There is one thing that most Linux backup tools have in common and that is their underlying technologies. In most cases one of the tools that make the GUI backup tools possible is the venerable rsync. Rsync is an incredibly fast and lightweight file copy tool that can not only copy files to and from a local machine, it can also copy over a network connection – which makes rsync an ideal candidate for user-generated backup scripts or cron jobs.

In this tutorial you will learn how easy it is to use rysnc to not only back up specified directories to an external usb drive, but also to backup over a network connection via ssh.

Command structure

The structure of the rsync command is:

rsync [OPTIONS] SOURCE DESTINATION

Where SOURCE is the location of the directory to be backed up and DESTINATION is where the backup will be placed.

Now the structure of the command changes when you are employing a network facility such as ssh. At that point the command structure would look like:

rsync [OPTIONS] ssh SOURCE user@destination:/directory

Where user is the user name on the remote machine, destination would be either an IP address or domain, and /directory is the explicit path to the directory you want to back up to.

Usage

For the first example we are going to backup the directory /home/jlwallen/Documents to the directory /media/disk/BACKUPS. This destination is a directory located on an external USB drive obviously mounted to /media/disk. The command for this backup will be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS

This is where we run into our first “gotcha”. What happens with the above command is that any subdirectory in /home/jlwallen/Documents will be created on /media/disk/BACKUPS. So if you want to create a similar directory structure on the destination you should first create a parent directory similar to that of the source. So before you run the rsync command issue this command:

mkdir /media/disk/BACKUPS/Documents

The new rsync command would be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS/Documents

The options used in the above command are:

• a: Archive mode
• v: Verbose mode
• h: Output in human readable format.

Now let’s backup the same source to a remote location with the help of secure shell. It will help your cause to first make sure you can log into the remove machine via ssh. Once you have that working you are ready to backup. Using our same example we are going to backup to user jlwallen at the IP address 192.168.1.10 to the directory /home/jlwallen/BACKUPS/Documents. To do this the command would look like:

rsync -avhe ssh /home/jlwallen/Documents jlwallen@192.168.1.10:/home/jlwallen/BACKUPS/Documents

The added option is e which allows you to specify the remote shell to use.

You will be prompted for the remote users’ password and then the coping will begin. But what if you don’t want to have to use a password? If you are wanting to set up automated, remote backups you will have to allow this process to happen without entering a password. To do this you have to create an SSH key without a password. Here are the steps for this:

create an ssh key on the source machine with the command:

ssh-keygen -t dsa

Press enter when prompted for a password.

Once the key is created copy that key to the destination key with the following command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the user on the remote machine and destination is the IP or domain of the remote machine.

Now rsync copying can be done without having to enter a password.

Final thoughts

The nice thing about this setup is you can now use rsync to create a cron job for backup automation. Rsync is an incredibly flexible and reliable means for backing up your directories and files. It should be since it is the foundation that so many other backup tools were based on.

Related posts

• Get To Know Linux: Secure Shell (4)
• Zip Encrypt Ftp Backups (1)
• Yadis! Backup Software (2)
• Windows Backup Software: Backup Maker (18)
• Windows Backup Software DeltaCopy (11)

With SecPanel you can create a profile for each of your ssh connections so that connecting is just a matter of opening up the tool, selecting the connection you want from a list, and clicking the Connect button. And for each profile you create, you can associate numerous configuration options. In this tutorial you will learn how to install and use SecPanel to manage your secure shell connections.

Features

SecPanel hosts a number of useful features:

• X11 tunneling  control
• SCP management
• IPv4/6 support
• SSH1/2 support
• Keypair management
• Trace window

and more.

Installing

Like most modern Linux applications SecPanel can be installed by following these simple steps:

1. Open up your Add/Remove Software utility.
2. Search for “secpanel” (no quotes).
3. Mark SecPanel for installation.
4. Click Apply to install.
5. Okay any dependencies.

That’s it.

Running SecPanel

Figure 1

You will find SecPanel in the Internet sub-menu of your Applications menu. When you click that entry to start up the application you will see the main window (see Figure 1) where you can start to add connections. You will notice in Figure 1 there are already profiles listed. Be default there will be none (you have to create them first.) So let’s illustrate how Profiles are created.

Figure 2

To create a new Profile click on the New button. This will open up the Profile editor (see Figure 2). In this window the only required options are:

• Profile Name: The name you want to give your profile.
• Title: This is the name that appears in the Connections listing window.
• Host: The address you want to associate with this profile.
• User: You can either supply a username that is associated with this connection or configure the connection to ask each time a connection is made.

With regards to the username: If you always connect to this server with the same username, go ahead and configure a user. If, however, you connect to this server with different usernames (depending upon what job or service you are tackling) check the “Ask” checkbox. With this configuration a small box will open, when you go to connect, asking you to first input a username.

