J.2 SSH Tunneling between a Windows Management Console and a Linux Managed Device

SSH clients are also available for Windows, Macintosh, and other platforms, but if you want servers on these platforms you might need to use a commercial version or route your connection via a Linux device.

There are several scenarios for using SSH tunneling between a Windows management console and a Linux managed device. For the sake of simplicity, the following procedure uses a scenario in which you are using a Windows laptop “viewer” in a non-secure Wide Area Network to remotely control your Linux managed device “work” installed inside your secure Local Area Network. Another Linux device called “gateway” is in your secure local area network and runs the SSH daemon. The following steps explain how you can use the PuTTY SSH client to configure an SSH tunnel so that the Remote Management data is encrypted when it travels between “viewer” and “gateway” and is then forwarded to “work” inside the secure network.

NOTE:The PuTTY SSH client is available at the PuTTY site. If you are using other SSH client software, use the appropriate commands for that software.

  1. Enter the following command in the shell prompt:

    putty -L 5952:work:5950 gateway

    The first argument is the local forwarding option, which says that the local fake port 5952 should be created and connected to the genuine port work:5950. The second argument is the main non-option parameter to SSH, which tells it to connect to the device that runs the SSH daemon.

  2. In the PuTTY Security Alert dialog box, verify that the key matches with that of the “gateway” device, then click Yes.

  3. To establish the SSH tunnel between “viewer” and “gateway,” you need to require authentication to “gateway.” Specify a valid username and password of the “gateway” device in the PuTTY dialog box, then click Yes.

  4. Any connections to port 5952 on your local management console would actually connect to 5950 on “work,” so instead of running a vnc viewer as

    vncviewer work:50

    run it as follows

    vncviewer localhost :52

    Windows Console to Linux managed device with tunneling

NOTE:If you are using the Linux VNC viewer to connect via SSH, when the viewer connects to a server on the local management console, by default it uses VNC’s pixel encoding because this generally gives better performance for local access. If this server is actually an SSHD redirecting the data for another workstation, you can override this using the -tight option to the viewer or you can send more data over the network.