To limit ssh users to home directory only, we can use a special shell called rbash, here are the steps to setup on the server:
Open /etc/passwd file and setup shell to /bin/rbash
emacs /etc/passwd
For example here is a sample entry for user vivek:
vivek:x:100:101::/home/vivek:/bin/rbash
One line of command to create a new user with the rbash:
useradd demo --home-dir /home/demo --shell /bin/rbash --password oiikkaewe
Besides auto login into ssh with putty by specify password on the command line as we have done in this post, the tutorial uses the private/public key method to do the auto login.
Now, open putty.exe, double click on the “remote_server” session, you will be able to login to the server without password, but it will prompt you to type in the user name. To fully automate the login process, let’s create a shortcut to the putty.exe on your desktop:
C:\putty.exe -l username -load "remote_server"
If you are looking for an alternative of putty, you can use openssh from the mingw package.
Go here: MinGW – Minimalist GNU for Windows and download the mingw installer, and install it. After finish, launch the mingw shell from the start menu:
This approach is idea for someone who wants a simple easy and fully command line based ssh client rather than a gui tool with lots of functionality in it like putty.
Install openssh server on windows
A list of ssh client on windows
Please follow these steps if you want to setup a pptp vpn from debian:
1. SSH into the debian server
2. Install pptpd with command:
apt-get install pptpd
3. Setup host ip and client ip range. Open file: /etc/pptpd.conf with text editor, and at the content below at the end:
localip 192.168.0.40
remoteip 192.168.0.234-238,192.168.0.245
localip is the ip of your server in the virtual network, remote ip the pool range of the client, will assigned by the server automatically when client connects in. Also, please use the ip range not already use in your real lan, my home lan is in 192.168.1.x, so here I use 192.168.0.x
4. Config pptp dns, open file /etc/ppp/options.pptpd, find the line ms-dns and setup as below:
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Here I setup with google dns, you are free to use your own dns if you have. But safe with google.
5. Setup client account, open file: /etc/ppp/chap-secrets, and add the line like this:
testuser pptpd testpassword *
testuser is the username, testpassword is the password of the client.
6. Setup ip forward in /etc/sysctl.conf, find the line net.ipv4.ip_forward and edit like below:
net.ipv4.ip_forward=1
save the config and run the command below to load the setting:
run sysctl –p
7. Setup iptables, run command like this:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Change the 192.168.0.0 to match the value you use in step 3. And you may need be to change eth0 to other values where your internet connection is on.
This is all the steps you need to setup the pptp server. Now you can setup a connection in Control Panel\All Control Panel Items\Network and Sharing Center:
Click the link as the red box show above, and follow the wizard to setup a vpn connect and make a test run.
If you have successfully setup the pptp vpn and able to access websites from it, but you are experiencing strange problem and can’t access some of the sites like: www.alexa.com, check my post here for a possible fix: Can’t access certain sites with pptp
To setup a IPSec L2TP VPN, you may want to look here:
Setting up an L2TP/IPSec server on Debian
Setting Up an IPSec L2TP VPN server on Ubuntu for Windows clients
This post will guide you through on how to tunnel web/dns traffic though ssh with putty (setup a ssh based proxy for firefox or any program that supports a socks proxy)
1. download putty here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2. create a shortcut to putty.exe on your desktop
3. right click and open the property dialog box of the shutcut
4. Add the content below to the target box of the dialog, replace username, password, servername with your real value, this shutcut will create a socks proxy on your local computer on port 8080, you can change to other port number if you like.
“path to putty.exe” -D 8080 -l username -pw “password” servername
5. Config firefox to parse dns through your ssh tunnel. Open firefox, type “about:config“, enter the blow text into the filter, and set the value to true
network.proxy.socks_remote_dns
6. Config firefox to use the socks proxy, follow the menu: tools>options->advanced->connection settings to open a dialog box, fill localhost in the socks host, and set port to 8080 as you have done in step 4 above.
7. Double click the shortcut you’ve created in step 4 to start the ssh tunnel, you have your web/dns traffic tunnel through secure ssh now.
To keep alive the ssh session,
For Server, add the below config in the sshd_config:
ClientAliveInterval 30
ClientAliveCountMax 4
For Client, add the below config in ssh_config:
ServerAliveInterval 30
ServerAliveCountMax 4
You don’t have to add both, because what it does is send a packet every 30 seconds to the client/server, and will repeat 4 times if failed to receive reply from other side before terminate the session.