Other important options to consider are:

• No agent forwarding: Do not allow public-key authentication.
• No X11 forwarding: Do not allow X11 tunneling (you will not be able to remotely run GUI tools).

When you have your profile configured to your liking click the Save button to save your profile. In order to connect to this profile you have to go back to the main window (click the far left icon under the menu bar), select the profile you want to connect to, and click the Connect button.

Keypair

You can also manage keypairs for ssh connections, from within SecPanel. To do this click on the Lock icon from within the main window. When this new window opens you can do things like delete hostkeys, generate keypairs, distribute public keys, add identities, and more. One of the more important tasks you can take care of is the generation of keypairs. The generation of keypairs with this tool is extremely simple. Even distributing public keypairs is made simple with this tool.  Note, however, you can only distribute your keypairs to the machines in your profiles. If a server is not in one of your profiles, you can not distribute a keypair to it.

Multi

If you have an application installed (like MultiXter or ClusterSSH) you can connect to multiple servers at once which is good for such tasks as sending the same command to clustered servers. You will first have to have a supported tool installed.

Final thoughts

If you manage a lot of ssh connections SecPanel is a tool you should certainly look into. If you are used to PuTTY on a Windows machine, you will be very happy with SecPanel.

Related posts

• Top Xp Freeware that every user needs part 3 (5)
• My Encrypted Tunnel (1)
• Fun Things to do with PuTTy and Linux-Routers (7)
• Control Servers from Mobile Phones via SSH (1)
• About PuTTy and Tutorials, including a PuTTy Tutorial. (3)

It does not take long before the SSH or SFTP server is up and running. All it takes is to start the server in the server management console and add at least one user account. User accounts require the usual set of information that include a username, home directory and a password. A public key can be added as well to provide public key authentication. The server administrator can define the user rights in the very same user creation dialog.

It is possible to enable command and shell access, sftp and forwarding separately from each other. The login requirements can also be configured. Users have basically three options to log into the server: password authentication, public key authentication or keyboard-interactive authentication. The server admin can make any or all of the selected methods a requirement.

The server management console contains several settings that are of importance. Administrators define the server-key file location and log path in there, session timeouts, the server port, ssh and sftp security settings like forcing a delay on new connections or blocking IPs after a number of failed connection attempts. The management console itself can be password protected and configured to a specific port and IP.

The free version of Silvershield SSH and SFTP Server should be just fine for smaller networks. Users who want more connections without having to pay for the SSH server can take a look at FreeSSHd A Free SSH Server For Windows or the Windows SSH Server WinSSHD.

Related posts

• FreeSSHd A Free SSH Server For Windows (7)
• Windows SSH Server WinSSHD (3)
• My Encrypted Tunnel (1)
• Windows File Server (7)
• Use WinSCP to securely copy files between two computers (2)

FreeSSHd is a free SSH Server for the Windows operating system. Users can setup the SSH server on one computer system running the Windows operating system and use SSH compatible tools like Putty to connect to that remote computer system. The server can be setup with just a few mouse clicks. The administrator is only required to add users that are allowed to connect to the computer system in the SSH Server configuration.

Authorization can be NT authentication, passwords stored in SHA1 hashes or Public key driven. It is furthermore possible to allow shell, sftp and tunneling access individually. Having said that it should be obvious that FreeSSHd not only offers shell access to authorized users but also secure ftp and tunneling access.

Various options are available that define certain aspects of the SSH Server software. It is possible to add whitelist and blacklists of IP addresses that are allowed to connect to the server, enable event logging, set the secure FTP home path, select a specific allowed cipher, enable tunneling, telnet and check the access logs of the SSH server.

FreeSSHd is a comfortable SSH and SFTP server for the Windows operating system. Setup of the server should not pose to many difficulties even for inexperienced users. All in all a great software program that can be run manually or added to Windows services for extra comfort.

Related posts

• SFTP And SSH Server For Windows (0)
• Windows SSH Server WinSSHD (3)
• My Encrypted Tunnel (1)
• Windows File Server (7)
• Use WinSCP to securely copy files between two computers (2)

Scp is a part of the secure shell application. If you have installed ssh (secure shell) then you have scp installed on your machine. The only problem with scp is figuring out exactly how to use it. It’s not predictable and the man page is absolutely no help. That’s where gHacks comes in. In this article you will learn how to securely copy files from one machine to another using scp.

The Setup

Let’s first get out of the way the setup of a test network. We’ll use MachineA, with an IP address of 192.168.1.1, for the local machine and MachineB, with an IP address of 192.168.1.2, for the remote machine. Both machines will be Linux machines and both will have ssh installed. For the examples we will be copying the file sample.pdf and the directory /home/jlwallen/TEMP. The username we will use is jlwallen.

