SSH and SSH Tunneling Explained (demonstrated with Puttygen and Putty)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video i will demonstrate how you can generate an ssh key on windows explain its advantages over using a password and go on to explain and demonstrate ssh tunneling this feature enables very secure attachments to the target machine as they are all going over the ssh connection and only requires the ssh port which is port number 22 to be allowed through any firewall on the target machine okay time for the introduction and then we will get cracking i am going to demonstrate ssh using an instance from a company called upcloud as cloud computing in virtual private servers is what this youtube channel is all about however if you are only looking to connect to local machines via ssh the principles described in this video are just as applicable to that scenario by the way don't worry i found ssh keys and ssh tunneling a bit difficult at first to get my head around but it actually turned out to be quite easy let me demonstrate on screen you can see i am halfway through setting up a cloud-based instance [Music] and like all such vps providers i am at the point where it is asking for an ssh key so at this point i stop and download putty a popular windows ssh client importantly from the official putty website as i am using the normal 64-bit version of windows 10 i get the 64-bit version once installed i start the puttygen ssh key generator that is automatically included alongside buddy and generate an ssh key once the ssh key has been generated i cut and paste the on-screen public half of the ssh key into the up cloud website and type a name for it so i can recognize it in the future you can simply think of this as being like a padlock everyone can see it but only the person with the key is able to open it and so connect to the instance [Music] [Music] i then return to puttygen and save the hidden private key half of the ssh key pair i'm offered to protect this key with a passphrase this passphrase is like a combination on a lockbox that has the private key inside it without the passphrase you cannot get to the key that's needed to open the server's padlock when finished saving the private key puttygen closes [Music] now i will demonstrate how i connect to the vps machine via putty and provide the private key so i am allowed to proceed so i open potty [Music] and enter the user id i wish to connect with which is root followed by in its symbol and then i p address of the target machine [Music] you don't need to do this part but i change the connected ssh window font to a size that shows up better on this video as we are going to be connecting using the ssh key i select connection ssh then auth in the menu then i browse to the ssh private key i generated and saved in puttygen earlier before i open the ssh connection i return to the initial screen name and save all these settings with the name of up cloud for future use finally i press open to start the connection it gives a standard warning just telling me to be careful as has not connected to this target before so cannot confirm the machine's fingerprint is the one it's seen in the past i am happy with the connection information i have provided so i press accept at which point putty the passphrase protecting the private key is needed to unlock it so i provide it as the private key fits the target machine public key padlock it connects so now some time has passed and i have installed a desktop on the machine and wish to connect to it using rdp which uses port 3389 it should be noted however that there is a firewall protecting the target machine and only the ssh port which is number 22 is allowed through the commands i used for this are in the description but i will not be demonstrating running them as that is not the point of this video so let's look at how this problem can be overcome by using ssh tunneling [Music] what you can see on screen is the current situation where from our local pc we can reach the upcloud instance using the ssh protocol because the server firewall blocks all other types of communication using non-ssh ports now what we would normally do here is open up the rdp port 3389 on the firewall so we can use the windows remote desktop manager and so get desktop pictures from our instance however we don't want to open up the rdp port on the firewall as that means our server would be less secure as it would only be protected on this port by the length and complexity of the various rdp passwords and not the very complex and secure ssh keys that are currently protecting the ssh port so instead when we fire up the windows remote connection manager what we are going to do is point it back to the local pc by using the special local host keyword then we will tell putty our ssh client that any traffic is seized on a high randomly chosen port let's say 50 000 should be grabbed and forwarded over the existing ssh pipe to the up cloud instance on the far end and when it reaches that machine to put it back on port 3389 the only reason i am using port 50 000 instead of 3389 on my local pc is because i am using windows 10 professional version which is already listening for incoming rdp connection on that port so using a high random one instead which is not otherwise in use is far simpler anything the instance machine transmits back on port 3389 is grabbed by the instances ssh server and then pushed back through the ssh pipe where it puts it back on port 50 000 on our local pc if you are finding this video helpful or informative please press the thumbs up icon just below it so other users will know it's worth watching [Music] so now i have explained what we are going to do i will demonstrate how we do it i open up putty and load the up cloud connection settings i saved earlier [Music] to add the ssh tunnel i just described i navigate to the ssh tunnel page [Music] now i type the source port as 50 000 and in the destination box i put the ip address of the up cloud instance a colon and then the port in this case also 3389 that i want the traffic to emerge on when finished i hit the add button be warned during the making of this video i repeatedly forgot to hit the ed button at this point and as a result the ssh tunnel was missing that's it the ssh tunnel will now be in place whenever we open this ssh connection so the rdp connection that passes through it is now also protected by the ssh keys to make sure all these new settings are saved i return to the main screen and hit the save button [Music] only now do i open this ssh connection and when prompted provide the passphrase that i put in place to protect the ssh private key [Music] so now the ssh connection is open i can use windows remote desktop connection software so i started key in the special address known as localhost followed by a colon and then the local port we are using which is 50 000 and hit connect i key in the user is root and its password that i have set is demo it does not matter how short or bad this rdp password is because it can only be used when the ssh connection is open and remember this is protected by the ssh key now i am on up cloud instances desktop now to prove to you that these remote desktop pictures are being transmitted through the ssh connection if i close the ssh connection the remote desktop connection also stops and that's it if you haven't already please remember to give this video a thumbs up before you leave if it was helpful that's because the youtube algorithm really seems to respond well to videos that the viewer liked anyway thanks for watching [Music] you

Info

Channel: Cloud Tech

Views: 13,552

Rating: undefined out of 5

Keywords: ssh, ssh tunnelling, upcloud, instance, putty, puttygen, rdp, remote desctop, remote desktop connection

Id: ioWZGAZddlE

Channel Id: undefined

Length: 10min 12sec (612 seconds)

Published: Tue Sep 07 2021