User Tools

Site Tools


doc:howto:multi-hop-ssh

Multi-hop SSH through LAN over WAN via PuTTY

  • I run a FreeNAS server behind OpenWrt that I did not want exposed to WAN; however, I needed to be able to SSH in from WAN.
    • PC → WAN SSH → OpenWrt → LAN SSH → FreeNAS
    • In order to do so, without exposing the NAS server to WAN, a SSH multi-hop must be configured.

Prerequisites

Configure PuTTY

  • FreeNAS-LAN-SSH Profile
    • Connection - Proxy - Telnet Command or local proxy command
    • plink tells PuTTY to establish a SSH to OpenWRT, then establish a SSH session to FreeNAS through the SSH tunnel with OpenWRT
      plink -v -load OpenWRT-WAN-SSH -nc %host:%port

Profiles

FreeNAS

    • Edit the following to your specific configuration
      # LAN Address of FreeNAS
      "HostName"="192.168.1.100"
      
      # Log file save location
      "LogFileName"="C:\\PuTTY\\FreeNAS.log"
      
      # plink tells PuTTY to establish SSH with OpenWRT-WAN-SSH over WAN, then
      # create another SSH tunnel within it to FreeNAS-LAN-SSH over LAN
      "ProxyTelnetCommand"="plink -v -load OpenWRT-WAN-SSH -nc %host:%port"
      
      # RSA certificate location
      "PublicKeyFile"="C:\\PuTTY\\FreeNAS.ppk"

OpenWrt

    • Edit the following to your specific configuration
      # Host name of your Dynamic DNS service
      "HostName"="your.ddns.com"
      