The syntax

The syntax of the scp command is basically:

scp FILENAME USERNAME@ADDRESS_OF_REMOTE_SERVER:FILENAME

One very important issue is that the FILENAME should be the full path to the file to be copied.

Copy file from A to B (While logged into A)

To copy sample.pdf from A to B when you’re logged into A issue the command:

scp /home/jlwallen/sample.pdf jlwallen@192.168.1.2:/home/jlwallen/sample.pdf

You will be prompted for jlwallen’s password. Once you enter that password the copy will occur.

Copy file from A to B (While logged into B)

scp jlwallen@192.168.1.1:/home/jlwallen/sample.pdf /home/jlwallen/sample.pdf

You will be prompted for jlwallen’s password.

Copy Directory from A to B(While logged into A)

scp -r /home/jlwallen/TEMP jlwallen@192.168.1.2:/home/jlwallen/TEMP

You will be prompted for jlwallen’s password. This command will copy the entire contents of the TEMP directory.

Copy Director from B to A (While logged into B)

scp -r jlwallen@192.168.1.1:/home/jlwallen/TEMP /home/jlwallen/TEMP

Pretty simple stuff once you actually know the structure of the command.

Make it passwordless

If you’re like me you like to automate things. You can do this with scp but you have to set it up so you can log in without passwords. The best way to do this is by using keys. Here is how it is done:

On the local machine generate a keypair with the following:

ssh-keygen -t rsa

You will accept the defaults and just hit enter. Do not give this a passphrase.

This will generate two files in the ~/.ssh directory: id_rsa and id_rsa.pub. You need to first give your id_rsa the right permissions with the command chmod 700 ~/.ssh/id_rsa. Now you need to copy the id_rsa.pub file over to the server you want to log into. Do this with the command:

scp ~/.ssh/id_rsa.pub 192.168.1.2:~/.ssh/authorized_keys

Now log into the remote machine (via ssh) and make sure the ~/.ssh directory has the right permissions with the command chmod 700 .ssh

The next step is to configure ssh and sshd. On the local machine open up the file /etc/ssh/ssh_config and look for the line:

ForwardAgent yes

This line will most likely be commented out. Remove the “#” character and save the file.

Now on the remote machine open up the /etc/ssh/sshd_config file and make sure you have the following lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile????? .ssh/authorized_keys

Save that file and restart sshd with the command /etc/rc.d/init.d/sshd restart

Back on the local machine issue the two following commands:

ssh-agent

ssh-add

You shouldn’t be prompted for a password for the second command.

Now attempt to ssh to the remote machine like so:

ssh 192.168.1.2

You should not be prompted for a password. You are now able to ssh and scp without having to enter a password.

Final Thoughts

Now that you know how to scp (and do so without user intervention), you can create all sorts of fun automated backup scripts that will backup a local machine to a remote server. There is one warning I will issue: if someone can get your id_rsa file they might be able to get into your machine. So make sure the machine that holds that file is safe.

Related posts

• Remote SSH: Run processes anywhere on different platforms (1)
• Get To Know Linux: Secure Shell (4)
• Access remote Unix GUIs in Windows: Xming (1)
• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (2)

Some services offer free SSH accounts, so you can edit and access files anywhere, host websites, use them as proxies (or IPv6 gateways) and some even let you run processes like IRC bots and compilers.

Generally, such free Shell accounts impose a monthly bandwidth quota of a few megabytes, so you don’t use too much of their resources. Some providers are more generous than others, though, and some charge for additional space and bandwidth.

Most SSH providers offer Unix-based hosting. Mitja Sladovic offers a very large list of such free providers.

The most popular service is the SDF Public Access UNIX System, established in 1987. Free users are offered email hosting (POP or IMAP), games, access to the text-based ‘Lynx’ web browser, web hosting, various network utilities and 80MB space. For access to gcc, php etc., one must a one-off fee of $36. In order to validate your account, and receive access to network utilities, one must send them $1 or €5 (in order to deter spammers).

Blinkenshell is another interesting option. Free accounts get 50MiB of space, access to several compilers, an IPv6 tunnel, hosting, email, IRC access and even the ability to have MySQL databases. One can’t use Blinkenshell for IRC bots, though. A few services do provide access to eggdrop, a popular IRC bot, such as Polarhome and aeshells.

Naturally, novices may struggle with such services as no graphical interface is provided. These services do, however, provide a rapid way to compile applications on different platforms (like Linux and BSD) and allow boring processes, like IRC bots, to run for you.

