Create your own Virtual Private Network for SSH with Putty

Introduction

I have multiple Linux machines at my home. Previously, when I needed SSH access to these machines I used to set up port forwarding on my router to each of these machines. It was a tedious process of enabling port forwarding and then disabling it after use.

It was also difficult to remember the port number forwarded for a particular machine. But now I found a cooler way to get SSH access to all my machines at home without setting up port forwarding or remembering any port numbers and most importantly, I can address my home machines with local subnet IP address, no matter wherever I connect from the internet.

Requirements

Remote machine with PuTTY Key Generator installed in it.
Home router’s internet accessible IP address or dynamic DNS (DDNS) address.
One/more Linux/Windows machine(s) to which direct SSH access is required.
On the router, port forwarding is enabled for SSH service to at least one of these machines.

Setup

The basic idea to get this working is that we make one initial SSH connection to our home machine. Then using this connection as a tunnel we can connect to any machines at home by addressing them with local sub-network addresses (such as 192.168.x.x). So the high-level steps are:

1. Open a PuTTY session and configure it to act as a tunnel.
2. From this session connect to your default SSH server at home.
3. Open another PuTTY session and configure it use the previous PuTTY session as a proxy.
4. SSH connect to any machine at home using the local subnet IP address. Since we are using a proxy it will resolve the local subnet’s IP address properly.
5. You can make any number of connections to all your home machines by just repeating steps (3) and (4).
   Note: If on the remote network’s subnet is the same as your home network’s subnet then you might run into IP conflicts.

Step-by-Step

1) On the remote system, open PuTTY enters the IP address or dynamic DNS (DDNS) name in the hostname field. Select “SSH” as the connection type. Port 22 will be selected which can be left alone unless you run the SSH service on a different port. Note: Though your PuTTY screen might look a little different than the one seen here due to version differences, the basic steps would be still the same

In our example,
Host Name = demo123.dyndns.org
Port= 22

 

2) In PuTTY, on the left-hand navigation panel, open the SSH option and select “Tunnels”.

In the tunnels screen, set these values
Source Port: 3000 (this is the port at which our proxy service listens to, this port can be changed to any but preferably a number larger than 1024)
Destination Port: (Leave Blank)
Finally, select “Dynamic” from the radio button options.

 

3) Important: Click “Add” to add the tunnel settings to the connection.

 

4) On the left-hand navigation panel, move the scrollbar to the top and click session. You will be seeing the settings entered in step(1). Now we can save the whole connection settings. Add a name for this connection in the saved sessions textbox and click save.

 

5) Click open, to open a connection to the home machine, and enter login and password information for the remote machine. This user needs not to be a root user, but it needs to be a user with network access on the remote machine.

That brings to the end of the PuTTY configuration. Now you have a proxy tunnel connection from the remote machine to one of the home machines. Now we are ready to connect to any home machine.

6) Open another PuTTY session. Select the options “Proxy” from the navigation panel. On the right-side proxy options, enter only the following information. Don’t change any other settings.

Proxy type: select “SOCKS 4”
Proxy hostname: enter “localhost”
Port: 3000

 

7) Click on the “Session” option from the navigation panel. Enter a name under the “Saved Sessions” text field. Don’t enter any information in the “Host Name” field. Now click “Save”. Now we have a template connection session using our proxy.

8 ) Now enter the local subnet IP address of a machine at home and click open. The connection gets routed through the proxy tunnel and you will be connected to the home machine directly. Similarly, you can connect to another home machine by opening PuTTY and loading the template we created and just filling in the machine’s local subnet IP address.

 

BTW, if you think just SSH access is not cool enough, you can do more cool stuff like

• Listening to music stored at home
• Viewing/sharing photos with friends and family
• Creating schedules, Todos, notes, etc., securely at a home computer

For more information on how to load the key and connect via SSH using PuTTY, please visit PuTTYkey.com.