Securecrt Serial Connection

0 views

Skip to first unread message

Martta

unread,

Aug 5, 2024, 7:15:13 AM8/5/24

to probafrotil

Attimes the need arises to access a number of devices that reside in a remote network behind a single gateway server. One solution would be to establish an SSH connection to the gateway server, and then issue another SSH connection from that server to each of the devices via the remote shell. This can be problematic and time-consuming, especially if more than two jumps are required. Fortunately, there is a better way: dynamic port forwarding.

SecureCRT provides the ability to create an SSH connection with a dynamic port forwarding configuration that can then be used as a SOCKS proxy to reach all machines within a remote network (behind the gateway). Using an SSH SOCKS proxy, any application that is SOCKS 4 or 5 compatible (including other sessions established with SecureCRT) will be able to have their connections forwarded through this SSH SOCKS proxy and on to the desired destination.

This tip focuses on using SecureCRT's dynamic port forwarding functionality with a "Master" session to create an SSH SOCKS proxy associated with a connection to a gateway server. Additional SecureCRT sessions can then connect through the "Master" session's SSH SOCKS proxy to remote servers that are located behind the gateway server. The graphic below illustrates this concept:

With a firewall/proxy configured as explained in the section above, the Session Options dialog for a new or existing session should provide the new firewall (named "Gateway Firewall" in the example) in the category that matches the protocol being used. To elaborate, any session that is configured to connect to the machines behind the gateway server can use this firewall as the Firewall setting in the connection configuration options, as illustrated below:

When connecting through an SSH SOCKS proxy, host name resolution occurs on the SSH gateway server. Therefore, you would specify the Hostname as it is known by the gateway server, which will be making the connection to the host on behalf of SecureCRT.

Once you have a "Master" session in place that gets you to your first gateway machine and sets up the first layer's SSH SOCKS proxy, follow these general steps to "chain" a secondary SSH SOCKS proxy through a primary SSH SOCKS proxy:

Once you have the "Secondary Master" session and corresponding firewall defined within SecureCRT's global options, you can connect to a third-tier machine behind the second gateway machine using these steps:

By default, only connections coming from the loopback adapter (127.*) on the SecureCRT machine are allowed to connect to the SSH SOCKS proxy port. To change the port-forwarding filters so other machines or interfaces are allowed to connect, see the FAQ: How do I modify port-forwarding filters in SecureCRT?

SecureCRT, SecureFX, VShell, Entunnel, AbsoluteFTP, Basepoint, We Listen. Then We Make Software Better., VanDyke Software, and the VanDyke Software logo are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.

Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.

Is there a way to make the WSL2 ip static? I read about it and I was told there was no way to make the IP static, then is there a way to make a SecureCRT connection to WSL2 without having to change the IP adddress in the configs so I don't have to re-enter the ip every time?

The work around is to forward the TCP ports of WSL 2 services to the host OS.

The virtual adapter on WSL 2 machine changes its IP address during reboot which makes it tough to implement a run once solution.

Also a side note, windows firewall will block the redirected port.

Go to search, search for task scheduler. In the actions menu on theright, click on create task.

Enter Name, go to triggers tab. Createa new trigger, with a begin task as you login, set delay to 10s.

Goto the actions and add the script. If you are using Laptop, go tosettings and enable run on power.

SecureCRT is a software terminal emulator that allows SSH (Secure Shell) to access a remote computer or server. SecureCRT supports VT100 emulation, telnet, SSH, Kerberos, and serial port connections. It comes with a scripting language and can be used across Ethernet networks or dial-up connections. The default connection type is SSH2, which complies with the goals for terminal connections to UWIT servers.

SecureCRT may only be downloaded by current UW staff who are Managed Workstation customers or who have accounts on the Administrative Systems (Keynes or Fastrans). The software may be installed on UW-owned computers and personal devices.