Related posts

• Access remote Unix GUIs in Windows: Xming (1)
• Securely copy files with scp (5)
• Get To Know Linux: Secure Shell (4)
• dd: the ultimate disk cloning tool (11)
• Control Servers from Mobile Phones via SSH (1)

Secure shell was created as a replacement for telnet because telnet transmitted unencrypted passwords. The encryption is handled via public key cryptography. Through secure shell the user can issue commands on a remote server or even tunnel the X protocol in order to run remote graphic applications locally.

Using secure shell on Linux will require you to install openssh-clients and if you want to run an secure shell server (so others can secure shell into your machine) you will need to install openssh-server. These can be found in your Add/Remove Program utility. During the installation you will most likely be informed that the installer needs to generate a key. You won’t have to do anything for this key generation. And, depending upon the Add/Remove Program utility that you use you may not even see any sign that this is happening.

Basic usage

To use secure shell you will need to open up a terminal window (gnome-terminal, konsole, aterm, eterm, etc). Once this is open you can begin. The structure of the command is:

ssh OPTIONS REMOTE_SERVER_ADDRESS

Secure shell has quite a list of options available. For a complete listing of these options issue the command man ssh to see them all. But the most useful options are:

• -v This gives verbose output so you can see all output given as a connection is being made.
• -l This allows you to specify a username for the connection.
• -X This instructs the remote server to allow the tunneling of X protocols.

Say you want to connect user jlwallen to server 192.168.1.10 and you want to tunnel X. The command to do this would be:

ssh -v -l jlwallen 192.168.1.10 -X

You would see a good deal of information pass by before you are asked for the users password. If this is the first time you’ve attempted this connection you will be prompted (via Y or N) if you want to allow the addition of a key to be placed in the ~/.ssh/known_hosts file. If you are wanting to make this connection you will have to accept this key.

ssh daemon

Now if you want to have the secure shell daemon running on your machine (so that users can log on) you will have to start the deamon. The ssh daemon (sshd) is started from the init.d system. On a Fedora-like system this daemon is started like so:

/etc/rc.d/init.d/sshd start

On a Ubuntu-based system this daemon is started like so:

/etc/init.d/sshd start

Once the daemon is started users can now log in. NOTE: The sshd daemon runs on port 22 so you will need to have that port open in order to allow connections.

Final Thoughts

Secure shell is one of the better means of logging into a remote machine securly. Sure there are other methods but secure shell is easy to use, reliable, and secure.

Related posts

• Securely copy files with scp (5)
• Remote SSH: Run processes anywhere on different platforms (1)
• Five handy secure shell tips and tricks (8)
• Backup your Linux box with rsync (3)
• Access remote Unix GUIs in Windows: Xming (1)

Xming is an X server for Windows which can be used to secure forward X11 sessions from Unix machines. Basically, using Xming, a graphical program, like Firefox or xeyes, can be run remotely from an SSH server with X11. Using X11 tunneling, many things can easily be done remotely, whether that be word processing, file-sharing or accessing an email client.

Xming requires a little configuration. In my opinion, Xming works best with the Putty and comes with it. ssh.exe can also be used.

Putty must be configured to enable X11 forwarding, which is done inside Putty by going to SSH>X11 and ticking ‘Enable X11 forwarding’. Whilst programs can be launched via remote SSH terminal, the Xlaunch program which comes with Xming is much easier to use.

In Xlaunch, the chosen view for X11 windows is chosen (one window, multiple windows or full screen), the SSH server and login details is entered as is the application which is to be run. xterm (the terminal) is a good choice!

Related posts

• Remote SSH: Run processes anywhere on different platforms (1)
• Securely copy files with scp (5)
• Get To Know Linux: Secure Shell (4)
• dd: the ultimate disk cloning tool (11)
• Beginners guide to Linux (5)

A SSH connection can be used to use an encrypted channel to transfer the unencrypted data so that the data is protected from third parties. To make use of this encrypted channel a connection has to be established and maintained between the local computer and a SSH server on the Internet. If your Email provider would offer SSH access for instance it could be setup to create a connection with their SSH server to retrieve and send emails.

My Encrypted Tunnel is a free application that makes use of Putty Link to establish an SSH connection:

MyEnTunnel is a simple system tray application (or NT service) that establishes and maintains TCP SSH tunnels. It does this by launching Plink (PuTTY Link) in the background and then monitors the process. If the Plink process dies (e.g. connection drops, server restarts or otherwise becomes unreachable) MyEnTunnel will automatically restart Plink to reestablish the tunnels in the background. It tries to use as little CPU and system resources as possible when monitoring (When the “Slow Polling” option is enabled it only does one context switch per second).

It can also be used to exchange data between two computers. To do this one computer needs to act as the SSH Server. Users looking for an advanced Windows client with additional functionality might find it in Tunnelier which is free for personal use.

