[HowTo] Multi-Hop SSH into FreeNAS

Status
Not open for further replies.
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
FreeNAS servers are meant to be run behind the firewall of a router, with two options to gain access to the server remotely, a VPN or an SSH multi-hop

A Multi-Hop SSH is an SSH tunnel over WAN to the router, with a second SSH tunnel through it to FreeNAS over LAN
  • Remote device -> WAN SSH -> Router -> [multi-hop begins] -> LAN SSH -> FreeNAS
Utilizing PuTTY, the router & client profiles below will be required:
  • SFTP via pscp.exe in the PuTTY root directory
    • Add PuTTY directory to your environment path to allow access to pscp from any powershell/command terminal
      System - Advanced System Settings - Environment Variables - System Variables - Path

  • JuiceSSH [Android] automates the multi-hop by setting Connection - Advanced Settings - Connect Via to Router's Remote SSH connection
Router (your.ddns.com)
  • Edit Lines:
    • (5) "HostName"="your.ddns.com"
    • (6) "LogFileName"="C:\\Path\\To\\PuTTY\\Logs\\SSH.OpenWRT.Remote.log"
      • Log set to "All Session Output" [Session - Logging]
    • (15) "PortNumber"=dword:00000016
      • Hex value for SSH Port # [hex] 00000016 = [dec] 22
        Windows Calculator has a "Programmer" mode with hex <-> dec
    • (58) "PublicKeyFile"="C:\\Path\\To\\PuTTY\\SSHkeys\\OpenWRT.SSH.ppk"
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\SSH.OpenWRT.Remote]
"Present"=dword:00000001
"HostName"="your.ddns.com"
"LogFileName"="C:\\Path\\To\\PuTTY\\Logs\\SSH.OpenWRT.Remote.log"
"LogType"=dword:00000002
"LogFileClash"=dword:ffffffff
"LogFlush"=dword:00000000
"SSHLogOmitPasswords"=dword:00000001
"SSHLogOmitData"=dword:00000000
"Protocol"="ssh"
"PortNumber"=dword:00000016
"CloseOnExit"=dword:00000001
"WarnOnClose"=dword:00000001
"PingInterval"=dword:00000000
"PingIntervalSecs"=dword:00000000
"TCPNoDelay"=dword:00000001
"TCPKeepalives"=dword:00000000
"TerminalType"="xterm"
"TerminalSpeed"="38400,38400"
"TerminalModes"="CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICRNL=A,IEXTEN=A,IGNCR=A,IGNPAR=A,IMAXBEL=A,INLCR=A,INPCK=A,INTR=A,ISIG=A,ISTRIP=A,IUCLC=A,IXANY=A,IXOFF=A,IXON=A,KILL=A,LNEXT=A,NOFLSH=A,OCRNL=A,OLCUC=A,ONLCR=A,ONLRET=A,ONOCR=A,OPOST=A,PARENB=A,PARMRK=A,PARODD=A,PENDIN=A,QUIT=A,REPRINT=A,START=A,STATUS=A,STOP=A,SUSP=A,SWTCH=A,TOSTOP=A,WERASE=A,XCASE=A"
"AddressFamily"=dword:00000000
"ProxyExcludeList"=""
"ProxyDNS"=dword:00000001
"ProxyLocalhost"=dword:00000000
"ProxyMethod"=dword:00000000
"ProxyHost"="proxy"
"ProxyPort"=dword:00000050
"ProxyUsername"=""
"ProxyPassword"=""
"ProxyTelnetCommand"="connect %host %port\\n"
"Environment"=""
"UserName"="root"
"UserNameFromEnvironment"=dword:00000000
"LocalUserName"=""
"NoPTY"=dword:00000000
"Compression"=dword:00000000
"TryAgent"=dword:00000001
"AgentFwd"=dword:00000001
"GssapiFwd"=dword:00000000
"ChangeUsername"=dword:00000000
"Cipher"="aes,WARN,3des,blowfish,arcfour,des"
"KEX"="dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN"
"RekeyTime"=dword:0000003c
"RekeyBytes"="1G"
"SshNoAuth"=dword:00000000
"SshBanner"=dword:00000001
"AuthTIS"=dword:00000000
"AuthKI"=dword:00000001
"AuthGSSAPI"=dword:00000001
"GSSLibs"="gssapi32,sspi,custom"
"GSSCustom"=""
"SshNoShell"=dword:00000000
"SshProt"=dword:00000003
"LogHost"=""
"SSH2DES"=dword:00000000
"PublicKeyFile"="C:\\Path\\To\\PuTTY\\SSHkeys\\OpenWRT.SSH.ppk"
"RemoteCommand"=""
"RFCEnviron"=dword:00000000
"PassiveTelnet"=dword:00000000
"BackspaceIsDelete"=dword:00000001
"RXVTHomeEnd"=dword:00000000
"LinuxFunctionKeys"=dword:00000000
"NoApplicationKeys"=dword:00000000
"NoApplicationCursors"=dword:00000000
"NoMouseReporting"=dword:00000000
"NoRemoteResize"=dword:00000000
"NoAltScreen"=dword:00000000
"NoRemoteWinTitle"=dword:00000000
"RemoteQTitleAction"=dword:00000001
"NoDBackspace"=dword:00000000
"NoRemoteCharset"=dword:00000000
"ApplicationCursorKeys"=dword:00000000
"ApplicationKeypad"=dword:00000000
"NetHackKeypad"=dword:00000000
"AltF4"=dword:00000001
"AltSpace"=dword:00000001
"AltOnly"=dword:00000000
"ComposeKey"=dword:00000000
"CtrlAltKeys"=dword:00000001