      # Log file save location
      "LogFileName"="C:\\PuTTY\\OpenWRT.log"
      
      # RSA certificate location
      "PublicKeyFile"="C:\\PuTTY\\OpenWRT.ppk"

Registry Export

  • Registry export of the PuTTY FreeNAS-LAN-SSH and OpenWRT-WAN-SSH Profiles

    Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\FreeNAS-LAN-SSH] "Present"=dword:00000001 "HostName"="root@192.168.1.2" "LogFileName"="C:\\PuTTY\\putty.log" "LogType"=dword:00000002 "LogFileClash"=dword:00000000 "LogFlush"=dword:00000000 "SSHLogOmitPasswords"=dword:00000001 "SSHLogOmitData"=dword:00000000 "Protocol"="ssh" "PortNumber"=dword:00000016 "CloseOnExit"=dword:00000001 "WarnOnClose"=dword:00000001 "PingInterval"=dword:00000000 "PingIntervalSecs"=dword:00000000 "TCPNoDelay"=dword:00000001 "TCPKeepalives"=dword:00000000 "TerminalType"="xterm" "TerminalSpeed"="38400,38400" "TerminalModes"="CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICRNL=A,IEXTEN=A,IGNCR=A,IGNPAR=A,IMAXBEL=A,INLCR=A,INPCK=A,INTR=A,ISIG=A,ISTRIP=A,IUCLC=A,IXANY=A,IXOFF=A,IXON=A,KILL=A,LNEXT=A,NOFLSH=A,OCRNL=A,OLCUC=A,ONLCR=A,ONLRET=A,ONOCR=A,OPOST=A,PARENB=A,PARMRK=A,PARODD=A,PENDIN=A,QUIT=A,REPRINT=A,START=A,STATUS=A,STOP=A,SUSP=A,SWTCH=A,TOSTOP=A,WERASE=A,XCASE=A" "AddressFamily"=dword:00000000 "ProxyExcludeList"="" "ProxyDNS"=dword:00000001 "ProxyLocalhost"=dword:00000000 "ProxyMethod"=dword:00000005 "ProxyHost"="" "ProxyPort"=dword:00000000 "ProxyUsername"="" "ProxyPassword"="" "ProxyTelnetCommand"="plink -v -load OpenWRT-WAN-SSH -nc %host:%port" "Environment"="" "UserName"="root" "UserNameFromEnvironment"=dword:00000000 "LocalUserName"="" "NoPTY"=dword:00000000 "Compression"=dword:00000000 "TryAgent"=dword:00000001 "AgentFwd"=dword:00000000 "GssapiFwd"=dword:00000000 "ChangeUsername"=dword:00000000 "Cipher"="aes,3des,blowfish,WARN,arcfour,des" "KEX"="dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN" "RekeyTime"=dword:0000003c "RekeyBytes"="1G" "SshNoAuth"=dword:00000000 "SshBanner"=dword:00000001 "AuthTIS"=dword:00000000 "AuthKI"=dword:00000001 "AuthGSSAPI"=dword:00000001 "GSSLibs"="gssapi32,sspi,custom" "GSSCustom"="" "SshNoShell"=dword:00000000 "SshProt"=dword:00000003 "LogHost"="" "SSH2DES"=dword:00000000 "PublicKeyFile"="C:\\PuTTY\\FreeNAS.ppk" "RemoteCommand"="" "RFCEnviron"=dword:00000000 "PassiveTelnet"=dword:00000000 "BackspaceIsDelete"=dword:00000001 "RXVTHomeEnd"=dword:00000000 "LinuxFunctionKeys"=dword:00000000 "NoApplicationKeys"=dword:00000000 "NoApplicationCursors"=dword:00000000 "NoMouseReporting"=dword:00000000 "NoRemoteResize"=dword:00000000 "NoAltScreen"=dword:00000000 "NoRemoteWinTitle"=dword:00000000 "RemoteQTitleAction"=dword:00000001 "NoDBackspace"=dword:00000000 "NoRemoteCharset"=dword:00000000 "ApplicationCursorKeys"=dword:00000000 "ApplicationKeypad"=dword:00000000 "NetHackKeypad"=dword:00000000 "AltF4"=dword:00000001 "AltSpace"=dword:00000001 "AltOnly"=dword:00000000 "ComposeKey"=dword:00000000 "CtrlAltKeys"=dword:00000001 "TelnetKey"=dword:00000000 "TelnetRet"=dword:00000001 "LocalEcho"=dword:00000002 "LocalEdit"=dword:00000002 "Answerback"="PuTTY" "AlwaysOnTop"=dword:00000000 "FullScreenOnAltEnter"=dword:00000000 "HideMousePtr"=dword:00000000 "SunkenEdge"=dword:00000000 "WindowBorder"=dword:00000005 "CurType"=dword:00000001 "BlinkCur"=dword:00000001 "Beep"=dword:00000001 "BeepInd"=dword:00000000 "BellWaveFile"="" "BellOverload"=dword:00000001 "BellOverloadN"=dword:00000005 "BellOverloadT"=dword:000007d0 "BellOverloadS"=dword:00001388 "ScrollbackLines"=dword:00002710 "DECOriginMode"=dword:00000000 "AutoWrapMode"=dword:00000001 "LFImpliesCR"=dword:00000000 "CRImpliesLF"=dword:00000000 "DisableArabicShaping"=dword:00000000 "DisableBidi"=dword:00000000 "WinNameAlways"=dword:00000001 "WinTitle"="Secure Shell - FreeNAS (Remote)" "TermWidth"=dword:00000050 "TermHeight"=dword:00000028 "Font"="Lucida Console" "FontIsBold"=dword:00000000 "FontCharSet"=dword:00000000 "FontHeight"=dword:0000000a "FontQuality"=dword:00000003 "FontVTMode"=dword:00000004 "UseSystemColours"=dword:00000000 "TryPalette"=dword:00000000 "ANSIColour"=dword:00000001 "Xterm256Colour"=dword:00000001 "BoldAsColour"=dword:00000002 "Colour0"="170,210,0" "Colour1"="255,125,0" "Colour2"="25,25,25" "Colour3"="20,20,20" "Colour4"="0,163,255" "Colour5"="0,163,255" "Colour6"="0,0,0" "Colour7"="85,85,85" "Colour8"="187,0,0" "Colour9"="255,85,85" "Colour10"="0,187,0" "Colour11"="85,255,85" "Colour12"="187,187,0" "Colour13"="255,255,85" "Colour14"="0,163,255" "Colour15"="0,100,255" "Colour16"="187,0,187" "Colour17"="255,85,255" "Colour18"="0,187,187" "Colour19"="85,255,255" "Colour20"="187,187,187" "Colour21"="255,255,255" "RawCNP"=dword:00000000 "PasteRTF"=dword:00000000 "MouseIsXterm"=dword:00000000 "RectSelect"=dword:00000000 "MouseOverride"=dword:00000001 "Wordness0"="0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0" "Wordness32"="0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1" "Wordness64"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2" "Wordness96"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1" "Wordness128"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1" "Wordness160"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1" "Wordness192"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2" "Wordness224"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2" "LineCodePage"="UTF-8" "CJKAmbigWide"=dword:00000000 "UTF8Override"=dword:00000001 "Printer"="" "CapsLockCyr"=dword:00000000 "ScrollBar"=dword:00000000 "ScrollBarFullScreen"=dword:00000000 "ScrollOnKey"=dword:00000000 "ScrollOnDisp"=dword:00000001 "EraseToScrollback"=dword:00000001 "LockSize"=dword:00000000 "BCE"=dword:00000001 "BlinkText"=dword:00000000 "X11Forward"=dword:00000000 "X11Display"="" "X11AuthType"=dword:00000001 "X11AuthFile"="" "LocalPortAcceptAll"=dword:00000000 "RemotePortAcceptAll"=dword:00000000 "PortForwardings"="" "BugIgnore1"=dword:00000000 "BugPlainPW1"=dword:00000000 "BugRSA1"=dword:00000000 "BugIgnore2"=dword:00000000 "BugHMAC2"=dword:00000000 "BugDeriveKey2"=dword:00000000 "BugRSAPad2"=dword:00000000 "BugPKSessID2"=dword:00000000 "BugRekey2"=dword:00000000 "BugMaxPkt2"=dword:00000000 "BugWinadj"=dword:00000000 "BugChanReq"=dword:00000000 "StampUtmp"=dword:00000001 "LoginShell"=dword:00000001 "ScrollbarOnLeft"=dword:00000000 "BoldFont"="" "BoldFontIsBold"=dword:00000000 "BoldFontCharSet"=dword:00000000 "BoldFontHeight"=dword:00000000 "WideFont"="" "WideFontIsBold"=dword:00000000 "WideFontCharSet"=dword:00000000 "WideFontHeight"=dword:00000000 "WideBoldFont"="" "WideBoldFontIsBold"=dword:00000000 "WideBoldFontCharSet"=dword:00000000 "WideBoldFontHeight"=dword:00000000 "ShadowBold"=dword:00000000 "ShadowBoldOffset"=dword:00000001 "SerialLine"="COM1" "SerialSpeed"=dword:00002580 "SerialDataBits"=dword:00000008 "SerialStopHalfbits"=dword:00000002 "SerialParity"=dword:00000000 "SerialFlowControl"=dword:00000001 "WindowClass"="" "ConnectionSharing"=dword:00000000 "ConnectionSharingUpstream"=dword:00000001 "ConnectionSharingDownstream"=dword:00000001 "SSHManualHostKeys"="" [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\OpenWRT-WAN-SSH] "Present"=dword:00000001 "HostName"="your.ddns.com" "LogFileName"="C:\\PuTTY\\putty.log" "LogType"=dword:00000000 "LogFileClash"=dword:ffffffff "LogFlush"=dword:00000001 "SSHLogOmitPasswords"=dword:00000001 "SSHLogOmitData"=dword:00000000 "Protocol"="ssh" "PortNumber"=dword:00000016 "CloseOnExit"=dword:00000001 "WarnOnClose"=dword:00000001 "PingInterval"=dword:00000000 "PingIntervalSecs"=dword:00000000 "TCPNoDelay"=dword:00000001 "TCPKeepalives"=dword:00000000 "TerminalType"="xterm" "TerminalSpeed"="38400,38400" "TerminalModes"="CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICRNL=A,IEXTEN=A,IGNCR=A,IGNPAR=A,IMAXBEL=A,INLCR=A,INPCK=A,INTR=A,ISIG=A,ISTRIP=A,IUCLC=A,IXANY=A,IXOFF=A,IXON=A,KILL=A,LNEXT=A,NOFLSH=A,OCRNL=A,OLCUC=A,ONLCR=A,ONLRET=A,ONOCR=A,OPOST=A,PARENB=A,PARMRK=A,PARODD=A,PENDIN=A,QUIT=A,REPRINT=A,START=A,STATUS=A,STOP=A,SUSP=A,SWTCH=A,TOSTOP=A,WERASE=A,XCASE=A" "AddressFamily"=dword:00000000 "ProxyExcludeList"="" "ProxyDNS"=dword:00000001 "ProxyLocalhost"=dword:00000000 "ProxyMethod"=dword:00000000 "ProxyHost"="proxy" "ProxyPort"=dword:00000050 "ProxyUsername"="" "ProxyPassword"="" "ProxyTelnetCommand"="connect %host %port\\n" "Environment"="" "UserName"="root" "UserNameFromEnvironment"=dword:00000000 "LocalUserName"="" "NoPTY"=dword:00000000 "Compression"=dword:00000000 "TryAgent"=dword:00000001 "AgentFwd"=dword:00000001 "GssapiFwd"=dword:00000000 "ChangeUsername"=dword:00000000 "Cipher"="aes,WARN,3des,blowfish,arcfour,des" "KEX"="dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN" "RekeyTime"=dword:0000003c "RekeyBytes"="1G" "SshNoAuth"=dword:00000000 "SshBanner"=dword:00000001 "AuthTIS"=dword:00000000 "AuthKI"=dword:00000001 "AuthGSSAPI"=dword:00000001 "GSSLibs"="gssapi32,sspi,custom" "GSSCustom"="" "SshNoShell"=dword:00000000 "SshProt"=dword:00000003 "LogHost"="" "SSH2DES"=dword:00000000 "PublicKeyFile"="C:\\PuTTY\\OpenWRT.ppk" "RemoteCommand"="" "RFCEnviron"=dword:00000000 "PassiveTelnet"=dword:00000000 "BackspaceIsDelete"=dword:00000001 "RXVTHomeEnd"=dword:00000000 "LinuxFunctionKeys"=dword:00000000 "NoApplicationKeys"=dword:00000000 "NoApplicationCursors"=dword:00000000 "NoMouseReporting"=dword:00000000 "NoRemoteResize"=dword:00000000 "NoAltScreen"=dword:00000000 "NoRemoteWinTitle"=dword:00000000 "RemoteQTitleAction"=dword:00000001 "NoDBackspace"=dword:00000000 "NoRemoteCharset"=dword:00000000 "ApplicationCursorKeys"=dword:00000000 "ApplicationKeypad"=dword:00000000 "NetHackKeypad"=dword:00000000 "AltF4"=dword:00000001 "AltSpace"=dword:00000001 "AltOnly"=dword:00000000 "ComposeKey"=dword:00000000 "CtrlAltKeys"=dword:00000001 "TelnetKey"=dword:00000000 "TelnetRet"=dword:00000001 "LocalEcho"=dword:00000002 "LocalEdit"=dword:00000002 "Answerback"="PuTTY" "AlwaysOnTop"=dword:00000000 "FullScreenOnAltEnter"=dword:00000000 "HideMousePtr"=dword:00000000 "SunkenEdge"=dword:00000000 "WindowBorder"=dword:00000005 "CurType"=dword:00000001 "BlinkCur"=dword:00000001 "Beep"=dword:00000001 "BeepInd"=dword:00000000 "BellWaveFile"="" "BellOverload"=dword:00000001 "BellOverloadN"=dword:00000005 "BellOverloadT"=dword:000007d0 "BellOverloadS"=dword:00001388 "ScrollbackLines"=dword:00002710 "DECOriginMode"=dword:00000000 "AutoWrapMode"=dword:00000001 "LFImpliesCR"=dword:00000000 "CRImpliesLF"=dword:00000000 "DisableArabicShaping"=dword:00000000 "DisableBidi"=dword:00000000 "WinNameAlways"=dword:00000001 "WinTitle"="Secure Shell - OpenWRT (Remote)" "TermWidth"=dword:00000050 "TermHeight"=dword:00000028 "Font"="Lucida Console" "FontIsBold"=dword:00000000 "FontCharSet"=dword:00000000 "FontHeight"=dword:0000000a "FontQuality"=dword:00000003 "FontVTMode"=dword:00000004 "UseSystemColours"=dword:00000000 "TryPalette"=dword:00000000 "ANSIColour"=dword:00000001 "Xterm256Colour"=dword:00000001 "BoldAsColour"=dword:00000002 "Colour0"="170,210,0" "Colour1"="255,125,0" "Colour2"="25,25,25" "Colour3"="20,20,20" "Colour4"="0,163,255" "Colour5"="0,163,255" "Colour6"="0,0,0" "Colour7"="85,85,85" "Colour8"="187,0,0" "Colour9"="255,85,85" "Colour10"="0,187,0" "Colour11"="85,255,85" "Colour12"="187,187,0" "Colour13"="255,255,85" "Colour14"="0,163,255" "Colour15"="0,100,255" "Colour16"="187,0,187" "Colour17"="255,85,255" "Colour18"="0,187,187" "Colour19"="85,255,255" "Colour20"="187,187,187" "Colour21"="255,255,255" "RawCNP"=dword:00000000 "PasteRTF"=dword:00000000 "MouseIsXterm"=dword:00000000 "RectSelect"=dword:00000000 "MouseOverride"=dword:00000001 "Wordness0"="0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0" "Wordness32"="0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1" "Wordness64"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2" "Wordness96"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1" "Wordness128"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1" "Wordness160"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1" "Wordness192"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2" "Wordness224"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2" "LineCodePage"="UTF-8" "CJKAmbigWide"=dword:00000000 "UTF8Override"=dword:00000001 "Printer"="" "CapsLockCyr"=dword:00000000 "ScrollBar"=dword:00000000 "ScrollBarFullScreen"=dword:00000000 "ScrollOnKey"=dword:00000000 "ScrollOnDisp"=dword:00000001 "EraseToScrollback"=dword:00000001 "LockSize"=dword:00000000 "BCE"=dword:00000001 "BlinkText"=dword:00000000 "X11Forward"=dword:00000000 "X11Display"="" "X11AuthType"=dword:00000001 "X11AuthFile"="" "LocalPortAcceptAll"=dword:00000000 "RemotePortAcceptAll"=dword:00000000 "PortForwardings"="L8000=127.0.0.1:80" "BugIgnore1"=dword:00000000 "BugPlainPW1"=dword:00000000 "BugRSA1"=dword:00000000 "BugIgnore2"=dword:00000000 "BugHMAC2"=dword:00000000 "BugDeriveKey2"=dword:00000000 "BugRSAPad2"=dword:00000000 "BugPKSessID2"=dword:00000000 "BugRekey2"=dword:00000000 "BugMaxPkt2"=dword:00000000 "BugWinadj"=dword:00000000 "BugChanReq"=dword:00000000 "StampUtmp"=dword:00000001 "LoginShell"=dword:00000001 "ScrollbarOnLeft"=dword:00000000 "BoldFont"="" "BoldFontIsBold"=dword:00000000 "BoldFontCharSet"=dword:00000000 "BoldFontHeight"=dword:00000000 "WideFont"="" "WideFontIsBold"=dword:00000000 "WideFontCharSet"=dword:00000000 "WideFontHeight"=dword:00000000 "WideBoldFont"="" "WideBoldFontIsBold"=dword:00000000 "WideBoldFontCharSet"=dword:00000000 "WideBoldFontHeight"=dword:00000000 "ShadowBold"=dword:00000000 "ShadowBoldOffset"=dword:00000001 "SerialLine"="COM1" "SerialSpeed"=dword:00002580 "SerialDataBits"=dword:00000008 "SerialStopHalfbits"=dword:00000002 "SerialParity"=dword:00000000 "SerialFlowControl"=dword:00000001 "WindowClass"="" "ConnectionSharing"=dword:00000000 "ConnectionSharingUpstream"=dword:00000001 "ConnectionSharingDownstream"=dword:00000001 "SSHManualHostKeys"=""


doc/howto/multi-hop-ssh.txt · Last modified: 2015/12/12 07:01 by tmomas