via the SSH client for the tunnel to be active,
and WS_FTP to work. When finished close WS_FTP, and close the SSH
client It may complain about there still being active connections, as
it holds the tunnel open, but if you've quit WS_FTP go ahead and
close.
Tunneling SMTP and POP3 is pretty much the same procedure as it is for
FTP. First, you must create the tunnel. Open the SSH Secure Shell
Client and select "Settings" from the "Edit" pull down menu. In
the left hand pane, under Profile Settings, expand "Tunneling" and click
on "Outgoing". Now in the right hand pane, select "Add", and make it look
like the following:
Hit "OK", then select "Add" again, and make the pop up window look
like this:
Hit "OK", and then hit "OK" on the "Settings" window.
At this point you will want to save you settings by selecting "Save
Settings" from the "File" pull down menu on the SSH Secure Shell
Client window.
You may have to exit the SSH client and restart it. Now make
a connection to any HP within the ECE system.
You now need to make your mail reader look to the local host for its
SMTP and POP3 needs. Open your mail tool, this example uses Eudora, and
set the necessary options:
You should now be able to connect using your mail tool. Remember,
you must be connected via the SSH client for the tunnel to be active.
Otherwise while Eudora will run, it will not be able to make its
connection. You will get an error message to the effect of...
Could not connect to "localhost".
Cause: connection refused.
Note: The steps for tunneling SMB and Windows Shares are identical. For the purpose of this document, the term SMB is used for either connection type.
Tunneling SMB (Windows Style Network Shares) through the firewall
is similar to tunneling other protocols, but there are some additional
steps for dealing with this protocol.
First, the server function on your PC which covers SMB requests
must be turned off. If you use your PC as a file sharing server for
other PCs, you will not able to effectively tunnel SMB. The method
for turning off the server function varies slightly by Windows OS, but
the general idea is the same:
- Open the Properties of your Local Area Connection.
- Select the service labelled File and Printer Sharing for
Microsoft Networks.
- Click the "Uninstall" button (you can always add this service at a
later time.
- Close the Local Area Connection Properties window.
Note that the Client for Microsoft Networks is left in
place.
Now that the server has been uninstalled, it is time to open the
tunnel. Open the SSH Secure Shell Client and select
"Settings" from the "Edit" pull down menu. In the left hand pane,
under Profile Settings, expand "Tunneling" and click on "Outgoing".
Now in the right hand pane, select "Add", and make it look like the
following:
Note that this method allows for SMB connections to only one
server. If you need to access a second server, you will need to
change the settings of your tunnel.
Now under the "File" pull down menu, select "Save Settings". Your
tunnel will now be established with your next new connection.
It is now best to reboot your PC. Depending on your OS, some may claim make the protocol change on the fly, but more often than not the server continues to run until the next reboot. So, close all of your open applications and reboot your machine.
Now that you have rebooted your system, and established an SSH
connecting inside the ECE network, it is time to access the SMB drives
available to you. Given that you are likely coming from outside the
ECE network, you will not be able to browse the ECE network to find the
share that you want to access. Instead you will have to know the name
of the share before you can mount it. Once you know what you will be
mounting, you will have to use the Map Network Drive tool
available under windows.
Most ECE users have their home accounts available as an SMB share on eefile02. To map yours, substitute your username for "juodvalk" in the example below:
First, run the Map Network Drive tool. It can be found in
various places on differing Windows OS versions, but should always be
available from the "Tools" pull down menu of Windows
Explorer:
You must now select a drive letter. You may select any available
letter, but site generally recommends using the top
letters first to avoid confusion with local drives. You must also
enter the name of the server and the share you wish to access from
that server. For tunneled connections, use 127.0.0.1 as
your servername, and your username as the share name. In this case
127.0.0.1 refers to your local system, which is in turn
trapped by the SSH tunnel.
You can "reconnect at login" or not as you choose, but be aware
that when you log in your tunnel will not yet be established so this
mapping will initially fail. You will have to open the SSH connection
with the tunnel and then select the network drive from under "My
Computer" to establish the map.
The username and password with which you make the connection will
depend upon which server you are connecting to. If you are connecting
to eefile02 to get your home directory, your username will be of the form
"ELECENG\juodvalk", where you would substitue your own username for "juodvalk".
Your password would be your corresponding ELECENG password (the one you
use to connect to the Student Fee Windows labs).
To tunnel Remote Desktop Protocol (RDP) over SSH:
- Establish an SSH connection to a system inside the ECE firewall.
- Make an tunnel inside that SSH connection with the following attributes:
- Listening Port Type: TCP
- Listening/Source Port: 33389 (or any unused port... do not use 3389)
- Destination Host: the Windows system to which you wish to connect
- Destination Port: 3389
- Open an RDP connection to the following host "127.0.0.1:33389".