"TelnetKey"=dword:00000000
"TelnetRet"=dword:00000001
"LocalEcho"=dword:00000002
"LocalEdit"=dword:00000002
"Answerback"="PuTTY"
"AlwaysOnTop"=dword:00000000
"FullScreenOnAltEnter"=dword:00000000
"HideMousePtr"=dword:00000000
"SunkenEdge"=dword:00000000
"WindowBorder"=dword:00000005
"CurType"=dword:00000001
"BlinkCur"=dword:00000001
"Beep"=dword:00000001
"BeepInd"=dword:00000000
"BellWaveFile"=""
"BellOverload"=dword:00000001
"BellOverloadN"=dword:00000005
"BellOverloadT"=dword:000007d0
"BellOverloadS"=dword:00001388
"ScrollbackLines"=dword:00002710
"DECOriginMode"=dword:00000000
"AutoWrapMode"=dword:00000001
"LFImpliesCR"=dword:00000000
"CRImpliesLF"=dword:00000000
"DisableArabicShaping"=dword:00000000
"DisableBidi"=dword:00000000
"WinNameAlways"=dword:00000001
"WinTitle"="Secure Shell - OpenWRT (Remote)"
"TermWidth"=dword:00000077
"TermHeight"=dword:00000028
"Font"="Lucida Console"
"FontIsBold"=dword:00000000
"FontCharSet"=dword:00000000
"FontHeight"=dword:0000000a
"FontQuality"=dword:00000003
"FontVTMode"=dword:00000004
"UseSystemColours"=dword:00000000
"TryPalette"=dword:00000000
"ANSIColour"=dword:00000001
"Xterm256Colour"=dword:00000001
"BoldAsColour"=dword:00000002
"Colour0"="175,175,175"
"Colour1"="255,125,0"
"Colour2"="25,25,25"
"Colour3"="20,20,20"
"Colour4"="0,163,255"
"Colour5"="0,163,255"
"Colour6"="0,0,0"
"Colour7"="85,85,85"
"Colour8"="187,0,0"
"Colour9"="255,85,85"
"Colour10"="0,187,0"
"Colour11"="85,255,85"
"Colour12"="187,187,0"
"Colour13"="255,255,85"
"Colour14"="0,163,255"
"Colour15"="0,100,255"
"Colour16"="187,0,187"
"Colour17"="255,85,255"
"Colour18"="0,187,187"
"Colour19"="85,255,255"
"Colour20"="187,187,187"
"Colour21"="255,255,255"
"RawCNP"=dword:00000000
"PasteRTF"=dword:00000000
"MouseIsXterm"=dword:00000000
"RectSelect"=dword:00000000
"MouseOverride"=dword:00000001
"Wordness0"="0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"
"Wordness32"="0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1"
"Wordness64"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2"
"Wordness96"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1"
"Wordness128"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1"
"Wordness160"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1"
"Wordness192"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2"
"Wordness224"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2"
"LineCodePage"="UTF-8"
"CJKAmbigWide"=dword:00000000
"UTF8Override"=dword:00000001
"Printer"=""
"CapsLockCyr"=dword:00000000
"ScrollBar"=dword:00000000
"ScrollBarFullScreen"=dword:00000000
"ScrollOnKey"=dword:00000000
"ScrollOnDisp"=dword:00000001
"EraseToScrollback"=dword:00000001
"LockSize"=dword:00000000
"BCE"=dword:00000001
"BlinkText"=dword:00000000
"X11Forward"=dword:00000000
"X11Display"=""
"X11AuthType"=dword:00000001
"X11AuthFile"=""
"LocalPortAcceptAll"=dword:00000000
"RemotePortAcceptAll"=dword:00000000
"PortForwardings"="L8000=127.0.0.1:80"
"BugIgnore1"=dword:00000000
"BugPlainPW1"=dword:00000000
"BugRSA1"=dword:00000000
"BugIgnore2"=dword:00000000
"BugHMAC2"=dword:00000000
"BugDeriveKey2"=dword:00000000
"BugRSAPad2"=dword:00000000
"BugPKSessID2"=dword:00000000
"BugRekey2"=dword:00000000
"BugMaxPkt2"=dword:00000000
"BugWinadj"=dword:00000000
"BugChanReq"=dword:00000000
"StampUtmp"=dword:00000001
"LoginShell"=dword:00000001
"ScrollbarOnLeft"=dword:00000000
"BoldFont"=""
"BoldFontIsBold"=dword:00000000
"BoldFontCharSet"=dword:00000000
"BoldFontHeight"=dword:00000000
"WideFont"=""
"WideFontIsBold"=dword:00000000
"WideFontCharSet"=dword:00000000
"WideFontHeight"=dword:00000000
"WideBoldFont"=""
"WideBoldFontIsBold"=dword:00000000
"WideBoldFontCharSet"=dword:00000000
"WideBoldFontHeight"=dword:00000000
"ShadowBold"=dword:00000000
"ShadowBoldOffset"=dword:00000001
"SerialLine"="COM1"
"SerialSpeed"=dword:00002580
"SerialDataBits"=dword:00000008
"SerialStopHalfbits"=dword:00000002
"SerialParity"=dword:00000000
"SerialFlowControl"=dword:00000001
"WindowClass"=""
"ConnectionSharing"=dword:00000000
"ConnectionSharingUpstream"=dword:00000001
"ConnectionSharingDownstream"=dword:00000001
"SSHManualHostKeys"=""

