Create your own Virtual Private Network for

SSH with Putty

Introduction

I have multiple Linux machines at my home. Previously, when I needed SSH

access to these machines I used to setup port forwarding on my router to each of
these machines. It was a tedious process of enabling port forwarding and then
disabling it after use. It was also difficult to remember port number forwarded for
a particular machine. But now I found a cooler way to get SSH access to all my
machines at home without setting up port forwarding or remembering any port
numbers and most importantly, I can address my home machines with local
subnet IP address, no matter wherever I connect from the internet.

Requirements

1. Remote machine with Putty installed in it.

2. Home routers internet accessible IP address or dynamic DNS (DDNS)

address.

3. One/more Linux/Windows machine(s) to which direct SSH access is

required.

4. On the router, port forwarding is enabled for SSH service to at least one of
these machines.

Setup

The basic idea to get this working is that we make one initial SSH connection to
our home machine. Then using this connection as a tunnel we can connect to
any machines at home by addressing them with local sub-network address (such
as 192.168.x.x). So the high level steps are:

1. Open a putty session and configure it to act as a tunnel.

2. From this session connect to your default SSH server at home.

3. Open another putty session and configure it use the previous putty session
as proxy.
4. SSH connect to any machine at home using the local subnet IP address.
Since we are using a proxy it will resolve the local subnets IP address properly.

5. You can make any number of connections to all your home machines by
just repeating steps (3) and (4).
Note: If on the remote networks subnet is same as your home networks subnet
then you might run into IP conflicts.

Step-by-Step

1) On the remote system, open putty enter the IP address or dynamic DNS
(DDNS) name in the host name field. Select SSH as connection type. Port 22
will be selected which can be left alone unless you run the SSH service on a
different port. Note: Though your putty screen might look a little different than the
one seen here due to version differences, the basic steps would be still the same

In our example,
Host Name = demo123.dyndns.org
Port= 22
2) In putty, on the left-hand navigation panel, open SSH option and select
Tunnels.

In the tunnels screen, set these values

Source Port: 3000 (this is the port at which our proxy service listens to, this port
can be changed to any but preferably a number larger than 1024)
Destination Port: (Leave Blank)
Finally, select Dynamic from the radio button options.
3) Important: Click Add to add the tunnel settings to the connection.

4) On left-hand navigation panel, move the scrollbar to the top and click session.
You will be seeing the settings entered in step(1). Now we can save the whole
connection settings. Add a name for this connection in the saved sessions
textbox and click save.
5) Click open, to open connection to home machine, and enter login and
password information for the remote machine. This user need not be root user,
but it needs to be an user with network access on the remote machine. That
brings to the end of putty configuration. Now you have a proxy tunnel connection
from remote machine to one of the home machine. Now we are ready to connect
to any home machine.

6) Open another putty session. Select the options Proxy from the navigation
panel. On the right-side proxy options, enter only the following information. Dont
change any other settings.
Proxy type : select SOCKS 4
Proxy hostname : enter localhost
Port : 3000

7) Click on the Session option from the navigation panel. Enter a name under
Saved Sessions text field. Dont enter any information in the Host Name field.
Now click Save. Now we have a template connection session using our proxy.
8 ) Now enter local subnet IP address of a machine at home and click open. The
connection gets routed through the proxy tunnel and you will be connected to the
home machine directly. Similarly you can connect to another home machine by
opening putty and loading the template we created and just filling in the
machines local subnet IP address.
 BTW, if you think just SSH access is not cool enough, you can do more cool stuff
like

Listening to music stored at home

Viewing/sharing photos at with friends and family

Creating schedules, Todos, notes etc., securely at a home computer

To get these functionalities checkout this free utility called Tonido. For more
information on different applications bundled with Tonido you can read more
Tonido related blog posts here.