Accessing Remote Resources using SSH & Putty
Disclaimer

Use the information at your own risk. If you intend to use this to circumvent web filtering, other blocked services, and ports then I suggest that you only do it on your own personal equipment or with explicit written authorization from your companys boss that wants their security tested. It only takes one time to get caught then you can face big penalties to your reputation and or future job opportunities. Also, some countries prohobit the use of encrypted communications. This tutorial revolves around the usage of the SSH protocol which uses encryption to scramble packets sent and recieved and may be illegal. With that stated have fun at your own risk.

Top

Page Overview

In this tutorial I will discuss how to connect and login to a remote SSH (Secure Shell) server, open tunnels(I use tunneling to connect to my proxy server then browse the web through the tunnel in this tutorial), authenticate Putty via http to your corporate proxy. Throughout this tutorial I will cover connecting from a Windows box to a GNU/Linux box hosting OpenSSH on port 443 via the SSH protocol using Putty. I will not cover connecting with SSH through via the command line.

NOTE: There is also putty for GNU/Linux and it functions the same as the one for Windows. Many modern GNU/Linux distrobutions come with some sort of package management. So you might be able to install putty for GNU/Linux easily. With that said, the tutorial provided here also applies to the GNU/Linux putty.
Top

Intended Audience

People who would like to circumvent proxies put in place to filter out web sites, services, and ports. Also, for those who are used to using Telnet and making the transition to OpenSSH for whatever reason. The target audience is assumed to be a intermediate to advanced crowd who would rather not deal with memorizing commands for the command line shell and deal with just a GUI. If you are a beginner you will need to learn the basics of networking, tunneling, and more about security.

Top

Logging into your remote GNU/Linux server hosting SSH
Heres the setup:
Client Side:
Server Side:
Follow these steps:

  2. Once you have inputted all the appropriate values and you are connecting you will get a dialog prompting you if you wish to accept the server's key.

    It looks like this:


  3. Now select YES otherwise you WONT be able to login. After that you will get a prompt asking you for a login and password. By default the user and pass will be the same user and pass used to login locally in GNU/Linux.

  4. Once you see a welcome message (if there is one) followed by something like "username@localhost" it means you've successfully connected! Now what? You can now use your GNU/Linux shell to either compile programs and run them (without X11 Forwarding as of now), administer the host your logged into, and much more. In order to use it with the X11 server the easiest thing I find to do is to boot to a GNU/Linux Live CD such as Knoppix then use SSH to login and you use your local X11 to run the GUI applications hosted on the server through SSH on your client. Make sure you have "X11Forwarding yes" line set in your "/etc/ssh/sshd_config" file on your host machine.

    HELPFUL TIPS: You may use editors such as Emacs, Vim, nano, and more. If you want to use your AIM account you could use Naim and if you want to use IRC you may use irssi. Anyway, thats what I use and those are some examples of what you may use amongst the many other choices out there.
Top

Opening tunnels to browse the web securly through SSH

Lets assume you are in a corporate environment and your favorite site pogo.com is blocked. The solution is to either specify a proxy in your browsers connection settings or use SSH to make a tunnel to your proxy. Lets assume that specifying the proxy through your browsers connection settings is not working and remains blocked.

NOTE: For this topic you will need a free public proxy to connect to or one setup on your home network.
Heres the setup:
Client Side:
Server Side:
Follow these steps:
  1. Enter in your Server info for Session:
    NOTE: When entering "Destination" use the following format (ip:port). When specifying the IP for whichever service your connecting to your specifying a Class C IP within your network. So if you were within your home network and have a proxy server listening on 10.10.11.4:1000 thats what you'd specify. Another example is if you have a proxy server listening on port 102 with the SSH server you connecting to you do 127.0.0.1:102 for the destination field. For the Source IP in putty just put the same port as the Destination text field.

  2. Now connect and login. Once your logged in you'll have successfully opened an active tunnel.

  3. Great now what? you've connected and opened a tunnel. Now we will use a web browser to go through that tunnel and through the proxy we have defined. So say we have a open tunnel to 10.50.19.3:8080. We now want to use our web browser to go through that. I wont go over how to specify proxies in your local web browser as that is simple to do. In the proxy area you will want to put 127.0.0.1 for the hostname and 8080 for the port. The reason I put our localhost ip and 8080 is that putty is listening on 8080. So when you specify the localhost putty will pick up the connection and point you towards the proxy or whichever you tunneled. You will know if this stuff is all working out if you can browse web pages. Another way of figuring out if it works is to see if you could browse pogo.com. Also check out your WAN IP. It should be your home network's IP. Use ipchicken.com to figure out your WAN IP. Congradulations you have bypassed your companies blocks!

Top

Getting "407 Authentication Required" Errors?!?
WARNING: The solution to the 407 Authentication Required can be dangerous as you must use an existing user and pass domain login to authenticate through the network before making a SSH connection. That shows up in the admins logs. It is recommended that you obtain a user and pass other than your own should you follow my solution.

This error frustrated me the most and took long enough for me to figure it out. Your company may have implemented Microsofts proprietary NTLM protocol into their proxy. The purpose of implementing this is to force all user computers to authenticate with the proxy server before getting access to the internet. If you attempt to use a proxy server or take the companies proxy information out of the program your using you will get a "407 Authentication Required Error". Putty has a proxy authentication area but its does not support NTLM. Given that, you must get a third party program called The NTLM Proxy Server to authenticate through your corporates proxy and set Putty to go through that program. The NTLM Proxy server will resolve the 407 Authentication error along with some others. Just make sure you specify all the right credentials in NTLM Proxy Server's server.cfg file.

Heres the setup:
Client Side:
Server Side:

  1. Retrieve the "Current experimental v.0.9.8" of the NTLM Proxy Server and extract all the files to your preferred location.

  2. Read and follow the installation instructions from "install.txt"

  3. Once your all setup with the NTLM Proxy Server startup Putty and enter the host and port.

  4. Now click on "Proxy" under the "Connection" area and look at the image below:

    NOTE: Make sure the "Proxy Hostname" is the host where your running the NTLM Proxy Server (I run it on the same machine I use putty) and the port is where its hosted also.

  5. Press the "Open button to connect to your host". You should be able to log into your remote OpenSSH server now.

    WARNING: Remember that if you choose to use your existing username and password that you login with to the domain that whatever you are doing will be logged under your account name. It may raise a red flag to the system admins so its recomended that you use another username and password if possible.
Top