FreeNAS (192.168.1.20)
  • Edit Lines:
    • (5) "HostName"="root@192.168.1.20"
    • (6) "LogFileName"="C:\\Path\\To\\PuTTY\\Logs\\SSH.FreeNAS.Remote.log"
      • Log set to "All Session Output" [Session - Logging]
    • (15) "PortNumber"=dword:00000016
      • Hex value for SSH Port # [hex] 00000016 = [dec] 22
        Windows Calculator has a "Programmer" mode with hex <-> dec
    • (58) "PublicKeyFile"="C:\\Path\\To\\PuTTY\\SSHkeys\\FreeNAS.SSH.ppk"

  • plink creates the multi-hop
    • (32) "ProxyTelnetCommand"="plink -v -load SSH.OpenWRT.Remote -nc %host:%port"
      • If Router's profile name changed, update it here too
        Profile cannot contain spaces
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\SSH.FreeNAS.Remote]
"Present"=dword:00000001
"HostName"="root@192.168.1.20"
"LogFileName"="C:\\Path\\To\\PuTTY\\Logs\\SSH.FreeNAS.Remote.log"
"LogType"=dword:00000002
"LogFileClash"=dword:00000000
"LogFlush"=dword:00000000
"SSHLogOmitPasswords"=dword:00000001
"SSHLogOmitData"=dword:00000000
"Protocol"="ssh"
"PortNumber"=dword:00000b83
"CloseOnExit"=dword:00000001
"WarnOnClose"=dword:00000001
"PingInterval"=dword:00000000
"PingIntervalSecs"=dword:00000000
"TCPNoDelay"=dword:00000001
"TCPKeepalives"=dword:00000000
"TerminalType"="xterm"
"TerminalSpeed"="38400,38400"
"TerminalModes"="CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICRNL=A,IEXTEN=A,IGNCR=A,IGNPAR=A,IMAXBEL=A,INLCR=A,INPCK=A,INTR=A,ISIG=A,ISTRIP=A,IUCLC=A,IXANY=A,IXOFF=A,IXON=A,KILL=A,LNEXT=A,NOFLSH=A,OCRNL=A,OLCUC=A,ONLCR=A,ONLRET=A,ONOCR=A,OPOST=A,PARENB=A,PARMRK=A,PARODD=A,PENDIN=A,QUIT=A,REPRINT=A,START=A,STATUS=A,STOP=A,SUSP=A,SWTCH=A,TOSTOP=A,WERASE=A,XCASE=A"
"AddressFamily"=dword:00000000
"ProxyExcludeList"=""
"ProxyDNS"=dword:00000001
"ProxyLocalhost"=dword:00000000
"ProxyMethod"=dword:00000005
"ProxyHost"=""
"ProxyPort"=dword:00000000
"ProxyUsername"=""
"ProxyPassword"=""
"ProxyTelnetCommand"="plink -v -load SSH.OpenWRT.Remote -nc %host:%port"
"Environment"=""
"UserName"="root"
"UserNameFromEnvironment"=dword:00000000
"LocalUserName"=""
"NoPTY"=dword:00000000
"Compression"=dword:00000000
"TryAgent"=dword:00000001
"AgentFwd"=dword:00000000
"GssapiFwd"=dword:00000000
"ChangeUsername"=dword:00000000
"Cipher"="aes,3des,blowfish,WARN,arcfour,des"
"KEX"="dh-gex-sha1,dh-group14-sha1,dh-group1-sha1,rsa,WARN"
"RekeyTime"=dword:0000003c
"RekeyBytes"="1G"
"SshNoAuth"=dword:00000000
"SshBanner"=dword:00000001
"AuthTIS"=dword:00000000
"AuthKI"=dword:00000001
"AuthGSSAPI"=dword:00000001
"GSSLibs"="gssapi32,sspi,custom"
"GSSCustom"=""
"SshNoShell"=dword:00000000
"SshProt"=dword:00000003
"LogHost"=""
"SSH2DES"=dword:00000000
"PublicKeyFile"="C:\\Path\\To\\PuTTY\\SSHkeys\\FreeNAS.SSH.ppk"
"RemoteCommand"=""
"RFCEnviron"=dword:00000000
