Note: For Windows clients we recommend you use SDT Connector (with its java SSH client) to connect to the console server and to SSH tunnel to its attached Managed Devices. However there's a wide selection of commercial (and free) SSH client programs that can also provide these secure SSH connections.
Here's how to set up an SSH tunnel to a Managed Device using the PuTTY client software:
- Open PuTTY and enter the console server IP address as the Host Name in the Session menu. (For dial-in connections, this IP address will be the Local Address that you assigned when you set the console server up as the Dial-In PPP Server whereas for Internet or local/VPN connections this will be the public IP address)
- Select the SSH Protocol and set the Port to 22
- Go to the SSH: Tunnels menu and in Add new forwarded port enter any high unused port number for the Source port e.g 54321
- Set the Destination: IP details
- If the destination Managed Device is network connected to the console server (and you are connecting using RDP for example) set the Destination as <Managed Device IP address/DNS Name>:3389 e.g. if when setting up the Managed Device as Network Host on the console server you specified its IP address to be 192.168.253.1 (or its DNS Name was accounts.myco.intranet.com) then specify the Destination as 192.168.523.1:3389 (or accounts.myco.intranet.com:3389 ). Administrators and Users can only SSH tunnel to devices which have been pre-configured as networked Hosts ... however the "root" user can tunnel to any IP address the console server can route to.
- If the destination Managed Device is serially connected to the console server, set the Destination as <Port Label>:3389 e.g. if the Label you specified on the serial port was "win2k3" then specify the Destination aswin2k3:3389 . Alternative you can set the Destination as portXX:3389 where XX is the SDT enabled serial port number e.g. if port 4 is on the console server is to carry the RDP traffic then specify port04:3389
- Select Local and click the Add button
- Click Open to SSH connect the Client PC to the console server. You will now be prompted for the Username/Password for the console server user
- If you are connecting as a User in the "users" group then you can only SSH tunnel to Hosts and Serial Ports where you have specific access permissions
- If you are connecting as an Administrator (in the "admin" group) then you can connect to any configured Host or Serial Ports (which has SDT enabled)
To set up the secure SSH tunnel for a HTTP browser connection to the Managed Device specify port 80 when setting up theDestination (rather than port 3389 as was used in the RDP example above).
To set up the secure SSH tunnel from the Client (Viewer) PC to the console server for VNC follow the steps above, however when configuring the VNC port redirection specify port 5900 in the Destination IP address.
Note: putty_config has useful examples on configuring PuTTY for SSH tunneling