SSH is much more than a “secure” alternative to telnet.

besides terminal services it supports:

• Strong Encryption (AES-256, 3DES, Blowfish…)
• Strong Authentication ((One Time) Passwords, Public Keys)
• File Transfer
• Port Forwarding

SSH is also not suspectible to Man-In-The-Middle attacks (besides the first ever logon to a server where you get the host key).

On top of that stable foundation, SSH can tunnel nearly every TCP protocol through his secure channel. This is especially interesting because you can forward insecure protocols like smtp or pop3 through the tunnel or add another layer of authentication to a protocol, e.g. key based authentication over a terminal services password logon.

And really cool about that – you only have to open the SSH port (TCP/22) on the firewall or local packet filter – all the other protocol get tunneled through this port. this radically reduces the attack surface.

to get up and running:

• Get a copy of OpenSSH from Cygwin.
• Install it on your server machine. This can be a little bit tricky – you have to pick Admin/Cygrunsrv and Net/OpenSSH from the tree. i would also recommend to install Doc/CygwinDoc and Editor/VIM (good old VI).
• After installation start the Cygwin shell and execute “ssh-host-config -y”. This will generate the keypair and set everything up.
• Some versions of the installer vary if they ask you about setting up SSHD as a Windows Service. If you get asked say yes. If not run “cygrunsrv -S sshd”.

you should now already be able to connect with “ssh localhost”. SSH maps the initial passwd file to your Windows accounts.

If you want to have full SSH support und Unix feeling on the client, install Cygwin on your client machine. you just have to install it – no configuration of SSH is neccesary (as you only have to do that on servers).

A more lightweight alternative is to use putty as a SSH client. Putty has only 400K, is a single exe and does not have to be installed.

Port Forwarding
I use port forwarding in two cases.

1. to connect to my web server box using terminal services. you first open the tunnel with the following command

ssh -L3389:localhost:3389 user@192.168.0.5

this opens up a local listener on port 3389 and waits for incoming connections. Then SSH forwards all packets to the other end of the tunnel (in that case 192.168.0.5) to port 3389. All you have to do now is to fire up your Remote Desktop Client and connect to 127.0.0.1 (check my previous post)

2. to send and retrieve emails. you know that smtp and pop3 send everything in clear text. this includes your mails and your password. and – e.g. when i do a security class, there are always some guys that use those nasty tools i showed them to sniff MY traffic  (just to show me that they can do it). i certainly don’t want to change my mail password after every class…and also i don’t have to open port 110 (pop3) on my mail server.

to set up mail tunneling, use this command:

ssh -C -L 110:localhost:110 -L 25:localhost:25 user@192.168.0.5

now configure your outlook to contact smtp and pop3 servers on 127.0.0.1. Even if the tunnel is not running – your password will never leave your machine over the wire.

You can also use putty to set up forwarding. go to the Connection/SSH/Tunnel configuration page and create new entries in the port forwarding list. Choose a local port to listen on and choose localhost:destination_port as a destination.