"PassiveTelnet"=dword:00000000
"BackspaceIsDelete"=dword:00000001
"RXVTHomeEnd"=dword:00000000
"LinuxFunctionKeys"=dword:00000000
"NoApplicationKeys"=dword:00000000
"NoApplicationCursors"=dword:00000000
"NoMouseReporting"=dword:00000000
"NoRemoteResize"=dword:00000000
"NoAltScreen"=dword:00000000
"NoRemoteWinTitle"=dword:00000000
"RemoteQTitleAction"=dword:00000001
"NoDBackspace"=dword:00000000
"NoRemoteCharset"=dword:00000000
"ApplicationCursorKeys"=dword:00000000
"ApplicationKeypad"=dword:00000000
"NetHackKeypad"=dword:00000000
"AltF4"=dword:00000001
"AltSpace"=dword:00000001
"AltOnly"=dword:00000000
"ComposeKey"=dword:00000000
"CtrlAltKeys"=dword:00000001
"TelnetKey"=dword:00000000
"TelnetRet"=dword:00000001
"LocalEcho"=dword:00000002
"LocalEdit"=dword:00000002
"Answerback"="PuTTY"
"AlwaysOnTop"=dword:00000000
"FullScreenOnAltEnter"=dword:00000000
"HideMousePtr"=dword:00000000
"SunkenEdge"=dword:00000000
"WindowBorder"=dword:00000005
"CurType"=dword:00000001
"BlinkCur"=dword:00000001
"Beep"=dword:00000001
"BeepInd"=dword:00000000
"BellWaveFile"=""
"BellOverload"=dword:00000001
"BellOverloadN"=dword:00000005
"BellOverloadT"=dword:000007d0
"BellOverloadS"=dword:00001388
"ScrollbackLines"=dword:00002710
"DECOriginMode"=dword:00000000
"AutoWrapMode"=dword:00000001
"LFImpliesCR"=dword:00000000
"CRImpliesLF"=dword:00000000
"DisableArabicShaping"=dword:00000000
"DisableBidi"=dword:00000000
"WinNameAlways"=dword:00000001
"WinTitle"="Secure Shell - FreeNAS (Remote)"
"TermWidth"=dword:00000077
"TermHeight"=dword:00000028
"Font"="Lucida Console"
"FontIsBold"=dword:00000000
"FontCharSet"=dword:00000000
"FontHeight"=dword:0000000a
"FontQuality"=dword:00000003
"FontVTMode"=dword:00000004
"UseSystemColours"=dword:00000000
"TryPalette"=dword:00000000
"ANSIColour"=dword:00000001
"Xterm256Colour"=dword:00000001
"BoldAsColour"=dword:00000002
"Colour0"="175,175,175"
"Colour1"="255,125,0"
"Colour2"="25,25,25"
"Colour3"="20,20,20"
"Colour4"="0,163,255"
"Colour5"="0,163,255"
"Colour6"="0,0,0"
"Colour7"="85,85,85"
"Colour8"="187,0,0"
"Colour9"="255,85,85"
"Colour10"="0,187,0"
"Colour11"="85,255,85"
"Colour12"="187,187,0"
"Colour13"="255,255,85"
"Colour14"="0,163,255"
"Colour15"="0,100,255"
"Colour16"="187,0,187"
"Colour17"="255,85,255"
"Colour18"="0,187,187"
"Colour19"="85,255,255"
"Colour20"="187,187,187"
"Colour21"="255,255,255"
"RawCNP"=dword:00000000
"PasteRTF"=dword:00000000
"MouseIsXterm"=dword:00000000
"RectSelect"=dword:00000000
"MouseOverride"=dword:00000001
"Wordness0"="0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"
"Wordness32"="0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1"
"Wordness64"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2"
"Wordness96"="1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1"
