Difference between revisions of "Setting up an SSH Tunnel between CPRS & VistA"

Revision as of 22:40, 22 August 2009

Begin by installing putty onto our Windows client machine. Download from here. We need the program Plink (a command-line interface to the PuTTY back ends).

Now we can use plink.exe to construct an encrypted path between the local machine (127.0.0.1) and a remote location. Here the remote machine, at address 192.168.5.102, happens to be listening at port 9260. Note that the local port chosen in this example is independently set to 9210. We could have used 9260, or any port that has no conflict.

Finally, on the remote machine we have added a user arbitrarily named "remoteaccess" with password "remotepw" solely to establish the tunnel. Here is the complete command to implement an encrypted path to the remote location:

"C:\Program Files\PuTTY\plink.exe" -N -ssh -l remoteaccess -pw remotepw -L 9210:127.0.0.1:9260 192.168.5.102

translation (from plink documentation):

   -N    Do not start a shell
   -ssh  encrypted link
   -l    user name on the remote system, here we have set up "remoteaccess"
   -pw   password for the remote user, in this example it is "remotepw"
   -L    local_port:address:remote_port remote_address

Now, if the Windows shortcut for CPRS will use the local port and address, a secure connection will be made to the remote port and address at the other end. So you replace

... -s 192.168.5.102 -p 9260 ...

with

... -s 127.0.0.1 -p 9210 ...

and the CPRS client will connect exactly as before but now over the secure SSH tunnel.

Putty is capable of generating public/private key pairs that can replace the -pw section of the plink command "Putty Manual Chapter8"

under construction, input welcome.

Needs more on securing user

--JL.Z 17:38, 22 Aug 2009 (CDT) --gra'pa Z 15:40, 22 Aug 2009 (PDT)