Then you must also create a group file and a passwd file, both of which determine
who is allowed to log on to the OpenSSH server. The group file contains a list
of groups extracted from the local system's Windows registry, which OpenSSH
uses to map permissions similar to the way Windows does. The passwd file contains
a list of users, also extracted from the local system's registry, who are allowed
to log on to the OpenSSH server.
To create the group file, change to the OpenSSH bin subdirectory and type the
following command:
mkgroup -l >> ..\etc\group
This command dumps the local registry's groups into the group file in the etc
subdirectory.
Next, use the following command to create the passwd file that authorizes users
to log on to the OpenSSH server:
mkpasswd -l -u XYZ >> ..\etc\passwd
where XYZ is your local logon name. This command dumps the XYZ user's
credentials from the local registry into the etc\passwd file. Do this for each
user for whom you want to allow access.
If you want to use Windows domain accounts for authentication, use the same
two commands with a -d switch instead of the -l switch and specify the appropriate
Windows domain. The mkgroup command will contact your PDC for the specified
domain to obtain the list of groups and accounts. Creating these two files is
pretty simple, but see the OpenSSH documentation if you need more help.
If the username and password logon method isn't strong enough authentication
for your needs, you can use even stronger authentication by implementing encryption
keys on your OpenSSH installations. I don't have room to cover that subject
here, but you can find step-by-step instructions in the key_authentication.
txt file located in OpenSSH's docs\OpenSSH directory. It's relatively simple
to accomplish.
Note that OpenSSH installs itself as a Windows service that automatically starts
each time the system is booted. If you don't want the service to start automatically,
you need to adjust the service properties to require a manual start. On Windows
Server 2003, Windows XP, and Windows 2000 systems, you can adjust the service
properties by using the Computer Management tool in Administrative Tools. Go
to Services and Applications\Services, rightclick OpenSSH service, select Properties,
then adjust the startup mode accordingly.
Step 2: Install and Configure Squid for Windows
Next, install Squid for Windows (http://www.serassio.it/SquidNT.htm)
on your server system (e.g., not your mobile computer). To configure Squid for
Windows, I recommend that you download and use Kraken Config for Squid (http://www.krakenreports.com/index.php?subPage=krakenConfig),
which greatly simplifies configuring the proxy server. Kraken Config has a simple
wizard that asks you for some basic parameters, including the local host name,
disk cache size and the amount of memory Squid is allowed to use, allowed network
addresses, and a few other simple details. The tool costs only $10 and, in my
opinion, it's worth every penny. You can test-drive it free for 30 days, after
which the monitoring features will become disabled, but even so, your Squid
for Windows configuration will continue working.
After you run the Kraken Config tool, edit the squid.conf file (in Squid for
Windows's etc subdirectory) to add a line such as the following:
http_port 127.0.0.1:3128
This tells Squid to listen only on the localhost address (127.0.0.1)
on port 3128. It's important that you add this line with the http_port directive.
If you don't, Squid for Windows will use the system's real IP address, which
will cause Squid for Windows to be exposed to your local network and possibly
the Internet, where others might be able to connect to it. Note that you can
choose any unused port number you prefer, but you need to remember this port
number because you'll need to connect to it in Step 4.
Incidentally, another benefit of using Kraken Config is that when you start
the Squid for Windows service, Kraken Config's dialog window, which Figure
1 shows, will appear so that you can monitor Squid for Windows and make
configuration adjustments.
Like OpenSSH, Squid for Windows installs itself as a Windows service that automatically
starts each time the system is booted. You'll need to adjust the service properties
if you require a manual start. To do so, follow the same instructions as described
near the end of Step 1.
It's a lot more up to date than Openssh for Windows 3.8.1p1. It include version 4.6p1 which patches a lot of security holes and is still updated regularly. I would also recommend using puTTy on the client side. No installation required. You can even run it from a removable flash drive.
quillinanm March 13, 2007 (Article Rating: