%META:TOPICINFO{author="ChrisBartram" date="1170459708" format="1.1" version="1.1"}%
%META:TOPICPARENT{name="Hp3000Security"}%
---+ [[Hp3000SshTunnel][Setting up a SSH Tunnel to the HP3000]]

We have a desire to have all traffic inside our LAN to be encrypted, so that it cannot be easily sniffed. On the Unix/Linux side we are using SSH:

If you can isolate the HP3K's subnet, or at least the path from the router to the HP3K, you can do this cheaply and with relative ease (but does require tweaking each user's desktop) using a linux/unix gateway box.

There are many ways to do this.  You need a windows-based tool that can do port forwarding over SSH.  Plain old putty (http://www.putty.nl) will do as an easy freebie, but there are other (more confusing) tools like stunnel.  For simplicity, here's how you do it with putty.

Setup an SSH session in putty to the linux box - run putty, enter the hostname and a session name, then go to Connection... SSH... Tunnels. Be sure the "local" radio box is selected.  Enter any available source port number (for simplicity, use '23' for telnet or '1570' for NS/VT). In the "destination" box enter the HP3K's address and port number, e.g., 'my3kassociates.company.com:1570' and click "Add".  Go back to Session to Save your configuration.

Now just connect to the gateway box using this saved session configuration.  You'll have to authenticate to the gateway as usual for an SSH session.  Then you can minimize this window, the tunnel setup is complete.

Finally, crank up your favorite HP terminal emulator and connect to "localhost" (telnet if you setup 23, NS/VT if you setup 1570).   Tah dah!

You now have SSH-encrypted traffic between the client and the gateway box, and the plaintext telnet or NS/VT only between the gateway and HP3K.

[[JeffKell]]


-- Main.ChrisBartram - 02 Feb 2007