Difference between revisions of "Setting up an SSH Tunnel between CPRS & VistA"
m |
(Added a glossary link to CPRS~) |
||
| (6 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | Begin by installing putty onto | + | Begin by installing putty onto our Windows client machine. |
| + | Download from [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html here]. We need the program Plink (a command-line interface to the PuTTY back ends). | ||
| − | + | Now we can use plink.exe to construct an encrypted path between the local machine (127.0.0.1) and a remote location. Here the remote machine, at address 192.168.5.102, happens to be listening at port 9260. Note that the ''local'' port chosen in this example is independently set to 9210. We could have used 9260, or any port that has no conflict. | |
| − | "C:\Program Files\PuTTY\plink.exe" -N -ssh -l remoteaccess -pw remotepw -L 9210:127.0.0.1: | + | Finally, on the remote machine we have added a user arbitrarily named "remoteaccess" with password "remotepw" solely to establish the tunnel. Here is the complete command to implement an encrypted path to the remote location: |
| + | |||
| + | "C:\Program Files\PuTTY\plink.exe" -N -ssh -l remoteaccess -pw remotepw -L 9210:127.0.0.1:9260 192.168.5.102 | ||
translation (from plink documentation): | translation (from plink documentation): | ||
| Line 12: | Line 15: | ||
-L local_port:address:remote_port remote_address | -L local_port:address:remote_port remote_address | ||
| − | Now, if the Windows shortcut for CPRS will use the local port and address, a secure connection will be made to the remote port and address at the other end. | + | Now, if the Windows shortcut for [[CPRS~|CPRS]] will use the local port and address, a secure connection will be made to the remote port and address at the other end. So you replace |
| − | + | ... -s 192.168.5.102 -p 9260 ... | |
| + | with | ||
| + | ... -s 127.0.0.1 -p 9210 ... | ||
| + | and the [[CPRS~|CPRS]] client will connect exactly as before but now over the secure SSH tunnel. | ||
| + | Putty is capable of generating public/private key pairs that can replace the -pw section of the plink command [http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html#pubkey "Putty Manual Chapter8"] | ||
''under construction, input welcome.'' | ''under construction, input welcome.'' | ||
| − | --[[User:JohnLeoZ|JL.Z]] | + | Needs more on securing user |
| + | --[[User:JohnLeoZ|JL.Z]] 17:38, 22 Aug 2009 (CDT) | ||
Latest revision as of 23:45, 9 August 2012
Begin by installing putty onto our Windows client machine. Download from here. We need the program Plink (a command-line interface to the PuTTY back ends).
Now we can use plink.exe to construct an encrypted path between the local machine (127.0.0.1) and a remote location. Here the remote machine, at address 192.168.5.102, happens to be listening at port 9260. Note that the local port chosen in this example is independently set to 9210. We could have used 9260, or any port that has no conflict.
Finally, on the remote machine we have added a user arbitrarily named "remoteaccess" with password "remotepw" solely to establish the tunnel. Here is the complete command to implement an encrypted path to the remote location:
"C:\Program Files\PuTTY\plink.exe" -N -ssh -l remoteaccess -pw remotepw -L 9210:127.0.0.1:9260 192.168.5.102
translation (from plink documentation):
-N Do not start a shell -ssh encrypted link -l user name on the remote system, here we have set up "remoteaccess" -pw password for the remote user, in this example it is "remotepw" -L local_port:address:remote_port remote_address
Now, if the Windows shortcut for CPRS will use the local port and address, a secure connection will be made to the remote port and address at the other end. So you replace
... -s 192.168.5.102 -p 9260 ...
with
... -s 127.0.0.1 -p 9210 ...
and the CPRS client will connect exactly as before but now over the secure SSH tunnel.
Putty is capable of generating public/private key pairs that can replace the -pw section of the plink command "Putty Manual Chapter8"
under construction, input welcome.
Needs more on securing user
--JL.Z 17:38, 22 Aug 2009 (CDT)
