eHow launches Android app: Get the best of eHow on the go.

Search
Now in the UK!
  1. Home »
  2. Computers »
  3. Computer Networking »
  4. Other Computer Networking »
  5. How to establish a secure connection to a Windows VPS using SSH and VMWare
More Articles Like This
How To

How to establish a secure connection to a Windows VPS using SSH and VMWare

Member
By point41
User-Submitted Article
(0 Ratings)

Today many internet hosting companies give you the the option of leasing your own Windows 2003 Virtual Private Server (VPS) running on the Virtuozzo platform. You get your own dedicated logical server for a fraction of the cost of an actual server. Unfortunately, Virtuosso is not a "true" VM. They have cut some corners in some aspects of hardware emulation in order to have a smaller footprint. In particular, the SWSoft network adapter does not appear as a true network adapter to Windows. Because of this you cannot configure VPN with Networking and Remote Access, nor can you install 3rd party software such as OpenVPN or Hamachi. This article provides a workaround on how to establish a secure, VPN-like connection from your Windows conputer to your remote VPS.

Difficulty: Moderately Challenging
Instructions

Things You'll Need:

  • VMWare Server (free version)
  • copSSH, or other SSH Server
  • BitVise Tunnelier, or other SSH client
  • A spare copy of Windows (2000/XP/2003)
  1. Step 1

    Login to your VPS. Typically, you will do this through Remote Desktop over the internet. Once logged in, download and install the free copSSH server.

  2. Step 2

    Open up the firewall on your VPS to allow incoming requests to cpSSH. By default, copSSH listens on port 22. For security reasons, I would strongly recommend changing this port to something else.

  3. Step 3

    Configure the user you will use to connect to cpSSH. For user authentication, I would recommend using certificates. cpSSH comes with utilities to create a root CA from which you can self-sign certs. If setting up certificate-based authentication is unfamiliar to you, you could still use username-password authentication. It is just a little less secure.

  4. Step 4

    On the local computer that you will use to connect to the VPS, download and install the free VMWare Server software. Use version 1.0 if stil available as it is more lightweight than version 2.0.

  5. Step 5

    Create a virtual machine with about 256MB RAM and 8GB of disk space. The virtual network adapter on the VM can either be Bridged or NAT'ed. However, to avoid several potential problems (that I won't descibe here) use a NAT'ed virtual adapter. Install a stripped down copy of Windows (2000/XP/2003 Web) into this VM. Turn off all services, including Workstation, Server, Remote Desktp and NetBIOS over TCP/IP. Basically, you don't want the VM to be listening on any port that you want to tunnel to the VPS. It also helps if you give your VM the same Windows omputer name as your VPS.

  6. Step 6

    Log in to the VM and download and install BitVise Tunnelier, an SSH client that is available for free for non-business use. In my opinion, this is one the best SSH clients available. Configure the client to connect to the CopSSH server on your VPS.

  7. Step 7
    Configuring client-to-server forwarding of desired ports through SSH tunnel
    Configuring client-to-server forwarding of desired ports through SSH tunnel

    Determine the IP address of the VM. By default, this is dynamic and assigned by VMWare's DHCP server, but practically it never changes unless you add additional VMs and/or adapters. Once you have the IP, on the C2S tab of BitVise forward any ports that you want from the VM's IP address to the VPS's IP address. Some excamples:
    139 - Windows file sharing,
    1433 - SQL Server,
    3389 - Remote Desktop

  8. Step 8

    Once C2S forwarding is setup, you can access those ports as though they were exposed on the local VM's virtual adapter. For the examples I provided in the previous step, you don't need to configure S2C forwarding. For more sophisticated setups where you have an application on your local host listening for connections from the VPS, you will also need to configure S2C forwarding.

Tips & Warnings
  • By giving your VM and VPS identical computer names, you can connect to network shares or to SQL Server on the VPS by name without additional configuration to your hosts or lmhosts files.
  • Once you have established the SSH tunnel and forwarded port 3389, you should avoid using Remote Desktop over the open internet as that is not very secure. Use the tunnel instead.
  • On the SSH tab of BitVise Tunnelier, NEVER check the "none" option for Encryption.
  • You should never need to open up the forwarded ports on the VPS firewall.
Resources
Subscribe

Post a Comment

Post a Comment

eHow Article: How to establish a secure connection to a Windows VPS using SSH and VMWare

Related Ads

  • See How Others Did It
  • Have you done this? Click here to let us know.
I Did This
Tags
Get Free Computers Newsletters

Copyright © 1999-2009 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.   en-US Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

Partner Sites
eHow Computers
eHow_eHow Technology and Electronics