# SSH tunnel in Cygwin



## jiml8 (Jul 3, 2005)

Has anyone here successfully established an ssh tunnel using sshd in Cygwin on Windows and then established a connection with a Windows app using it?

I have been trying to do just that on a server of mine that does not have a keyboard, working across a LAN using ssh from linux and it doesn't seem to be working, and I can't tell exactly why. Cygwin on Windows does some environment things that seem unusual, so perhaps I could set up the tunnel from an ordinary windows command line. I have not yet tried that because it makes me scrounge up a keyboard and mouse for this server...


----------



## Squashman (Apr 4, 2003)

I have see people tunnel Remote Desktop over SSH. I have never done it myself but have seen it.


----------



## jiml8 (Jul 3, 2005)

I got it working. What I actually wanted to do was tunnel VNC so that I could securely do a remote desktop. I misunderstood the FAQs that I ran across.

Problem was this. I had to set TightVNC server to accept loopback connections and only loopback connections. This I did by setting a couple of registry values (I later found some checkboxes on the Properties requester that would have done it for me). I interpreted this as limiting where TightVNC would accept connections from, but I thought I had to set up a local tunnel to actually make the connection.

This was an error; setting the requirement for only loopback connections caused the TightVNC server to take care of the local tunnel automatically for me. So, having the local tunnel explicitly set up was causing me to try to connect (on my client) to a port that VNC was no longer watching.

The proper way to set up the TighVNC server on a windows box for SSH tunneling is to simply set the "allow loopback connections" and the "allow only loopback connections" checkboxes (TightVNC 1.3.7) or to set the relevant registry entries in HKLM\software\ORL\WinVNC3 (earlier versions of TightVNC) and do nothing else except have an SSH daemon running in Windows (and the Cygwin sshd works fine).

Now, on my Linux client box, I was using TightVNC viewer version 3.3 and it has a bug. I should have been able to connect with the server by this command:

vncviewer -via localhost myserverid

This command *should* set up the proper tunnel then connect to myserverid, but this did not work, at all. 

Instead, I set up a batch file that explicitly builds the tunnel then connects. Here is the batch file:

ssh -f -L 5901:localhost:5900 myserverid sleep 20
vncviewer localhost:1

And this works. I get prompted twice for passwords; once from sshd on the server, then again from VNC on the server. I'll probably just get rid of the VNC password; not needed when the only allowed connections are SSH tunnels.

This took awhile to figure out because I misunderstood what to do on the server and I had a bug on the client. I suppose that if I don't require loopback connections on the server, then I would have to explicitly set up the server tunnel. However, I don't think I'll bother playing with it.

Now, using SSH tunneling makes TightVNC noticeably slower than not tunneling, but security is paramount when this thing is going to be working across the internet.


----------



## Squashman (Apr 4, 2003)

I have always wanted to try using SSHD with cygwin but haven't had the time. I have mostly been playing with alot of free VPN servers. I really like SSL Explorer. I also just started setting up OpenVPN. Both will run on Linux or Windows.

http://www.sshtools.com/showSslExplorer.do
http://openvpn.net/


----------



## jiml8 (Jul 3, 2005)

sshd was easy to set up in cygwin. Went right in. I generated the keys and it worked right away. I don't recall what I did to make it a windows service, but it was simple to do. I think that it was an option in the install script. In any case I can sc start it and sc stop it.

proftpd was the hard one in cygwin, but I found a batch file that made it into a windows service.


----------



## Squashman (Apr 4, 2003)

you might try this one next time.
http://www.snapfiles.com/get/any2service.html

You should give SSl Explorer a try. Pretty easy to tunnel stuff thru that as well.


----------

