openssh unix dev - May 2002 - tunnel connection like a service with cygwin orotherproducts?

Stephan Hendl wrote:
>Darren Tucker wrote:
>> The first part should be easy: use cygwin openssh client using some
kind
>> of passwordless authentication (eg RSA).
>> 
>> To make it run entirely in the background, run it from cygrunsrv (part
>> of Cygwin) or SRVANY (NT resource kit). Neither of these work on W95,
>> only NT or W2K.
>
> How does the cygrunsrv work? Unfortunately I cannot find this utility in
the cygwin distribution...
Download the setup.exe from sources.redhat.com/cygwin. You can find
cygrunsrv under "Admin" Category.

I just set up a basic forwarder. The steps I took were (on the client):

# ssh-keygen -t rsa -f /.ssh/id_rsa
Generating public/private rsa key pair.
[set a null password]

# scp /.ssh/id_rsa.pub dtucker at 192.168.1.1:.ssh/authorized_keys
Password:

# ssh 192.168.1.1 echo passwordless auth works
passwordless auth works

# cygrunsrv -I SSHFWD -p /usr/bin/ssh -a "-L 3128:192.168.1.1:3128 -v -N
-l dtucker 192.168.1.1"

# net start SSHFWD

# netstat -an | grep 3128
  TCP    127.0.0.1:3128         0.0.0.0:0              LISTENING

# telnet 127.0.0.1 3128
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
HEAD http://www.openssh.com/ HTTP/1.0

HTTP/1.0 200 OK
[snip]
Connection closed by foreign host.

# tail -1 /var/log/SSHFWD.log
debug1: channel_free: channel 1: direct-tcpip: listening port 3128 for
192.168.1.1 port 3128, connect from 127.0.0.1 port 1891, nchannels 2

For production use, you'd probably want to set up a dedicated account
(possibly with a shell of /bin/false), make the authetication stronger
(eg by specifying "from=" on the authorized_keys entry) and write a
wrapper script for the client side to restart on connection failure.

		-Daz.