Tekker Blog

I have backup routines that I have setup on my laptop and my file server. I have Cygwin installed on both since both machines are Windows (hey, I love Linux too, shut up!). I use rsync over ssh to copy files from my laptop to the file server and then again use rsync to sync all the shared files from 1 500GB drive to another in the same machine (raid 1 didn’t work out so well for me, even with a Promise Raid card installed). Having to type my password in 4 times to backup my laptop was annoying, so I decided to setup ssh keys between the laptop at the file server.

Fairly simple setup:

1. Log into your shell (doesn’t matter if its Cygwin or a standard Linux distro)
2. Change to the .ssh directory
   $ cd .ssh

3. Generate the private/public key pair (use defaults, including the password, unless you wish to still type in a password on each connect)
   $ ssh-keygen -t dsa
   Generating public/private dsa key pair.
   Enter file in which to save the key (/home/[username]/.ssh/id_dsa):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/[username]/id_dsa.
   Your public key has been saved in /home/[username]/id_dsa.pub.
   The key fingerprint is:
   aa:d3:81:89:31:13:01:7c:80:d8:e5:4d:90:b1:25:a6 [username]@[hostname]

4. Transfer the file to the remote machine you wish to use the key to log into
   $ scp id_dsa.pub administrator@192.168.111.45:./id_dsa.pub

5. SSH to the remote machine
   $ ssh [remoteusername]@[remotehostname]

6. Touch the authorized_keys2 file, just in case it doesn’t exist yet
   $ touch ~/.ssh/authorized_keys2

7. Set permissions on the authorized_keys2 file so that only the owner can read/write to it
   $ chmod 600 ~/.ssh/authorized_keys2

8. Copy the contents of the public key into the authorized_keys2 file
   $ cat id_dsa.pub >> ~/.ssh/authorized_keys2

9. Delete the public key file, just because it’s safer that way!
   $ rm id_dsa.pub

10. Logout of the remote server
    $ exit

11. SSH back into the remote server and test to see if it asks you for a password (assuming you did not enter a password while generating the keys earlier)
    $ ssh [remoteusername]@[remotehostname]

Now you can ssh from your machine to the remote machine without using passwords but still keeping the remote machine secure.

Software requirements:

1. Windows machine on the connection you want to tunnel your traffic to.
2. Cygwin – Linux like environment for Windows.
3. Proxy – Proxy server that supports http/s, pop3, smtp, socks, etc.
4. PuTTY – SSH client used to connect to and tunnel your traffic to your destination machine.
5. Some sort of software you wish to use while bypassing a filter or network monitor.

This post assumes:

1. You will be tunneling your traffic to a machine on your home network
2. You use cable/dsl router on your home network.
3. Your home network external ip address is 1.2.3.4 (use http://whatismyipaddress.com to get your actual external address). You can also setup an http://www.dyndns.org account to get a free dns name for your home network connection so you do not have to remember or constantly check your home ip address.
4. Your home machine’s runs Windows XP or better and the internal ip address is 192.168.1.45. This ip should be a static ip, not a dynamic ip. Should your internal ip change, the router port forward will not work properly.
5. You use Firefox Inernet Explorer is just as easy to setup to use a socks proxy.
6. You understand that if your place of work or school monitors your desktop activity (via screen shots, key loggers, etc), this will not protect you in any way. This simply makes it a bit harder for your admin to see what websites you visit or who you instant message while at work or school.

Lets get started. Read the rest of this entry »