Related posts

• SFTP And SSH Server For Windows (0)
• Run SSH Server For Remote Desktop Connections (6)
• FreeSSHd A Free SSH Server For Windows (7)
• Windows SSH Server WinSSHD (3)
• Top Xp Freeware that every user needs part 3 (5)

This helps if I’m near a PC but not if I’m playing with my five year old nephew at the North Sea. One of my backup plans included the installation of a Symbian version of Putty on my Nokie N73 mobile phone. Putty is a Telnet and SSH client that can be used to quickly connect to servers and start commands and scripts there. It would take only a minute or so to connect to the server and restart a module, like ftp, MySQL or Apache, if one of them crashes.

It can also be used to analyze what went wrong providing the server did not crash completely and does not restart. All that is needed is the free software PuTTY for Symbian OS which can be installed on a Symbian OS compatible mobile phones also known as S60 third edition smartphones.

Ports for UIQ 1, UIQ 2 and UIQ 3 are available as well. It’s actually pretty cumbersome to work with Putty on a mobile phone that does not have a full QWERTY keyboard with additional keys like ESC which is why the mobile version of Putty offers a special send menu that provides access to those special characters.

Related posts

• Wiredtree Review After Four Months (3)
• Web Server Migration Today (5)
• Top Xp Freeware that every user needs part 3 (5)
• SFTP And SSH Server For Windows (0)
• Remote SSH: Run processes anywhere on different platforms (1)

I am not a big tutorial-fan, cause I always can’t quite shake the feeling that I’m doing something here I have no particular knowledge of. And depending on what I do, this bothers me. A lot. Take sewing for instance (yes, I do indeed enjoy the fun of sewing, at least as long as it is fun); in the beginning I only did pre-set tutorials. I got to see some achievements, pretty fast as well, and was happy. But the clothings didn’t fit that well, more often than not I had to make corrections to be at least a bit satisfied with my work.

By now, I do most of my sewing patterns myself by taking bits from tutorials and knowledge and putting them together, and it works just fine for me. My point is, tutorials are often brief, giving appealing results in a short time, but often lack some of the necessary theory. Ever happened to you that you did something with a tutorial that just would not work? And after going through the complete text again, looking at all pictures, you realize there’s a small mistake in it, or something you wouldn’t have thought of, which the author took as given?

I guess that’s the reason I don’t want to write tutorials, the danger of missing something (or to cut off too much or something like that) or to have people sitting in front of it thinking “Screw this guy, this just doesn’t work!”. Plus, there are plenty of tutorials out there regarding nearly any topic. Or are there?

But – as the headline suspects – I’m gonna break with this habit for now, and give you a few shots and explanations regarding my former post. No tutorial in a classical sense, but one like I try to write my stuff as well: just concepts and ideas, but this time with pictures.

So let’s get started. Since I’m keeping my connection open most of the time, I’m using PuTTyTray instead of the regular PuTTy or its portable cousin, so some functions described here are not available in other versions.

Here we got the starting screen. Use “Settings from file” (at the bottom of the screen) to save sessions to a file in the PuTTy-directory instead of the windows-registry. An absolute must for all portable users. The first ellipse is where you type your target server’s (or router’s, in our case) IP in. If you can’t remember your IP at any time or get dynamic IPs, make an dyndns-account to save you trouble. Most Routers come with built-in dyndns-support anyway nowadays, sparing you the effort of an update tool. Of course, we want to have “SSH” as a connection type, but it’s per default enabled, so there shouldn’t be any problems.

Ah, that one took me awhile to figure out. Or to be more precise: I was swearing and cursing about the problem I encountered and by accident managed to find a solution in the settings for my terminal, which struck me to be very odd. So I wanna share my insights. The option I circled changes the character send to the server by pressing the backspace-key. Since the routers I mentioned all use some sort of linux, you might wanna change the option to the right one, “Control+? (127)”. Without that enabled, my fritzbox would only type “[^” or something like that instead of deleting the last character. Very annoying.

That one is one of the PuTTyTray-only functions I mentioned that I don’t wanna miss ever again, regardless how more convenient PuTTyPortable sometimes might be for my purposes. Leave the option on “normal” to start it in normal terminal mode. I prefer that one, since I want to use password-authentication. No use minimizing the window to tray on start, only to have to bring it back up, type the password in and minimize it again. “Always” and “Never” produced funny behaviors that I couldn’t get a hold of, but, if you wanna guess and like riddles, go and give it a try.

And oh, the “Accept single-click…”-option is nice as well, if you use this kind of restoring in all of your programs. Mixing double-click and single-click is definitely not a good idea, at least not for me.