"Wordness128"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1"
"Wordness160"="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1"
"Wordness192"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2"
"Wordness224"="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2"
"LineCodePage"="UTF-8"
"CJKAmbigWide"=dword:00000000
"UTF8Override"=dword:00000001
"Printer"=""
"CapsLockCyr"=dword:00000000
"ScrollBar"=dword:00000000
"ScrollBarFullScreen"=dword:00000000
"ScrollOnKey"=dword:00000000
"ScrollOnDisp"=dword:00000001
"EraseToScrollback"=dword:00000001
"LockSize"=dword:00000000
"BCE"=dword:00000001
"BlinkText"=dword:00000000
"X11Forward"=dword:00000000
"X11Display"=""
"X11AuthType"=dword:00000001
"X11AuthFile"=""
"LocalPortAcceptAll"=dword:00000000
"RemotePortAcceptAll"=dword:00000000
"PortForwardings"=""
"BugIgnore1"=dword:00000000
"BugPlainPW1"=dword:00000000
"BugRSA1"=dword:00000000
"BugIgnore2"=dword:00000000
"BugHMAC2"=dword:00000000
"BugDeriveKey2"=dword:00000000
"BugRSAPad2"=dword:00000000
"BugPKSessID2"=dword:00000000
"BugRekey2"=dword:00000000
"BugMaxPkt2"=dword:00000000
"BugWinadj"=dword:00000000
"BugChanReq"=dword:00000000
"StampUtmp"=dword:00000001
"LoginShell"=dword:00000001
"ScrollbarOnLeft"=dword:00000000
"BoldFont"=""
"BoldFontIsBold"=dword:00000000
"BoldFontCharSet"=dword:00000000
"BoldFontHeight"=dword:00000000
"WideFont"=""
"WideFontIsBold"=dword:00000000
"WideFontCharSet"=dword:00000000
"WideFontHeight"=dword:00000000
"WideBoldFont"=""
"WideBoldFontIsBold"=dword:00000000
"WideBoldFontCharSet"=dword:00000000
"WideBoldFontHeight"=dword:00000000
"ShadowBold"=dword:00000000
"ShadowBoldOffset"=dword:00000001
"SerialLine"="COM1"
"SerialSpeed"=dword:00002580
"SerialDataBits"=dword:00000008
"SerialStopHalfbits"=dword:00000002
"SerialParity"=dword:00000000
"SerialFlowControl"=dword:00000001
"WindowClass"=""
"ConnectionSharing"=dword:00000000
"ConnectionSharingUpstream"=dword:00000001
"ConnectionSharingDownstream"=dword:00000001
"SSHManualHostKeys"=""
  • Once each profile has been edited, save as a .reg & merge into registry
    • Once merged, you will immediately see them as profile options in PuTTY
Incorporating Existing Profiles
  • Merge FreeNAS profile after editing the profile name on line:
    • (32) "ProxyTelnetCommand"="plink -v -load Remote.Router.Profile -nc %host:%port"
  • Existing FreeNAS Profile
    • Create a copy of it
      • Under Settings - Connection - Proxy - Telnet Command add:
        plink -v -load Remote.Router.Profile -nc %host:%port
Initiating Multi-Hop
  • Open SSH.FreeNAS.Remote profile
    • If utilizing a password on PKI key:
      • First password request: SSH.OpenWRT.Remote
        Second password request: SSH.FreeNAS.Remote

PSCP commands
  • Push:
    pscp -r -i "C:\Path\To\PuTTY\SSHkeys\FreeNAS.SSH.ppk" -2 -scp -P 22 "D:\Path\To\File.txt" root@192.168.1.20:/path/to/directory
    • Without utilizing PKI
      pscp -r -scp "D:\Path\To\File.txt" -P 22 root@192.168.1.20:/path/to/directory
  • Pull:
    pscp -r -i "C:\Path\To\PuTTY\SSHkeys\FreeNAS.SSH.ppk" -2 -scp -P 22 root@192.168.1.20:/path/to/file.txt "D:\Path\To\Directory"
    • Without utilizing PKI:
      pscp -r -scp root@192.168.1.20:/path/to/directory -P 22 "D:\Path\To\File.txt"

  • -r = copy directories recursively
  • -i = keyfile
  • -2 = -2 (force use of particular SSH protocol version)
  • -scp = force use of SCP protocol
  • -P = connect to specified port
Recommendations
  • GPG4Win
    • PKI & SSL certificate management
    • Seamlessly interfaces with PuTTY & autoloads keys into pageant via Kleopatra

  • WinSCP
    • GUI for transferring files over SSH
    • Explorer like drag & drop
    • Interfaces seamlessly with PuTTY

  • Pageant (part of PuTTY)
    • Best compromise between security & convenience

    • While using, with or without GPG4Win, do not leave PC unsecured
      • Kleopatra will kick you out after ~30 min of terminal inactivity, pageant will not

    • Keeps PKI keys active for a specified amount of time
      • GPG4Win auto loads keys into pageant
      • Pageant only operates on the backend with Kleopatra

