tunnel connection like a service with cygwin orotherproducts?
Darren Tucker
dtucker at zip.com.au
Tue May 7 21:09:45 EST 2002
Stephan Hendl wrote:
>Darren Tucker wrote:
>> The first part should be easy: use cygwin openssh client using some kind
>> of passwordless authentication (eg RSA).
>>
>> To make it run entirely in the background, run it from cygrunsrv (part
>> of Cygwin) or SRVANY (NT resource kit). Neither of these work on W95,
>> only NT or W2K.
>
> How does the cygrunsrv work? Unfortunately I cannot find this utility in the cygwin distribution...
Download the setup.exe from sources.redhat.com/cygwin. You can find
cygrunsrv under "Admin" Category.
I just set up a basic forwarder. The steps I took were (on the client):
# ssh-keygen -t rsa -f /.ssh/id_rsa
Generating public/private rsa key pair.
[set a null password]
# scp /.ssh/id_rsa.pub dtucker at 192.168.1.1:.ssh/authorized_keys
Password:
# ssh 192.168.1.1 echo passwordless auth works
passwordless auth works
# cygrunsrv -I SSHFWD -p /usr/bin/ssh -a "-L 3128:192.168.1.1:3128 -v -N
-l dtucker 192.168.1.1"
# net start SSHFWD
# netstat -an | grep 3128
TCP 127.0.0.1:3128 0.0.0.0:0 LISTENING
# telnet 127.0.0.1 3128
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
HEAD http://www.openssh.com/ HTTP/1.0
HTTP/1.0 200 OK
[snip]
Connection closed by foreign host.
# tail -1 /var/log/SSHFWD.log
debug1: channel_free: channel 1: direct-tcpip: listening port 3128 for
192.168.1.1 port 3128, connect from 127.0.0.1 port 1891, nchannels 2
For production use, you'd probably want to set up a dedicated account
(possibly with a shell of /bin/false), make the authetication stronger
(eg by specifying "from=" on the authorized_keys entry) and write a
wrapper script for the client side to restart on connection failure.
-Daz.
More information about the openssh-unix-dev
mailing list