Oh, yeah. Not that important, I gotta admit. But it would allow you to pick a username that’s hard to remember (please don’t say anything about the “root” I typed in there.. it is for demonstration purposes only!), and even harder to guess. When using password authentication, I only have to type in my password and not my username. spares me ~1.2 seconds. yay!

Painting Frenzy!! Okay, now here we go. This tab is the mekka for all your needs, the holy grail of port forwarding.
The first option I circled is recommended to use, but it is not without risks (security, mostly). Some protocols may need this option to function properly though. When you look at the entries 1, 2 and 3 they all have a source port (the first column) and a destination (the second one), like my arrows – done extremely skilled, if I may say so – try to show you.

1.) This is a standard port forwarding like used by any program. I specified my source port, which is 5700 (always select “local” as a type if unsure for the others and their doings), and a destination that is usually an IP plus a port. As you can see or at least guess, it’s for VNC (port 5900), and it’s for a fictional desktop in my home network.

2.) That one I use for the emulation of a vpn. Remember the virtual network adapter I had to create? I gave it the very innovative IP 10.0.0.1, Windows File Sharing services use port 139, so its 10.0.0.1:139 for source. The destination is my main network-hard drive with the very same port. If you specify an IP for the source port, the port is only forwarded if the accordant network adapter is used. In case of the file sharing, I had to do this, since I wanted to work both ways at the same time – local file sharing and file sharing over SSH. If you need only one of both, feel free to just forward the port without a source IP.

3.) This one is pretty much like the first, but it points to a virtual network card I created on my Router. I did so because it is forbidden to map any ports directly to the routers own IP, but mapping to the virtual NIC is allowed. Here, I’m forwarding localhost’s port 80 (do NOT do this when running a webserver or any software using port 80) to the virtual NIC’s port 80, so I can display my router’s status page in my browser here at work, taking a look at phone lists and the like. I also could’ve made a port forwarding like “6666 192.168.178.253:80″, to view my routers page then, I would have to connect to “localhost:6666″ in my browser, as well as for connecting my VNC, I have to connect to “<dyndns-address>:5700″ instead of just “<dyndns-address>”.

Be careful with the Connection -> Proxy-Tab though. You don’t have to specify anything here for PuTTy to provide the SOCKS-proxy I mentioned. This is only necessary if PuTTy is forced (or wanted) to use a proxy to connect to the target net (usually, the internet) itself, like when using PuTTy over TOR for instance, which is by the way in my opinion the most comfortable way of using TOR there is.

Oh my, I almost forgot that one.. this is crucial when keeping your connection up and running for a long time. If the connection gets broken there is a chance that your server-component remains active and running on the router, and if your reconnect, you got a second one running, and a third one if that happens again.. you catch my drift. I chose a value of 60 seconds, and it works for me. It was a more or less random choice though, other values might do equally fine.

Okay. I admit, that didn’t hurt that much at all. Maybe I will just… keep posting funny daubed pictures about programs I use…

cya all soon! :)

Related posts

• Fun Things to do with PuTTy and Linux-Routers (7)
• Top Xp Freeware that every user needs part 3 (5)
• My Encrypted Tunnel (1)
• Manage your ssh connections with SecPanel (6)
• Manage Servers For Putty WinSCP VNC And Microsoft Terminal Server (0)

I was no exception to this when I decided to fool around a bit with my AVM Fritz!Box (Broadband Router quite common in Germany and Austria that runs with Linux) and installed – among other amusing things – the dropbear SSH Server on it. I was then able to connect to my home network from all around the world using just my dyndns-account and PuTTy, or better his cousin PuTTyPortable, which runs from thumb drives without leaving traces behind on the host system. Oh the joy!

After going through the massive troubles of installing and configuring dropbear via FTP and VM, I first started to think about the use I could get out of this.

note: I didn’t intend to give instructions of how to use PuTTy or to set up those functions I mention, more to give some inspiration. Google helps all, but if someone is interested in a particular HowTo, just ask, I’m here ;).

First of all, I found out that I could use my encrypted Connection to eliminate some holes in my firewall, VNC always being a big thorn in my side. If I use the standard ports, it’s insecure, and if I use custom ports, I’m bound to fail to remember them when needed. With the SSH Connection, I only have to remember one custom port (in fact, PuTTy does remember it), and I can spare the additional effort and cpu time for encrypting VNC sessions, as well as I could stuff all commonly used holes in my firewall.

Incredibly simple, but at the same time incredibly effective. If you want something like this, the tunneling function (also port forwarding) is for you. It also allowed me – with some tweaking on the router as well – to view the html-based configuration side from outside over the secure line, taking a look at the list of calls received in absence.

