How to access office server and admin desktop from home

Jephe Wu - http://linuxtechres.blogspot.com 

Objective: assume you have a  admin Windows xp pro desktop in office which is running 24 hours.  You need to access company Linux servers and the admin Windows pc from home.
Environment:  assume your office has lease line connecting to Internet, also 2 level of squid proxy server (parent proxy concept) running on the LAN for users to access Internet, Windows XP pro admin desktop pc and CentOS servers.


Connection diagram:
office lan - squid proxy - squid parent proxy
--internet firewall -[cloud] - Singapore ISP(starthub)--
home cable modem - wireless router - home Linux server + home Windows pc

Method 1: Directly SSH, VNC or RDP port forwarding on Internet firewall

You can do port forwarding for ssh,VNC or RDP on Internet firewall directly to your Linux admin server and Windows xp pro admin pc, use ssh public key authentication.

Other ways: VNC listening viewer mode, openvpn, hosted vpn such as LogMeIn Hamachi.

Method 2:  Teamviewer or logmein free edition

You can just let the admin Windows pc to have Internet connection, then install teamviewer or logmein on that PC.

Method 3: openssh/putty + proxytunnel +[Apache mod_proxy]

a. openssh + proxytunnel
Assume your 2 squid proxy has enabled port 22 for SSL
acl SSL_ports port 443 22
acl Safe_ports port 443 22

squid -k reconfigure

Configure home wireless router to port forwarding port 22 to your home Linux/Windows cygwin ssh server at port 22.

At home, configure ssh server /etc/ssh/sshd_config or /etc/sshd_config in cygwin (GatewayPorts yes)

In office, use the following ssh_config configuration (/etc/ssh/ssh_config): download proxytunnel v1.9 rpm and installed on admin linux server first.


Host jephe
    ServerAliveInterval 60
    ServerAliveCountMax 600
    Proxycommand /usr/bin/proxytunnel -p 10.0.0.2:8080 -d jephe.domain.com:22

Run the following command to ssh into home Linux/Windows pc:
ssh -v -R 3389:adminpc.jephe.com:3389 -R 2222:localhost:22  [-L 8080:192.168.10.1:80] [-g] 

note:
(-g means allows remote hosts to connect to local forwarded ports)
(-L part means you can connect to linux admin server at port 8080 which will be tunnelled to home wireless router admin access page)

How to connect to office from home:
use rdp to connect to localhost for office admin pc remote desktop. 
use putty to connect to localhost:2222 for ssh into office linux admin pc

note: Windows 7 Professional 64bit users:

a. You need to manually allow tcp port 22 incoming in Windows firewall incoming rules configuration
b. You need to allow remote desktop connection (right click computer, properties, advanced system settings,remote, choose users if necessary)
c. You cannot use port 3389 and 3390 for port forwarding at localhost, use 3391 instead.
so, after ssh, you should use localhost:3391 for connecting to office desktop pc.

note:
I have tried cygwin 1.7.7 on Windows xp for remote port portforwaring which is also working, without proxytunnel and http proxy. 

b. openssh+nc
you can use the following in the /etc/ssh/ssh_config

Host test
    hostname dest_server_ip
    ProxyCommand ssh jephe@firewall_ip nc -w 1 %h %p

c. putty + proxytunnel
According to my test, putty can use http proxy option or external program proxytunnel. I tried both options, the remote port forwarding part doesn't work(putty 0.60 and latest snapshot,also Xshell, CentOS 5.5 openssh server), the normal port forwarding through putty is working, which means you can access home pc and wireless router when you are in office, but not office pc and linux admin server when you are at home.

Putty's http proxy:
Just specify the squid proxy ip and port number, it will be able to tunnel your ssh connection through squid proxy:


Proxytunnel:
go into the Connection > Proxy menu. Select the Local proxy type. And then provide as Telnet command, or local proxy command the following line:
proxytunnel -q -p squidproxy.jephe.com:8080 [-r jephe.apacheserver.com:443] -d %host:%port


-r part is used for Apache mod_proxy, refer to Reference 1 link.

Note: another options for http proxy is http://www.agroman.net/corkscrew/


note: 
zmodem file transfer within Leputty(http://leputty.sourceforge.net/) and xshell



References:
2. proxytunnel homepage: http://proxytunnel.sourceforge.net/intro.php

3. tunnel ssh over http(s): http://dag.wieers.com/howto/ssh-http-tunneling/
4. use corkscrew tool
http://www.agroman.net/corkscrew/
http://daniel.haxx.se/docs/sshproxy.html
5. HowTo SSH outside using Authenticated Proxy
http://www.sohailriaz.com/howto-ssh-outside-using-authenticated-proxy/