how-to block ads
3. Software Setup
This is a step by step instruction on install OpenSSH for Windows. I used version 3.8.1p1 for the screenshots. You can download the install file from here and save it to the desktop.
those two commands will create the two files with the current users and groups on the windows machine. Additional usage info for mkpasswd:
One of `-l', `-d' or `-g' must be given.
Or go to the Start->Run->services.msc and find the "opensshd" service and right click and press start.
Feedback received on this FAQ entry:
How to install a cygwin (ssh server) on a Windows 2000, WindowsXP, or Windows Server 2003. The ssh server is an emulation of the UNIX environment and OpenSSH toWindows, by Redhat, called Cygwin.
(1) Login as a user with Administrator privilege.
(2) Download cygwin's setup.exe from http://www.cygwin.com/. Once completly downloaded run the setup.exe file.
There will be some basic installation information to begin. You will be selecting a server where it will download the selected files from. Select one of the locations and press next, continue till you get to the screen below.
Find the line "cygrunsrv",click on the word "skip" so that an appears in Column B,
Click to start installing cygwin and ssh.
(4) Right click My Computer, Properties, Advanced,Environment Variables
(5) Open a cygwin window (by double clicking the icon), a black screen pops open, type
(6) While you are still in the (black) cygwin screen, startthe sshd service:
To stop the sshd service, pop open a cygwin window, type
There are multiple versions of VNC out there on the web. I am going to show you examples of UltraVNC which I particularly like. You can download UltraVNC from »ultravnc.sourceforge.net/download.htm after running the normal installation exe file one of the last screens in the install will look like this:
You want to select the "Register Ultr@VNC Server as a system service" and the "Start or restart Ultr@VNC service." The options for icon locations is entirely up to you. Press the "Next >" button and finish up with the install.
After the installation finished. Right click on the Ultr@VNC icon in the tray and select properties. If the icon isn't there than go to your Start Menu -> Programs -> UltraVNC -> Ultr@VNC Server -> Run Service Helper.
When the properties window comes up you want to do the following:•Check the Accept Socket Connections and put a password in the textbox (VERY IMPORTANT!!)
•Select the "AUTO" radio button so that the server will pick the 5900 port.
•Check the "Allow Loopback Connections" checkbox.
•Check the "Remove Desktop Wallpaper" checkbox.
Press Apply and then OK. Try to connect to the server. If actually on the server when trying to connect, the screen will go into a loop and and keep displaying the same thing over and over again like two mirros looking at each other. If everything works this step is complete.
Enable Your Computer as the Host
You must first enable the Remote Desktop feature on your office computer so that you can control it remotely from another computer. You must be logged on as an administrator or a member of the Administrators group to enable Remote Desktop on your Windows XP Professional-based computer.
1. Open the System folder in Control Panel. Click Start, point to Settings, click Control Panel, and then double-click the System icon.
2. On the Remote tab, select the Allow users to connect remotely to this computer check box, as shown below.
3. Ensure that you have the proper permissions to connect to your computer remotely, and click OK.
Enable Remote Desktop
Setting Encryption Levels (from Microsoft.com)
Data encryption can protect your data by encrypting it on the communications link between the client and the Windows XP Professionalbased computer. Encryption protects against the risk of unauthorized interception of transmitted data. By default, Remote Desktop sessions are encrypted at the highest level of security available (128-bit). However, some older versions of Terminal Services client software do not support this high level of encryption. If your network contains such "legacy" clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client.
There are two levels of encryption available.
High. The High level encrypts data sent from client to remote computer and from remote computer to client, by using strong 128-bit encryption. Use this level only if you are sure that your client computer supports 128-bit encryption (for example, if it is running Windows XP Professional). Clients that do not support this level of encryption will not be able to connect.
Client Compatible. The Client Compatible level encrypts data sent between the client and the remote computer at the maximum key strength supported by the client. Use this level if your client computer does not support 128-bit encryption.
You can set the encryption level of the connection between the client and the remote computer by enabling the Set client connection encryption level Properties Terminal Services Group Policy setting.
To edit this encryption setting in the Group Policy
1) Goto the Start Menu and click run. In the dialog type gpedit.msc and then press ok.
2) In the Group Policy window, on the left side, goto Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security and then on the right hand side click on Set client connection encryption level.
3) When the dialog comes up. Click enable and select the type of encryption you want. And then press enter and exit out of the Group Policy.
Setup SSL-Explorer - Please bear with as I am going to take more screenshots of some things I have used this portal system for and will need to add more text.
SSL-Explorer is a very nice little tool that I notice being talked about recently in the Networking forum and decided I would take a look at it. I liked it so much I added the install info to this FAQ for everyone to read.
To get started if you want more information click here.
And off we are .... cheesy theme music start now ... ok enough of that.
To start download the latest version of SSL-Explorer from here. I used version 0.1.12 for the screenshots.
The install is a pretty basic install uptill it finishes copying files so we will go through this really quickly. And I will try to go into more detail in the later steps. Basically the install will start out checking your java on your machine. The program has a required version of 1.5.0 of the Java Runtime and if you don't have it on your computer it will download it for you with your permission. I pressed the download and it was away. I forced the setup closed to see what would happen. The third screenshot is the result of terminating the install during the middle of the java download/install. I think its self explanatory.
Moving on we are going through the standard install screenshots. Its all the basics. This is an open source program so you need to agree to the terms of the GNU. Then select destination directory and what you wanted to install. I just installed the Program I DIDN'T install the Source. Its up to you. Then it starts the fun file copying and registering services and fun stuff like that.
This next screenshot starts the actual initial setup of everything. You just need to click on launch server and it will start the service in setup mode and launch a web browser going to the default location. To login the default username password are the same (admin).
This is the first screen that will come up after it launches the webserver and browser. It is where you need to setup you password for you key. Basically SSL-Explorer runs a secure encrypted web server and uses java for VPN. You need to create a key and certificate for the https protocol. You type your password in (twice) and then click on set and select create new key store and click update and then click on the create button.
This page will then be displayed. You can put anything in the alias spot its for your reference. in the hostname make sure you put the specific hostname you will use to access the page externally. Either IP address or Domain name. (note www.yourdomain.com is different from yourdomain.com) If they are not the same you will get a message when you connect saying that the certificate is setup for site www.yourdomain.com and you are accessing it from yourdomain.com. Certificate aren't set in stone you can always edit later if you want. Organizational Unit and Company are your creative message again. Then click on generate. The other two boxes are used for actually buying all out real certificates that are certified and owned. If you want to go through that extra expense go right ahead. I didn't so I won't be able to give you any info on that process. The process though seems pretty straight forward.
This is just the screenshot when I remembered the install was still open. It hides under the web browser when you launch the server. Just click Finish.
If you click on the Admin at the top of the screen you will get a drop down menu and then with sub menus. The following screenshots are from those menus and I will add text for each screenshot when I get a chance.
Once you go through all the settings and change what you want and do what you want and cry if you want because its your party. You want to go back to the Admin menu and select Shutdown server. After confirming shutdown wait about 15 seconds and go in the services dialog. You can get there by going Start->Run->services.msc and pressing ok. Fin the SSL-Explorer and start the server. I did find sometime it takes two times if you try to start it too soon after shutting it down from setup mode. Then just browse to the »www.yourdomain.com and put in your username and password that you setup and start exploring.
Feedback received on this FAQ entry: