Enable remote desktop
ssh -L 15000:REMOTESRV:3389 USER@localhost -p 20000
Remove the service:
cygrunsrv –remove AutoSSH
Check the configuration & status of the service:
cygrunsrv –query AutoSSH
Este es el bueno …..
cygrunsrv -I AutoSSH -f "Autossh tunnel" -t auto -y tcpip -O -u $USER -w $PASS -p /usr/bin/autossh -a "-M 20507 -R 51353:127.0.0.1:3389 $USER@$SERVER -p 15266 -g2CN" -e AUTOSSH_NTSERVICE=yes
- Download Cygwin (http://www.cygwin.com/)
- Install Cygwin, selecting the autossh package.
- Start the Cygwin shell (Start -> Programs -> Cygwin).
- Generate a public/private key pair.
- At the command line, run: ssh-keygen
- Accept the default file locations
- Use an empty passphrase
- Copy your newly-created public key to the SSH server.
- scp .ssh/id_rsa.pub email@example.com:id_rsa.pub
- Add your public key to your list of authorized keys on the server.
- Login to your SSH server.
- mkdir .ssh
- cat id_rsa.pub >> .ssh/authorized_keys
- Test your key.
- Logout of your SSH sever.
- Login to your SSH server again. This time, your key will be used for authentication and you won’t be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
- Logout of your SSH server.
- Exit of the Cygwin shell.
- Install autossh as a Windows service.
- Now back in Windows, open a new command Window (Start -> Run -> cmd).
- cd C:\cygwin\bin
- cygrunsrv -I AutoSSH -p /usr/bin/autossh -a “-M 20000 -L localaddress:port:serveraddress:port firstname.lastname@example.org” -e AUTOSSH_NTSERVICE=yes
- Tweak Windows service settings.
- Open the Services management console (Administrative Tools -> Services).
- Edit the properties of the AutoSSH service.
- In the “Log On” tab, select the “This account” radio button and set the service to run as your current user.
- Start the service.
- Test your tunnels.
Setup a Unbreakable SSH Tunnel
My company doesn’t have VPN setup. To be able to work from home, usually I have to setup a reversed ssh tunnel from office to my home server (my home router forwards port 12345 to my home server port 22) by running this command from my office machine:
ssh -R 10000:localhost:22 my.homeserver.com -p 12345
In this way, when I get to home, I can connect to my office by command:
ssh -p 10000 localhost
But the ssh session sometimes got timed-out and then I couldn’t connect back. It happened several time and I eventually got annoyed. To keep my connection always alive, I created a file ~/.ssh/config:
This helped a lot. But later, my company had some network issues and sometimes the network was down for hours. This broke my tunnel again. So I went even further and tried to find a solution to always keep my tunnel up — as soon as the network is available. Finally I found a program called “autossh“, which solved my problem perfectly.
First I made ssh passwordless from my office machine to my home server:
On my office machine, run following commands:
ssh-keygen -t dsa
scp ~/.ssh/id_dsa.pub my.homeserver.com:/tmp -p 12345
Then login my home server, run these commands:
cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
After this, I tried to login my home server from office again, and yes! it didn’t ask me password anymore. Finally I installed autossh with apt-get, and changed my reverse tunnel command to:
autossh -M 29001 -f -N -R 10000:localhost:22 www.coffeestone.com -p 12345
You can find more information about autossh at this page: http://gentoo-wiki.com/HOWTO_autossh.
After re-setup the reverse tunnel with command autossh, I intentionally killed the ssh session from my home server; on my office machine side, the process autossh detected it and immediately restarted a new ssh session to my home server.
Now I have a perfect unbreakable ssh tunnel!