Create your own Virtual Private Network for SSH with Putty
Introduction
I have multiple Linux machines at my home. Previously, when I needed SSH access to these machines I used to setup port forwarding on my router to each of these machines. It was a tedious process of enabling port forwarding and then disabling it after use. It was also difficult to remember port number forwarded for a particular machine. But now I found a cooler way to get SSH access to all my machines at home without setting up port forwarding or remembering any port numbers and most importantly, I can address my home machines with local subnet IP address, no matter wherever I connect from the internet.
Requirements
- Remote machine with Putty installed in it.
- Home router’s internet accessible IP address or dynamic DNS (DDNS) address.
- One/more Linux/Windows machine(s) to which direct SSH access is required.
- On the router, port forwarding is enabled for SSH service to at least one of these machines.
Setup
The basic idea to get this working is that we make one initial SSH connection to our home machine. Then using this connection as a tunnel we can connect to any machines at home by addressing them with local sub-network address (such as 192.168.x.x). So the high level steps are:
- Open a putty session and configure it to act as a tunnel.
- From this session connect to your default SSH server at home.
- Open another putty session and configure it use the previous putty session as proxy.
- SSH connect to any machine at home using the local subnet IP address. Since we are using a proxy it will resolve the local subnet’s IP address properly.
- You can make any number of connections to all your home machines by just repeating steps (3) and (4).
Note: If on the remote network’s subnet is same as your home network’s subnet then you might run into IP conflicts.
Step-by-Step
1) On the remote system, open putty enter the IP address or dynamic DNS (DDNS) name in the host name field. Select “SSH” as connection type. Port 22 will be selected which can be left alone unless you run the SSH service on a different port. Note: Though your putty screen might look a little different than the one seen here due to version differences, the basic steps would be still the same
In our example,
Host Name = demo123.dyndns.org
Port= 22
2) In putty, on the left-hand navigation panel, open SSH option and select “Tunnels”.
In the tunnels screen, set these values
Source Port: 3000 (this is the port at which our proxy service listens to, this port can be changed to any but preferably a number larger than 1024)
Destination Port: (Leave Blank)
Finally, select “Dynamic” from the radio button options.
3) Important: Click “Add” to add the tunnel settings to the connection.
4) On left-hand navigation panel, move the scrollbar to the top and click session. You will be seeing the settings entered in step(1). Now we can save the whole connection settings. Add a name for this connection in the saved sessions textbox and click save.
5) Click open, to open connection to home machine, and enter login and password information for the remote machine. This user need not be root user, but it needs to be an user with network access on the remote machine. That brings to the end of putty configuration. Now you have a proxy tunnel connection from remote machine to one of the home machine. Now we are ready to connect to any home machine.
6) Open another putty session. Select the options “Proxy” from the navigation panel. On the right-side proxy options, enter only the following information. Don’t change any other settings.
Proxy type : select “SOCKS 4”
Proxy hostname : enter “localhost”
Port : 3000
7) Click on the “Session” option from the navigation panel. Enter a name under “Saved Sessions” text field. Don’t enter any information in the “Host Name” field. Now click “Save”. Now we have a template connection session using our proxy.
8 ) Now enter local subnet IP address of a machine at home and click open. The connection gets routed through the proxy tunnel and you will be connected to the home machine directly. Similarly you can connect to another home machine by opening putty and loading the template we created and just filling in the machine’s local subnet IP address.
BTW, if you think just SSH access is not cool enough, you can do more cool stuff like
- Listening to music stored at home
- Viewing/sharing photos at with friends and family
- Creating schedules, Todos, notes etc., securely at a home computer
To get these functionalities checkout this free utility called Tonido. For more information on different applications bundled with Tonido you can read more Tonido related blog posts here.