If you set up some kind of SSH Connection on a windows computer over the past few years, be it to connect to the universityís network or to secure a line for an insecure FTP Transfer,you have probably encountered the program PuTTy
on the way to salvation. Itís easy to use, free and OSSish powerful. What many people donít know about PuTTy though, is what other powers aside from or better in addition to SSH slumber inside the little executable.
I was no exception to this when I decided to fool around a bit with my AVM Fritz!Box (Broadband Router quite common in Germany and Austria that runs with Linux) and installed - among other amusing things - the dropbear SSH Server
on it. I was then able to connect to my home network from all around the world using just my dyndns-account and PuTTy, or better his cousin PuTTyPortable
, which runs from thumb drives without leaving traces behind on the host system. Oh the joy!
After going through the massive troubles of installing and configuring dropbear via FTP and VM, I first started to think about the use I could get out of this. note
: I didnít intend to give instructions of how to use PuTTy or to set up those functions I mention, more to give some inspiration. Google helps all, but if someone is interested in a particular HowTo, just ask, Iím here
First of all, I found out that I could use my encrypted Connection to eliminate some holes in my firewall, VNC always being a big thorn in my side. If I use the standard ports, itís insecure, and if I use custom ports, Iím bound to fail to remember them when needed. With the SSH Connection, I only have to remember one custom port (in fact, PuTTy does remember it), and I can spare the additional effort and cpu time for encrypting VNC sessions, as well as I could stuff all commonly used holes in my firewall.
Incredibly simple, but at the same time incredibly effective. If you want something like this, the tunneling function (also port forwarding) is for you. It also allowed me - with some tweaking on the router as well - to view the html-based configuration side from outside over the secure line, taking a look at the list of calls received in absence.
The next useful function I could think of was to use my secure Connection to obscure my internet traffic. Not to circumvent IP-Checks, but to prevent the casual network analyzer of having anything to work with besides my current IP at home. No destination, no protocol, no data. Setting it up was even easier than setting up the port tunnels, which, from time to time, tend to be a real pain in the ***, so to speak. For every open SSH Connection and without further configuration, PuTTy procures a full-fledged SOCKS proxy server for you. Ainít that nice? And with plugins like QuickProxy
for Firefox you are free to switch it on or off as you like. Which, of course, is also available as a portable version
. But you all knew that already.
The third function I use pretty often was a nasty one to get by, but it was definitely worth the trouble, since it fits my setting nigh perfectly. Iím quite fond of VPNs, but I have yet to encounter a VPN-software that really satisfies me and my personal needs and/or beliefs. So, among the other amusing programs I set up on my router (as mentioned above), was a VPN-server, to allow me to connect to my network-enabled hard drives at home. To cut it short, it worked, I felt secure and all, but it was impossible to take the solution with me, since all VPN-Implementations (OpenVPN, that is) required installation and the creation (and configuration) of a virtual network adapter. So I tried to bring up a feasible solution involving PuTTy.
The easy one was to use a protocol that allows you to transfer files, (s)FTP, SCP, or even HTTP, but all require a special server component to be run on the target, which is not possible for me without leaving one of my computers on, which is entirely out of the question. The NAS is even able to manage FTP, but it would require me to rely on FTP and FTP alone. No Samba and FTP at the same time for the same files. So I had to discard that as well.
The next thought was to just forward port 139 (used by windows filesharing services) to my target network. It wouldíve worked, but it wouldíve rendered me incapable of using the filesharing service for local shares. Iím using this solution at work, so itís either home or work. It would work, I could only start up the connection of needed, and so on, but I wasnít just happy with it, so I digged further.
If I had found a software for windows, that used not
the windows filesharing service but an own implementation of it, I could just tell it to use another port and forward that one, but unfortunately, I found no such program.
The best I could come up with was to create a network adapter as VPN does, but without configuring anything on it except for a meaningless IP, and then forward all traffic on 10.0.0.1:139 to my network at home. Works like a charm, but if anyone ever happens to find a program like mentioned above, I would be more than happy to give it a try. Portable Applications preferred
Another function available, though I did not use it very often, was the forwarding of the X11-protocol used by common Linux-desktops, which gives you the power of controlling the remote computer similar to VNC but without the need for additional software.
The last one I want to mention is not one of PuTTy, but one that uses its opened shell to go through with it. A little program called etherwake can be run on common Linux-powered systems which enables you to start your computer without actually sitting in front of it via the magic of WOL (pun intended). A pre-set shell-script thatís run with a short command, a VNC server installed as a service, and youíre good to go. Connect the Router, wake up the computer, connect using VNC and take a look at the all-important document you left at home.
So, if you happen to own a Fritz!Box or one of them shiny, new, world-wide-available OpenSource-Routers, or just an old crappy computer that could deliver a reasonable SSH server for an equally reasonable amount of watts spent, maybe those ideas incorporated one for you.
Also, please notice that PuTTyTray
works from Thumb Drives as well without leaving any Data behind (if you use the ďsession from fileĒ-option), but has the advantage that it can be minimized to the system tray.
If youíre planning on keeping the connection up for quite some time, also remember to activate the ďKeep AliveĒ-function Fun Things to do with PuTTy and Linux-Routers :