How to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2) The ssh server is an emulation of the UNIX environment and OpenSSH for Windows, by Redhat, called cygwin This manual covers: Installation of Cygwin and SSH ............................................................................................1 Configuration of Variables ....................................................................................................3 Start and Stop sshd Services ..................................................................................................4 Setup passwd and group Files................................................................................................5 Open TCP port 22 ..................................................................................................................5 Test sshd Service ...................................................................................................................7 How to Update SSL / sshd.....................................................................................................8 Using PuTTY to Start a Remote Desktop Connection ..........................................................9 Installation of Cygwin and SSH 1. Login Windows XP as Administrator or as a user with Administrator privilege; 2. Make sure the current admin/user has a Windows password set. If not, go to Control Panel; click User Accounts to create a password. 3. Just to be on the safe side, after you created a password, logoff and then log in again. 4. Create a folder c:\cygwin 5. Download cygwin's setup.exe from http://www.cygwin.com/ and save setup.exe in c:\cygwin Note: Cygwin's setup.exe can be used to add or delete or reinstall cygwin packages after initial installation. 6. Double click c:\cygwin\setup.exe to start the installation 7. If you are asked to select "Just Me" or "All Users", choose "All Users" 8. When it asks for "Local Package Directory", type c:\cygwin Cygwin_WindowsXP 1 / 10 9. Choose a download site that is "close" to you. (e.g. “cse.yzu.edu.tw”). When a selection screen comes up (you can resize the windows to see better), click the little View button for "Full" view . a. Find the package "openssh", click on the word "skip" so that an appears in Column B, see picture below. b. (Optional) find the package tcp_wrappers1, click on the word "skip" so that an appears in Column B. Notes: If you add "tcp_wrapper", you will most likely get "ssh-exchangeidentification: Connection closed by remote host" error. If you get this error, then edit the file /etc/hosts.allow and add these two lines before the PARANOID line. (After you finish the installation.) ALL: 127.0.0.1/32 : allow ALL: [::1]/128: allow. 10. Click Next to start installing cygwin and ssh. (Size of the basic cygwin system is more than 50 Meg, this may take a while. If you encounter problem during the installation, repeat the above steps or select another download site.) 1 tcp_wrappers provide host-based access control and add an additional layer of protection by defining which hosts are allowed or not allowed to connect to your PC. You can edit "/etc/hosts.allow" or “/etc/hosts.deny”. Cygwin_WindowsXP 2 / 10 Configuration of Variables 1. Right click My Computer, and then select Properties > Advanced tab > Environment Variables; Click New button to add a new entry to System variables: variable name is CYGWIN variable value is ntsec tty Note: ntsec is to get a more UNIX-like permission structure based upon the security features of Windows NT, http://erdelynet.com/archive/ssh-l/2004-06/2571.html for more information. 2. Right click My Computer > Properties > Advanced > Environment Variables Select the Path variable and click the Edit button, and then append ;c:\cygwin\bin to the end of the existing variable string. 3. Open a cygwin window by double clicking the icon; a black screen pops open. Set permission to these files and folder, at the prompt sign, type chmod +r /etc/passwd chmod +r /etc/group chmod 755 /var 4. To generate the DSA security keys, at the prompt sign, type ssh-host-config -y (It may take several minutes to generate the dsa security keys on a slower-end computer.) Cygwin_WindowsXP 3 / 10 5. If the script asks you about "privilege separation", answer yes If the script asks about "create a local user sshd on this machine", answer yes If the script asks you about "install sshd as a service", answer yes 6. When the script stops and asks you for "environment variable CYGWIN=" answer “ntsec tty” Start and Stop sshd Services 1. To start the sshd service, at the prompt sign type > net start sshd or > cygrunsrv -start sshd Note: If the service fails to start, try to change the owner: > chown system /etc/ssh* > chown system /var/empty or Cygwin_WindowsXP 4 / 10 > chown sshd_server /var/empty; and start the sshd service again: > net start sshd If you get "ssh-exchange-identification: Connection