The next useful function I could think of was to use my secure Connection to obscure my internet traffic. Not to circumvent IP-Checks, but to prevent the casual network analyzer of having anything to work with besides my current IP at home. No destination, no protocol, no data. Setting it up was even easier than setting up the port tunnels, which, from time to time, tend to be a real pain in the ass, so to speak. For every open SSH Connection and without further configuration, PuTTy procures a full-fledged SOCKS proxy server for you. Ain’t that nice? And with plugins like QuickProxy for Firefox you are free to switch it on or off as you like. Which, of course, is also available as a portable version. But you all knew that already.

The third function I use pretty often was a nasty one to get by, but it was definitely worth the trouble, since it fits my setting nigh perfectly. I’m quite fond of VPNs, but I have yet to encounter a VPN-software that really satisfies me and my personal needs and/or beliefs. So, among the other amusing programs I set up on my router (as mentioned above), was a VPN-server, to allow me to connect to my network-enabled hard drives at home. To cut it short, it worked, I felt secure and all, but it was impossible to take the solution with me, since all VPN-Implementations (OpenVPN, that is) required installation and the creation (and configuration) of a virtual network adapter. So I tried to bring up a feasible solution involving PuTTy.

The easy one was to use a protocol that allows you to transfer files, (s)FTP, SCP, or even HTTP, but all require a special server component to be run on the target, which is not possible for me without leaving one of my computers on, which is entirely out of the question. The NAS is even able to manage FTP, but it would require me to rely on FTP and FTP alone. No Samba and FTP at the same time for the same files. So I had to discard that as well.

The next thought was to just forward port 139 (used by windows filesharing services) to my target network. It would’ve worked, but it would’ve rendered me incapable of using the filesharing service for local shares. I’m using this solution at work, so it’s either home or work. It would work, I could only start up the connection of needed, and so on, but I wasn’t just happy with it, so I digged further.

If I had found a software for windows, that used not the windows filesharing service but an own implementation of it, I could just tell it to use another port and forward that one, but unfortunately, I found no such program.
The best I could come up with was to create a network adapter as VPN does, but without configuring anything on it except for a meaningless IP, and then forward all traffic on 10.0.0.1:139 to my network at home. Works like a charm, but if anyone ever happens to find a program like mentioned above, I would be more than happy to give it a try. Portable Applications preferred ;)

Another function available, though I did not use it very often, was the forwarding of the X11-protocol used by common Linux-desktops, which gives you the power of controlling the remote computer similar to VNC but without the need for additional software.

The last one I want to mention is not one of PuTTy, but one that uses its opened shell to go through with it. A little program called etherwake can be run on common Linux-powered systems which enables you to start your computer without actually sitting in front of it via the magic of WOL (pun intended). A pre-set shell-script that’s run with a short command, a VNC server installed as a service, and you’re good to go. Connect the Router, wake up the computer, connect using VNC and take a look at the all-important document you left at home.

So, if you happen to own a Fritz!Box or one of them shiny, new, world-wide-available OpenSource-Routers, or just an old crappy computer that could deliver a reasonable SSH server for an equally reasonable amount of watts spent, maybe those ideas incorporated one for you.

Also, please notice that PuTTyTray works from Thumb Drives as well without leaving any Data behind (if you use the “session from file”-option), but has the advantage that it can be minimized to the system tray.

If you’re planning on keeping the connection up for quite some time, also remember to activate the “Keep Alive”-function ;)

Edit: After getting rebuked for not doing it from the beginning, I’d like to incorporate some useful links that might get you started.
Complete Installation Guide for Telnet, FTP, SSH, WOL & VPN on a Fritz!Box, German.
You can also get this functions creating a nice and easy pseudo-firmware-image here, but I guess one could lack the insight needed to fill in all the right information if he never did it manually before. So, feel free to screw around using the above link and once you figured it all out, use this one. Also German, but with very little text ;)
Another tutorial, this time for the Linksys WRT54G, including SSH and Tunneling.

Thx again to Ace_NoOne, who could’ve used Google instead ;)

Related posts

• About PuTTy and Tutorials, including a PuTTy Tutorial. (3)
• Top Xp Freeware that every user needs part 3 (5)
• Proxy Server Usage To Extend Jailtime In The US (8)
• My Encrypted Tunnel (1)
• Manage your ssh connections with SecPanel (6)

I can then copy files from and to my dedicated server using this secure connection. I upload new websites this way or download mysql backups or other files that i want to store locally. Well, today version 4 of WinSCP was released as a beta. The main additions are ftp support (remember it supported SFTP before only) and SSH tunnel support. The later feature is not that important for me but the first is really nice.

The changelog for WinSCP 4.0 beta lists a lot of bug fixes and changes that would be to much to list here at my site. Just take a look at the changelog at the official site if this is really interesting for you.

