Secure Connectivity on the Road

[March 2007]
Secure Connectivity on the Road
Use OpenSSH and Squid to create a non-Microsoft VPN
By: Mark Joseph Edwards
Solutions +
InstantDoc #94902
From the March 2007 edition of Windows IT Pro

Then you must also create a group file and a passwd file, both of which determine who is allowed to log on to the OpenSSH server. The group file contains a list of groups extracted from the local system's Windows registry, which OpenSSH uses to map permissions similar to the way Windows does. The passwd file contains a list of users, also extracted from the local system's registry, who are allowed to log on to the OpenSSH server.

To create the group file, change to the OpenSSH bin subdirectory and type the following command:

mkgroup -l >> ..\etc\group

This command dumps the local registry's groups into the group file in the etc subdirectory.

Next, use the following command to create the passwd file that authorizes users to log on to the OpenSSH server:

mkpasswd -l -u XYZ >>  ..\etc\passwd

where XYZ is your local logon name. This command dumps the XYZ user's credentials from the local registry into the etc\passwd file. Do this for each user for whom you want to allow access.

If you want to use Windows domain accounts for authentication, use the same two commands with a -d switch instead of the -l switch and specify the appropriate Windows domain. The mkgroup command will contact your PDC for the specified domain to obtain the list of groups and accounts. Creating these two files is pretty simple, but see the OpenSSH documentation if you need more help.

If the username and password logon method isn't strong enough authentication for your needs, you can use even stronger authentication by implementing encryption keys on your OpenSSH installations. I don't have room to cover that subject here, but you can find step-by-step instructions in the key_authentication. txt file located in OpenSSH's docs\OpenSSH directory. It's relatively simple to accomplish.

Note that OpenSSH installs itself as a Windows service that automatically starts each time the system is booted. If you don't want the service to start automatically, you need to adjust the service properties to require a manual start. On Windows Server 2003, Windows XP, and Windows 2000 systems, you can adjust the service properties by using the Computer Management tool in Administrative Tools. Go to Services and Applications\Services, rightclick OpenSSH service, select Properties, then adjust the startup mode accordingly.

Step 2: Install and Configure Squid for Windows
Next, install Squid for Windows (http://www.serassio.it/SquidNT.htm) on your server system (e.g., not your mobile computer). To configure Squid for Windows, I recommend that you download and use Kraken Config for Squid (http://www.krakenreports.com/index.php?subPage=krakenConfig), which greatly simplifies configuring the proxy server. Kraken Config has a simple wizard that asks you for some basic parameters, including the local host name, disk cache size and the amount of memory Squid is allowed to use, allowed network addresses, and a few other simple details. The tool costs only $10 and, in my opinion, it's worth every penny. You can test-drive it free for 30 days, after which the monitoring features will become disabled, but even so, your Squid for Windows configuration will continue working.

After you run the Kraken Config tool, edit the squid.conf file (in Squid for Windows's etc subdirectory) to add a line such as the following:

http_port 127.0.0.1:3128

This tells Squid to listen only on the localhost address (127.0.0.1) on port 3128. It's important that you add this line with the http_port directive. If you don't, Squid for Windows will use the system's real IP address, which will cause Squid for Windows to be exposed to your local network and possibly the Internet, where others might be able to connect to it. Note that you can choose any unused port number you prefer, but you need to remember this port number because you'll need to connect to it in Step 4.

Incidentally, another benefit of using Kraken Config is that when you start the Squid for Windows service, Kraken Config's dialog window, which Figure 1 shows, will appear so that you can monitor Squid for Windows and make configuration adjustments.

Like OpenSSH, Squid for Windows installs itself as a Windows service that automatically starts each time the system is booted. You'll need to adjust the service properties if you require a manual start. To do so, follow the same instructions as described near the end of Step 1.

Prev. page 1 [2] 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

I recommend using copSSH - OpenSSH for Windows (http://www.itefix.no/phpws/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=12&MMN_position=22:22) It's a lot more up to date than Openssh for Windows 3.8.1p1. It include version 4.6p1 which patches a lot of security holes and is still updated regularly. I would also recommend using puTTy on the client side. No installation required. You can even run it from a removable flash drive.

quillinanm- March 13, 2007

Article Rating 3 out of 5

ADS BY GOOGLE

SQL JOB OPENINGSSPONSORED LINKS

GoGrid Offers FREE Trial for Windows Cloud Servers: Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

"Real Time BI" Through Real Time Data Integration: Yesterday's data is no longer sufficient to run a business, change data capture (CDC) is an innovative new software technology that is changing the data integration landscape. Find out more…

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Featured Web Seminar - Change Management & Compliance: Learn how monitoring and change management are vital aspects of both day-to-day operations as well as compliance scenarios.

FEATURED LINKS

Ease Your Scripting Pains with the Flexibility of PowerShell!: Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

You’ve Deployed SharePoint…Now What?: This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Virtualization Technologies and Disaster Recovery Planning: Download this paper to see how you can realize up to 70% cost savings by using virtualization technologies in your disaster recovery plan.

Coming in December –SQL Live Event Series: Join independent experts to discover about if or when you should make the critical upgrade decision about SQL Server 2008

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Reader Comments

Learning Path

Windows IT Pro Resources

Related Events

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

FEATURED LINKS