closed by remote host" error. Edit the file /etc/hosts.allow and add these two lines before the line of PARANOID. ALL: 127.0.0.1/32 : allow ALL: [::1]/128: allow 2. To stop the sshd service, type > net stop sshd or cygrunsrv –stop sshd. Setup passwd and group Files 1. It is important to match Windows user information with cygwin, otherwise you cannot login. To check if you need to manually edit the /etc/group and passwd files: a. Double click cygwin icon to open a window, > cat /etc/group > cat /etc/passwd b. From the passwd file: look for your current Windows login name. Then look for the GID (group ID) at the fourth field [fields are separated by colons] and compare the group ID with that in the /etc/group file (at the third field.) It should be the same in both files. If not, edit /etc/group so that it agrees. 2. If you logon your Windows XP to a domain, and your local account name is the same as the domain name, then you would need to use administrator’s privilege to rename the local account from name to name.local. 3. Then rebuild the passwd and group files with these two commands: mkpasswd -cl mkgroup -local > /etc/passwd > /etc/group 4. Then repeat step 1.a and 1.b. Open TCP port 22 1. Open Windows Firewall to allow TCP port 22 through (for SSH connection). Your Windows XP must be patched with SP2. 2. Click Start > Settings > Control Panel > Windows Firewall 3. Click Exceptions tab, click Add Port Name: ssh Port number: 22 and check the "TCP" checkbox Cygwin_WindowsXP 5 / 10 4. Click OK. Cygwin_WindowsXP 6 / 10 Test sshd Service 1. To test sshd whether it is working, double click Cygwin to pop up a command window. 2. At the command point, type > whoami > ssh localhost or > ssh -v localhost or > ssh $USERNAME@127.0.0.1 3. If ssh complains "The authenticity of host xx.xx.xx.xx can't be established .... Are you sure you want to continue connecting (yes/no)?" Answer yes 4. If you get an error message like "ssh-exchange-identification: Connection closed by remote host", it is probably caused by McAfee 8.0i. Error is also related to /etc/hosts.allow file. 5. If you get an error message like "entry point _getreent", or "QuerryService Status: Win32 error 1062", it is probably caused by the existance of an older version of "cygwin1.dll" located in the search path. Do a full serarch of "cygwin1.dll" and remove the old version, except the current version at c:\cygwin\bin 6. If you get a prompt without error messages, type > cd /cygdrive/c > ls 7. if you see a directory listing, success! Type exit to end the cygwin ssh session. Cygwin_WindowsXP 7 / 10 How to Update SSL / sshd 1. Check whether your ssl and sshd are up-to-date or not, go to http://cygwin.com/packages/openssl/ and click on the latest packet link: (Sample) Wed Wed Wed Wed Mar Mar Mar Mar 25 25 25 25 17:38:35 17:38:35 17:38:36 17:38:35 2009 2009 2009 2009 41 109 237568 361472 etc/profile.d/openssl.sh etc/profile.d/openssl.csh usr/bin/cygssl-0.9.8.dll usr/bin/openssl.exe http://cygwin.com/packages/openssh/ and click on the latest packet link: (Sample) Thu Nov 20 18:18:27 2008 Thu Nov 20 18:18:28 2008 Thu Nov 20 18:18:28 2008 310272 usr/sbin/sshd.exe 150016 usr/sbin/ssh-keysign.exe 41472 usr/sbin/sftp-server.exe 2. Compare to the ssl which is installed in your PC. Double click cygwin icon to open a window, and change to the directory /etc/profile.d. From this figure, the ssl dated to Jan 8, 2009 is older than the current one listed at http://cygwin.com/packages/openssl/. 3. Then run the setup.exe again to patch ssl (refer to the section of “Installation of Cygwin and SSH” starting from step 5). 4. Similarly, compare to the sshd which is installed in your PC. Change to the directory /usr/sbin and type ls –l to list the files. Cygwin_WindowsXP 8 / 10 From this figure, the sshd.exe dated to Nov 21, 2008 is up-to-date. Reference: http://pigtail.net/LRP/printsrv/cygwin-sshd.html; for more information about Cygwin, go to http://cygwin.com/faq/. Using PuTTY to Start a Remote Desktop Connection Refer to “How to Tunnel Remote Desktop through SSH on a Windows Computer (Using PuTTY); or 1. To open an Command Windows, click Start -> Run, and then input “cmd” 2. At the command prompt (where the PuTTY program is located), e.g. C:\Program Files> putty –L 9001: office-pc:3389 office-pc (Where office-pc is the hostname of your office PC) 3. Login to you office-pc when prompted. You can minimize the active PuTTY session and keep the program running. 4. Go back to the Command Windows, C:\Program Files> mstsc /v:localhost:9001 or Cygwin_WindowsXP 9 / 10 Start your Remote Desktop program as usual, 1. Login your office-pc on the remote desktop. After you successfully login, you will see your Remote Desktop Window similar as the one below. 2. After you have finished using Remote Desktop, exit from the program as normal and then close the PuTTY program. Cygwin_WindowsXP 10 / 10
© Copyright 2024