  • Load Keys:
    pageant "D:\Path\To\PuTTY\SSHkeys\FreeNAS.ppk" "D:\Path\To\PuTTY\SSHkeys\Router.ppk"

  • Load Key & Start PuTTY:
    pageant "D:\Path\To\PuTTY\SSHkeys\FreeNAS.ppk" "C:\Program Files\PuTTY\putty.exe"
    x64: C:\Program Files (x86)\PuTTY\putty.exe

  • carmorales's HowTo
  • Glorious1's HowTo
 
Last edited:
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
zoomzoom said:
Windows 10 Calculator has a "Programmer" mode with built in hex <--> dec
Click to expand...
So does the Windows Vista-8.1 calculator. ;)

Interesting guide, in any case.
 
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
Ericloewe said:
So does the Windows Vista-8.1 calculator. ;)

Interesting guide, in any case.
Click to expand...
Thanks =]

I couldn't remember if Win 8.1 and prior did or not ;) I'll edit that in tomorrow since I've reached the 30,000 character limit and will need to figure out what to reword.


Sent from my NX6 using TapaTalk
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Well, just Windows Calculator should be fine. Anyone still on XP deserves to spend 2 minutes looking for that option (and I'm not sure they won't find it).
 
Bidule0hm

Bidule0hm

Server Electronics Sorcerer
Joined
Aug 5, 2013
Messages
3,710
I know it exists on Seven and I'm pretty sure it is on XP too ;)
 
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
Ericloewe said:
Well, just Windows Calculator should be fine. Anyone still on XP deserves to spend 2 minutes looking for that option (and I'm not sure they won't find it).
Click to expand...
Bidule0hm said:
I know it exists on Seven and I'm pretty sure it is on XP too ;)
Click to expand...
Thanks! =] Windows 10 Calculator was changed to just Windows Calculator :)
 
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
Last edited:
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
Does anyone know why this does not work with Sophos UTM when multi-hopping via PuTTY? I can multi-hop through Sophos UTM with JuiceSSH on Android, but am not able to do so on PuTTY.
 
G

Gnome

Explorer
Joined
Aug 18, 2011
Messages
87
zoomzoom

zoomzoom

Guru
Joined
Sep 6, 2015
Messages
677
Sophos UTM doesn't allow for that due to security reasons.
  • Due to Sophos' custom written Confd, even if I manually configured it as a bastion host via cli, the change may last a few hours, a few days, a few weeks, or a few months, but eventually the change will be removed whenever Sophos UTM receives an update that updates Confd, the SSH daemon, the numerous firewall daemons, IPS, or a file required by any of the above (Sophos UTM checks for updates every 15 minutes and usually pulls quite a few updates every week).

I'm not sure I understand the viewpoint of this being complicated... An SSH multi-hop is fairly standard and, generally speaking, quite simplistic. All a multi-hop is is one SSH tunnel through an existing SSH tunnel (essentially a bastion configuration without the bastion host).
  • You may be specifically referring to the How To, and due to the specific options that need to be set in PuTTY (or any SSH client), it may appear more complicated than it actually is.
    • All the HowTo does is set up a remote SSH profile (something that needs to be done regardless of a multi-hop), and add a proxy command to the local SSH profile.
 
Last edited:
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "[HowTo] Multi-Hop SSH into FreeNAS"

Similar threads

S
[HOWTO] FreeNAS 11, RancherOS (Docker), and Portainer
2 3 4 5 6
Replies
118
Views
61K
Savell Martin
S
mysticpete
  • Locked
FreeNAS Media Server with PlexMediaServer and Mythtv
2 3
Replies
57
Views
33K
B34N
B34N
S
  • Locked
Guide to backup home computers to CrashPlan on FreeNAS
2
Replies
32
Views
19K
Krzykat
Krzykat
R
  • Locked
[GUIDE] Teamspeak3 on FreeNAS 9.10!
Replies
6
Views
4K
rafadavidc
R
robles
  • Locked
How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT
27 28 29 30 31
Replies
609
Views
271K
zoomzoom
zoomzoom
Top