Saturday, April 26, 2008

Creating persistent SSH tunnels in Windows using autossh

  1. Download Cygwin (http://www.cygwin.com/)
  2. Install Cygwin, selecting the autossh package.
  3. Start the Cygwin shell (Start -> Programs -> Cygwin).
  4. Generate a public/private key pair.
    1. At the command line, run: ssh-keygen
    2. Accept the default file locations
    3. Use an empty passphrase
  5. Copy your newly-created public key to the SSH server.
    1. scp .ssh/id_rsa.pub user@ssh.host.name:id_rsa.pub
  6. Add your public key to your list of authorized keys on the server.
    1. Login to your SSH server.
    2. mkdir .ssh
    3. cat id_rsa.pub >> .ssh/authorized_keys
  7. Test your key.
    1. Logout of your SSH sever.
    2. Login to your SSH server again. This time, your key will be used for authentication and you won't be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
    3. Logout of your SSH server.
    4. Exit of the Cygwin shell.
  8. Install autossh as a Windows service.
    1. Now back in Windows, open a new command Window (Start -> Run -> cmd).
    2. cd C:\cygwin\bin
    3. cygrunsrv -I AutoSSH -p /usr/bin/autossh -a "-M 20000 -L localaddress:port:serveraddress:port user@ssh.host.name" -e AUTOSSH_NTSERVICE=yes
  9. Tweak Windows service settings.
    1. Open the Services management console (Administrative Tools -> Services).
    2. Edit the properties of the AutoSSH service.
    3. In the "Log On" tab, select the "This account" radio button and set the service to run as your current user.
    4. Start the service.
  10. Test your tunnels.

5 comments:

Matt Hanger said...

A few more helper commands to assist in managing the autossh service:

Remove the service:
cygrunsrv --remove AutoSSH

Check the configuration & status of the service:
cygrunsrv --query AutoSSH

I recommend creating set of utility batch files for these commands, and the original install command. It'll make this easier on you if you ever want to change your tunnel definitions.

Antonius Aji said...

Hi!

I tried to install it on Windows 2000 Pro, but it returns error:
"Could not star the AutoSSH service on local computer. The service did not return error .....".

Any idea what may be wrong?

rgds,
a.a

Peter said...

@Matt: GREAT! Thanks very much for the walkthrough! Worked smoothly on Vista; will try it on Windows 7 when I get home.

I'm using it to keep a tunnel open for SOCKS proxy through my work computer, so that journal articles and other resources that are normally only available from work are now accessible from my laptop anywhere. The options I used:

autossh -M20000 -D8080 -C2 -qnN

(The last set of options are probably not necessary.) -C2 activates compression. The key is the -D8080.

Then I configured a separate Firefox profile to run with port 8080 as the SOCKS proxy. I setup a shortcut to run Firefox as that profile and now I have single click access to my work computer's web connection. My normal Firefox profile does not use the proxy connection, so I'm not shuttling data through my work computer all the time unnecessarily.

45andOut said...

Make sure you have the correct file permissions on the sshd server for the .ssh folder and the key file.

Ryne McCall said...

I had to change /usr/bin/autossh to /usr/bin/autossh.exe to get the service to start without error.

HTH.