We have some unix boxes setup in a way that to get to the development box via ssh, you have to ssh into a 'user@jumpoff' box first. There is no direct connection allowed on 'dev' via ssh from anywhere but 'jumpoff'. Furthermore, only key exchange is allowed on both servers. And you always login to the development box as 'build@dev'.

The problem is I can't get this same thing to work using either PuTTY or SecureCRT -- and to be honest I've not found any tutorials that really walk me through it. I see many on setting up some kind of proxy tunnel for Firefox, but it doesn't seem to be the same concept. I've been messing with various trial and error most all day and nothing has worked (obviously) and I'm at the end of my ssh knowledge and Google searching.

2.) Test that you can connect to the jump-off server as desired. You have indicated that only access with an SSH key is possible: You might want to import that key using ssh-agent functionality (use the "Tools" menu > "Manage Agent Keys..." > "Add...") if you want to enter your passphrase just once.

3.) Set up a new connection for your dev box. As with step 1.), use the correct IP address - 1.2.3.4, as given in your example - and name it "Development box". Save this session in your Sessions folder. Test this connection: It should fail at this point, because you're connecting directly. Close the window.

4.) Right-click on the "Development box" connection in your Sessions folder, and select "Properties". Go to "Connection" -> "SSH2" and click on the "Firewall:" drop-down option. Click on "Select Session...", and then pick "Jump-off server" from the Sessions menu, and then click "OK" to accept the value, then "OK" again to exit the properties menu.

This now associates your jump-off box with your development box, so it is used as an intermediary when trying to establish a connection to your development box. It even works if you have a different SSH port in use on your jump-off box (e.g. 65000) versus your development box (e.g. 22), because SecureCRT will simply use the configuration you have set up for each host.

It does seem that PuTTY version 0.59 and later supports ProxyCommand-like syntax; see, for example, this blog post. You most likely don't want to use SOCKS. You want to be careful about having strong passphrases for your keys; it's not clear from your OpenSSH example whether you have any passphrase on your key or whether you're using ssh-agent or the like.

The Connect dialog for SecureCRT for Windows and SecureFX is built around named sessions allowing you to configure, save, and recall a number of session options. With the Connect dialog, you have several straightforward ways to organize and manage sessions that can save you time and effort, especially if you connect to many hosts or run shell and file transfer connections to the same server.

This tip assumes that you know how to use the Connect dialog to add a new session, open a connection, and edit a session. It also assumes that you are familiar with right-clicking on a selected item to choose from available commands. The next step is to acquaint you with the Connect toolbar buttons and context (right-click) menu commands.

SecureCRT is a Windows terminal emulator that supports the SSH protocol. You must use a secure connection like SSH to connect to a remote computer on the Engineering Computer Network. ITS (Information Technology Services) requires secure connections; other sites you want to connect to may as well.

You access remote sites by entering a hostname (such as login.engineering.uiowa.edu). SSH must be supported by both the client and the server. To use SecureCRT go to Start All Programs SecureCRT 6.5

Once downloaded to your machine, follow the directions on the ITS site to install SecureCRT. During the installation you can make choices about the installation. The Select Directory screen allows you to specify where the program is installed. On Select Profile Options you choose the program group and whether or not icons are added to the desktop and Start menu. Choose to install the Protocols and Command Line Tools that you will use.

Using the hostname login (login.engineering.uiowa.edu) as shown above or if using GPU computing login-gpu (or login-gpu.engineering.uiowa.edu) connects to GPU compute capable Linux systems.

If you connect to login.engineering.uiowa.edu you will connect to a Linux workstation. If you want to specify the Linux machine to connect to, in the Hostname: field, use a valid Linux machine name.

SSH authenticates with your login ID and password encrypted. SSH encrypts not only the login ID and password but also the entire session. SSH also provides an integrated way to transfer files without having to open an insecure ftp connection. You must use a secure connection like SSH to connect to a remote computer on the Engineering Computer Network.