Setting up SSH using DD-WRT

Requirements:

·        Router running DD-WRT.  I’m using a BETA v24 SP2 build so some stuff might be different in your router interface.

·        Router must be running DDNS (I use DynDNS.org) and setup correctly or you’ll need to know your IP address given to you by your ISP. 

**This will need to be setup if you’d like to access the SSH server remotely.**

·        You’ll need an SSH program.  There are many out there but for this example I’m using PuTTy on Windows XP.  You can download the program here.

Setup SSH Keys using PuTTygen

After you’ve downloaded and installed putty, you’ll need to generate a private and public key to login to your SSH server (DD-WRT router running SSH).

  1. Open up PuTTygen and click on the “Generate” button, I kept the default SSH-2 RSA settings selected as well as the 1024 bit key.  You’ll have to move your mouse around the window to generate random numbers.

  1. Once putty is finished generating the keys you’ll want to add some comments as well as save the private key somewhere on your computer.  You’ll also want to copy the public key to notepad or MS word as later you’ll be copying this onto the SSH server.

Setup SSH on DD_WRT router

Now that we’ve generated a public and private key we’re going to configure SSH on our DD-WRT router. 

  1. You’ll need to find your services tab.  Please keep in mind some versions of DD-WRT have this located in different location but mine is located in Administration>Services>Secure Shell.
  2. Enable SSHd and paste in the public key you copied in step 2 above into the “Authorized Keys” field.

  1. You’ll also need to enable Remote SSH management under Administration>Management. 

**NOTE: This has to be enable if you’d like to access SSH remotely.**

 

Setup SSH client

Now that we’ve got our SSH server running we’ll need to configure our SSH client.

  1. Open up PuTTy
  2. Plug-in your Hostname for your router (this is your DDNS or IP address), supply a name for the session, and save it.

  1. Go to SSH>Auth and browse to the saved location of the private key you created in step 2 using the PuTTyGen utility.

  1. Go back to Session and make sure to save these changes. 

**NOTE: Always make sure to save any changes made to your sessions in the Session>”Save” button when making any changes.**

  1. Click on the “Open” button to test connection.  You’ll need to login using your username and password to DD-WRT.  You’ll also need to specify your key passphrase that you setup in step 2 of the key generation.

 

SSH tunneling with Remote Desktop

You can use SSH to secure pretty much any network traffic you want via SSH tunneling.  In this example I’m going to setup Microsoft Remote Desktop to connect to my home computer. 

  1. Go to SSH>Tunnels
  2. Select the “Local” option and type the desired local Source Port to use (I used 3390 for this example) and the Destination IP address of your home desktop as well as the remote desktop port forwarded on your router (I used 3389 for this example which is the default port for Microsoft Remote Desktop Protocol).

  1. Save the connection and connect to the SSH server.  After successfully logging in make sure to leave the SSH login window open or just minimize the window.

  1. Now open up your Remote Desktop Connection and type in “localhost:3390” and hit connect.  You’re now connected securely to your home desktop through SSH!

SSH tunneling with Mozilla Firefox

Setting up Mozilla is a great way to secure your web traffic to circumvent work firewall restrictions or when you’re using a public wireless network at the airport or coffee shop.  You could also use PuttyPortable and MozillaFirefoxPortable on a USB drive when you’re not using your own machine.  Now all you have to worry about is spilling coffee on yourself or your laptop instead of someone sniffing your network packets at the coffee shop.

  1. Go to SSH>Tunnels.
  2. In the port forwarding section type in any port you’d like (I used 9999), select the “Dynamic” option, and click “Add”.

  1. Now we’re going add an additional profile in Mozilla Firefox.  Please note that only one Mozilla Firefox profile can be run simultaneously at once, kind of a pain but at least you have option to have multiple profiles. 
  2. To setup multiple profiles in Firefox open up a run command and type the following: "C:\program files\Mozilla Firefox\firefox.exe" –profilemanager.  You can also do this from a dos prompt.

  1. Click on the “Create Profile…” button.  I like to uncheck “Don’t ask at startup” so when I open up Firefox I get the option of what type of web browsing I’d like to do.

  1. Go through the prompts and name it whatever you want.
  2. Now launch your newly created Firefox profile so we can setup our network proxy settings.
  3. Go to Tools>Options>Advanced Tab>Network Tab>click on the “Settings” button.
  4. Under Connections Settings setup the SOCKS Host as "localhost" with port "9999" or whatever port you specified in step 2 above:

  1. Connect to SSH and open up your newly created Secure Web browsing Firefox profile.  You now have secured Firefox browsing thanks to SSH, Firefox, and the good old boys at DD-WRT.
  2. One good way to check to see if it’s working is to go to www.whatismyip.com and check to see if you have a different IP address then the network you are on.  If it’s working it should be the IP address of your home router.

 

Created by hotsauce @ www.playingforoctober.com

Questions and comments can be directed to the comments section of this post.