SSH Tunnel Howto

This was previously available on my homepage at Cornell, I’m trying to centralize all my websites to a single location and I include it here for your enjoyment.

Where I work, the Cornell University School of Electrical and Computer Engineering, the network only allows secure encrypted connections into the servers on the network. If you want to transfer files to and from the network, you need to use a program that supports SFTP or SCP2 transfer protocols. For users of Microsoft OS’ I recommend using SSH from SSH, Inc. which can be downloaded from ftp://ftp.ssh.com/pub/ssh/.

Unfortunately, many web design programs and other applications that use FTP do not support SFTP or SCP2, Macromedia Dreamweaver 2004 is the first and only to date that I’ve heard of that does have SFTP support built-in. Don’t worry… there is a way to get around this limitation by following a few simple steps.

  1. To use these instructions, you must have an account on the system you want to transfer files to.
  2. You must have SSH from SSH Inc. installed on the same system as the application you want to use. (There are other SSH clients that will work, but they are not covered in this howto.)
  3. These instructions assume you are running a Microsoft Windows® operating system. (I will post Apple Macintosh® instructions shortly)
  4. Start SFTP. This can be accomplished in a couple of different ways. There may be an icon that looks like this on your desktop.

    Double click it to start SFTP. Otherwise, you’ll need to click on ‘Start’, ‘Programs’, ‘SSH Secure Shell’, ‘Secure File Transfer Client’ to start the program. If you can’t find it, make sure SSH is properly installed.
  5. Before we can do anything else, we need to setup the connection profile. To do this, click on the ‘Profiles’ menu item and select ‘Add profile…’
  6. You should now see the following:
  7. Now, enter a name for this new connection like this:
  8. Now, we need to edit the profile. Select ‘Profiles’ from the menu and click on the ‘Edit profiles…’ menu item.
  9. Select your profile. In this example, it is ‘ECE People Webserver’.
  10. Make sure the ‘Connection’ tab is selected, and enter the hostname of the remote system in the ‘Host name’ field. For personal website accounts in Cornell ECE, it should be ‘people.ece.cornell.edu.’ For course websites in Cornell ECE, use ‘courses.ece.cornell.edu.’ For Cornell ECE research websites, use the name assigned to the research website. The CBCRL research website would be ‘cbcrl.ece.cornell.edu’. Check with your webmaster if you’re not sure what to use.
  11. Enter the website account username. If you’re not sure what to use, check with the your webmaster.
  12. Click on the ‘Outgoing Tunneling’ tab.
  13. Click on the ‘Add…’ button.
  14. You should now see a window like the following:
  15. Enter ‘FTP’ into the Display Name, change the Type to ‘FTP’, set the Listen Port to 21, make sure ‘Allow Local Connections Only’ is checked, make sure the ‘Destination Host’ is set to ‘localhost’, and set the ‘Destination Port’ to be ’21’, like the following example, and then click ‘OK’.
  16. Your configuration window should now look something like this.
  17. We’re almost done setting things up… click the ‘OK’ button.
  18. Let’s try the connection… select ‘Profiles’ from the menu, and then click on the name of the configuration you just set up.
  19. The first time you connect to a remote system, you will probably see a window like the following, if you do, click ‘Yes’ and continue with the next step. If you do NOT see a window like this… don’t worry, just skip to the next step anyway.
  20. You should now see the following window:
  21. Type in the password for the username you entered in the Profile configuration. If you are not sure what it is, check with your webmaster. As you type, ‘*’ characters will be displayed. This is to prevent someone from seeing what your password is. When you’re done… click ‘OK.’
  22. Hopefully, you should now see a window similar to the following window… if you do, congratulations! You are done with the tunneling configuration, go to the next step. If you don’t, retrace your steps to make sure that you have followed all of the steps.
  23. I’m not going to cover the specific configuration of web editing clients as they are all very different from each other. That said, pretty much, all you need to do is run ‘SSH Secure File Transfer’, logon to the profile you want to work with, and configure your client to use FTP with ‘localhost’ set to be the remote client, and enter your username and password where appropriate for the application. (If you have problems using ‘localhost’, you can try using ‘127.0.0.1’ instead which is the IP address that localhost is an alias/synonym for.) As long as SSH is running in the background, you will be able to upload the remote system using ‘FTP’ to ‘LOCALHOST’. NOTE: If you maintain multiple websites… make sure you’re connected to the correct one in SSH before uploading your web content.
  24. Have fun!

Paul Schuh, CISSP

Leave a Reply

Your email address will not be published. Required fields are marked *