Differences

This shows you the differences between two versions of the page.

Link to this comparison view

wiki:infrastructure_tools:ssh:ssh-vpn-tunnel [2014/01/18 23:56] (current)
Line 1: Line 1:
 +====== SSH VPN Tunnel ======
 +
 +===== Preface =====
 +
 +It is possible to use SSH server like VPN concentrator. In this case you are able to route traffic between two or more subnets with using SSH connection like in standard VPN solution.
 +
 +<note tip>**To use this feature you will need to use ROOT account on source as well on destination server. **
 +
 +**According to this make sure:**
 +
 +**- That you are using SSH Key authentication ONLY !** \\
 +**- That your IPTABLES is configured correctly !** \\
 +**- That your SELinux is configured correctly !** \\
 +**- That your SSH is not enabling too much for as a root logged in users !**</​note>​
 +=====   =====
 +
 +===== Creating SSH VPN Tunnel =====
 +
 +====   ====
 +
 +==== SSH Server configuration ====
 +
 +On SSH Server it is required to enable this type of tunneling in “/​etc/​ssh/​sshd_config “.
 +
 +<​code>​
 +PermitRootLogin yes                                 # Enable Root Loggin to system
 +PermitTunnel yes                                    # Enable this typ of tunneling
 +PasswordAuthentication no                           # Disable Using of Passwords for Authentication
 +AuthorizedKeysFile ​    ​.ssh/​authorized_keys ​        # Location of user key in user home dir
 +RSAAuthentication yes                               # Enable User Key Authentication
 +PubkeyAuthentication yes                            # Enable User Public key Authentication
 +ChallengeResponseAuthentication no                  # Disable ​ s/key (onetime) password Authentication
 +UsePAM no                                           # Disable external PAM Authentication
 +</​code>​
 +
 +Restart SSH Service
 +
 +<​code>​
 +# ps -elf | grep sshd                                                                    # Search for SSHD PID
 +5 S root     ​25161 ​    ​1 ​ 0  80   0 - 16651 poll_s 22:16 ?   ​00:​00:​00 /​usr/​sbin/​sshd
 +# kill -HUP 25161                                                                        # Reload config in SSHD process
 +</​code>​
 +
 +Restart in CentOS / RHEL
 +
 +<​code>​
 +# /​etc/​init.d/​sshd restart
 +Stopping sshd:                                             ​[ ​ OK  ]
 +Starting sshd:                                             ​[ ​ OK  ]
 +</​code>​
 +
 +====   ====
 +
 +==== Establish SSH VPN Tunnel ====
 +
 +On SSH Client site run this command:
 +
 +<​code>​
 +# ssh -C -w 1:1 root@server
 +</​code>​
 +
 +<note tip>
 +
 +This command will create "​tun1"​ device on SSH Client as well SSH Server Site in the case that you will prefer to use different interface change the parameter “-w local_tun[:​remote_tun] “
 +
 +</​note>​
 +
 +<note tip>I do prefer to use " -C " switch to compress the traffic in tunnel.</​note>​
 +
 +==== Check the new “tun” Interface ====
 +
 +On SSH Client and SSH Server site you are able to see new network interface. In our case it is called “tun1”.
 +
 +It is possible to use this interface like standard network interface, you can: \\
 +- Assign a IP to this interface \\
 +- Route network traffic to this interface \\
 +- …
 +
 +<​code>​
 +# ifconfig tun1                                                                       # It shall be possible to see same result
 +tun1      Link encap:​UNSPEC ​ HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
 +          POINTOPOINT NOARP MULTICAST ​ MTU:​1500 ​ Metric:1
 +          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 +          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 +          collisions:​0 txqueuelen:​500
 +          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 +</​code>​
 +
 +====   ====
 +
 +=====   =====
  
Navigation
Print/export
QR Code
QR Code wiki:infrastructure_tools:ssh:ssh-vpn-tunnel (generated for current page)