What do you use to connect to a dedicated server ? Remember that I’m still using Windows mainly which limits the choice of programs that I could use.

Related posts

• Home FTP Server (5)
• Top Xp Freeware that every user needs part 3 (5)
• SFTP And SSH Server For Windows (0)
• Secure FTP Client Online (4)
• FreeSSHd A Free SSH Server For Windows (7)

I did write about some of them here at ghacks already but I guess only the die hard ghacks readers will know about this. I would like to start with a tool that I have been using for some time now. It is called Hamachi and the main benefit is that it is able to simulate a lan over internet. This is great if a game only offers lan play for instance. I do not suggest you use it for the following purpose but it is possible. Many games require serial numbers and those numbers are checked when you connect to a game server on the internet. They are not checked if you create a lan game.

System Tools:

Please insert the CD into the drive and restart the application. I hate this message. Forcing legit users to have the CD / DVD in drive to execute the program is something I never understood. Pirates crack those protections in seconds and legit users have the problems with methods that are supposed to make it harder for pirates. Something is wrong here. I do like Daemon Tools which emulates CDs on your hard drive. Create an image of the CD, mount it in Daemon Tools and you may use the software without the Cd.

That shitty movie is not playing. I don’t see a picture, I hear no sound. Have you ever witnessed something like that ? This could be due to a missing codec on your system. Gspot analyzed a movie file and displays the codecs it is using. Did I say that I hate the fact that there are billions of codecs out there ? Waste of time and energy.

Notepad 2 replaces Notepad which ships with every windows installation. It offers more features than Notepad like syntax highlighting.

Rbtray makes it possible to minimize every window into the system tray instead of the task bar. If you are like me and dislike crowded task bars this tool is for you.

I like my computers as silent as they can be. One method to achieve this is to use a software that is able to control the speed of the fans in your pc. Speedfan is my choice. It displays temperatures for important system components such as processor, motherboard and hard drives and lets you change the fan speed if that is supported on your system.

Vippy the writer friendly cursor changes the cursor into a eye-friendly one. This is great if you have troubles finding the cursor in a text document. Vippy changes the color of the cursor to red for instance.

Internet:

Ghacks is running on a dedicated server and I have to make the connection using a terminal program. I do use Putty for this, it is fast and clean and does exactly the things that I need it to do. I do use WinSCP to connect download backups that I made from the dedicated server. SFTP means secure file transfer.

I have a Skype account to talk to my friends and see who is online at the moment. There is no charge if both users are connected to the Skype network. I do prefer Teamspeak while gaming. Teamspeak has the advantage that more users may chat and talk at the same time while Skype has that limited I think. When I was playing WOW we were using Teamspeak with more than 40 people in one channel. Don’t worry, you can moderate everything.

If you want to view tv on the internet you should take a look at tvu player which offers some interesting channels to choose from. To name a few: ABC, ESPN, Comedy Channel, CBC, Fox and more. All free, with relative good quality. You need a broadband connection for good results.

You need some additional tools if you want to save video streams. Most providers hide the real url to the stream making it impossible to detect it by normal means. Url Snooper comes into play and detects the real address by analyzing all network traffic.

I need a local test installation of ghacks to test new features before I make the upgrade on the running site. XAMPP offers everything I need to have a local Apache installation with PHP and MYSQL support. It is great for learning and testing upgrades.

Security:

You might remember the Sony rootkit incident. They planted a rootkit on some of their CDs and users had a hard time getting rid of it. Rootkit Revealer is one of those tools that helps detecting and removing rootkits.

Other:

I do not buy lots of new CDs but sometimes I buy some used ones on Ebay or Amazon. I don’t have a CD player at all so I have to get the songs from the CD on my computer to be able to play them and transfer them to my Ipod. CDex is the tool I use for that purpose. It is fast, pulls all relevant information from the internet (author, title, songs..) and adds them automatically to the songs.

Related posts

• Tweak Vista Freeware (3)
• top 100 free software for windows xp (1)
• Security and Privacy Complete (0)
• Create a Multimedia XP Screensaver (5)
• Analyse your hard disk and stop wasting space (5)

Here is a short list of all the other tools mentioned: Nmap, Nessus Remote Security Scanner, John the Ripper, Nikto, Superscan, pof, Ethereal, Yersinia, LCP, Cain and Abel, Kismet, Netstumbler and hping. Make sure you check the tools that you do not know about yet, it might be worth it.

Related posts

• Top Xp Freeware that every user needs part 3 (5)
• Astalavista Top 10 Freeware Tools (2)
• Ultra High Security Password Generator (4)
• Security and Privacy Complete (0)
• Remote SSH: Run processes anywhere on different platforms (1)