LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-21-2009, 08:19 PM   #1
dynamics
LQ Newbie
 
Registered: Aug 2009
Location: Guildford
Distribution: Ubuntu Jaunty
Posts: 12

Rep: Reputation: 0
VPN set up : work from home


Hi
I am a research student and work from my hostel LAN in the night. I am a n00b and don't know anything about VPN or tunneling.
After googling a lot I found out a working method to connect to my lab machine from home by using ssh tunneling. Here is what I was doing to connect to lab machine from my laptop in hostel

Here 131.x.x.f is the firewall
131.x.x.4 is the machine in my lab connected to 131.x.x.f

mynotebook$ ssh -L 5900:131.x.x.4:22 131.x.x.f -l my_user_name
Password:

Then I open another terminal and type

mynotebook$ ssh -Y 127.0.0.1 -p 5900 -l my_user_name
Password:

By doing this I could open any GUI based application virtually in my machine.

The problem with this method is I have to type password several times if I want to copy any files to/from my lab machine.

Now I want to use VPN. How can I set up a VPN using the above available data (firewall IP address and my accounts password, lab machine's IP address and password)

What other details I may need to set up a VPN.

Thanks in advance.
Vinod
 
Old 10-22-2009, 01:24 AM   #2
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
Quote:
Originally Posted by dynamics View Post
The problem with this method is I have to type password several times if I want to copy any files to/from my lab machine.

You might not have tried using shared key authentication. Authentication is handled without typing any passwords when you share a public key with the other server (office). Here's how.

Edit your remote host's /etc/ssh/sshd_config and change these directives (if needed, although this might already work):

PubkeyAuthentication yes
PasswordAuthentication no
PAMAuthenticationViaKbdInt yes
UsePrivilegeSeparation no


Save the changes, then restart SSH:

# /etc/init.d/ssh restart

Then from bash, build your keypair:

# ssh-keygen -t dsa

This creates two files; one is your private key "id_dsa", the other is your public key "id_dsa.pub", and by default they are generated in your ~/.ssh path. *DO NOT* type a password when prompted. Just hit <return> twice.

Copy your public key into the remote host's ~/.ssh/authorized_keys file.

# ssh <remote_host> < ~/.ssh/id_dsa.pub 'cat >> ~/.ssh/authorized_keys'

[HINT: You may need to create the ~/.ssh path on the remote host]

Now, try to log into the remote host:

# ssh <remote_host>

You should be authenticated without typing passwords.
 
Old 10-22-2009, 02:35 PM   #3
dynamics
LQ Newbie
 
Registered: Aug 2009
Location: Guildford
Distribution: Ubuntu Jaunty
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks a lot.
I will try this.

Quote:
Originally Posted by wfh View Post
You might not have tried using shared key authentication. Authentication is handled without typing any passwords when you share a public key with the other server (office). Here's how.

Edit your remote host's /etc/ssh/sshd_config and change these directives (if needed, although this might already work):

PubkeyAuthentication yes
PasswordAuthentication no
PAMAuthenticationViaKbdInt yes
UsePrivilegeSeparation no


Save the changes, then restart SSH:

# /etc/init.d/ssh restart

Then from bash, build your keypair:

# ssh-keygen -t dsa

This creates two files; one is your private key "id_dsa", the other is your public key "id_dsa.pub", and by default they are generated in your ~/.ssh path. *DO NOT* type a password when prompted. Just hit <return> twice.

Copy your public key into the remote host's ~/.ssh/authorized_keys file.

# ssh <remote_host> < ~/.ssh/id_dsa.pub 'cat >> ~/.ssh/authorized_keys'

[HINT: You may need to create the ~/.ssh path on the remote host]

Now, try to log into the remote host:

# ssh <remote_host>

You should be authenticated without typing passwords.
 
Old 10-23-2009, 10:17 AM   #4
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
I remember the absolute pleasure I took when this first worked for me : )
 
Old 10-24-2009, 08:08 AM   #5
dynamics
LQ Newbie
 
Registered: Aug 2009
Location: Guildford
Distribution: Ubuntu Jaunty
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by wfh View Post
Edit your remote host's /etc/ssh/sshd_config and change these directives (if needed, although this might already work):
In the above context which is remote host? Is it my machine or the firewall (131.x.x.f) or my lab machine '131.x.x.4' ?
Why I am asking is if it is fire wall I cannot edit the files you said (no permission).
Anyway I edited my system's /etc/ssh/sshd_config file. It was fine up to this line

Quote:
Originally Posted by wfh View Post
Copy your public key into the remote host's ~/.ssh/authorized_keys file.

# ssh <remote_host> < ~/.ssh/id_dsa.pub 'cat >> ~/.ssh/authorized_keys'
My terminal complains about '<' in the above line. Anyway I tried this

# ssh <my_system> ~/.ssh/id_dsa.pub 'cat >> /.ssh/authorized_keys'

Then it asks for password and after typing the password it says Permission denied :-(

Sorry for being dumb.
Regards
 
Old 10-25-2009, 01:51 AM   #6
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
Quote:
Originally Posted by dynamics View Post
In the above context which is remote host? Is it my machine or the firewall (131.x.x.f) or my lab machine '131.x.x.4' ?
Why I am asking is if it is fire wall I cannot edit the files you said (no permission).
Anyway I edited my system's /etc/ssh/sshd_config file. It was fine up to this line
Let's assume that you are working from your home computer.

From the home computer, generate your keypair using the ssh-keygen command. Then, copy the public key from your home computer to the office computer (adding it to the end of '~/.ssh/authorized_keys' on the office computer).

Edit the office computer's /etc/ssh/sshd to allow 'PubkeyAuthentication yes'. Then, reload the office computer's sshd daemon.

Quote:
My terminal complains about '<' in the above line.
You should substitute the IP address of the remote host where I wrote <my_system>. In this case you are working from your home computer and the remote host is the office computer.

You asked about the firewall. If your firewall is simply passing the SSH connection request directly to the office computer, then the firewall doesn't enter into this scenario. If you are using NAT, then things would be different (I don't think you are, or else you would not be ssh'ing to the office host).

If this doesn't work, post what you've done and we'll get it straightened out. No worry. You're making all the "correct mistakes" : ) You're halfway home, now.

After you get the home-to-office connection working, you might want to reverse this process; generate a unique keypair for the office computer, copy the public key back to your home system following the same plan as above. This would give you the ability to connect to your home system from work without having to type your password.
 
Old 10-27-2009, 07:10 PM   #7
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
Any luck?
 
Old 10-28-2009, 12:43 AM   #8
dynamics
LQ Newbie
 
Registered: Aug 2009
Location: Guildford
Distribution: Ubuntu Jaunty
Posts: 12

Original Poster
Rep: Reputation: 0
Well,
I have not edited my office computer's ssh_config. I will try that tomorrow.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable To VPN From Home carlosinfl Linux - Security 1 09-04-2008 06:37 PM
VPN Set UP using Linux nuurul_basar Linux - Networking 2 06-08-2005 10:27 PM
PPTP VPN remote connection from home powah Linux - Networking 0 05-02-2005 09:10 PM
Encryption on VPN via Windows XP home NetAX Linux - Networking 2 11-07-2004 02:56 PM
VPN to company over Wireless home network rgeelen Linux - Wireless Networking 1 05-20-2004 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration