Cisco Prime Optical Installation Guide, 9.5 - Appendix G: Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding [Cisco Prime Optical]

Table Of Contents

Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding

Prime Optical Client on Windows (using SSH tunneling)

Prime Optical Client on UNIX (using SSH tunneling)

Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding

This appendix describes how to configure the Prime Optical client to route all its outbound network (TCP) connections to a SOCKS proxy server. The following hosts are involved:

•Proxy host

•Client host, on which the Prime Optical client runs

•Server host, on which the Prime Optical server runs

Figure G-1 explains the route of a connection. Every outbound connection of the client host, instead of being sent directly to the server host, is tunneled to the SSH port (22) of the proxy. Alternatively, you can also configure the server host to act as a proxy host. If configured, the Secure Shell Daemon (SSHD) service runs on the server host.

Figure G-1 Route of a Connection

The proxy host must satisfy the following prerequisites:

•No firewall is present between the proxy host and the server host. In other words, the proxy host must be able to establish a connection on every port on the server host.

•A UNIX user has been created on the proxy host.

Note Cisco recommends that you avoid using the root UNIX user as the endpoint of the SSH tunnel.

•The Proxy host is SSH-enabled.

•You have changed the AllowTcpForwarding property value in the /etc/ssh/sshd_config file to yes and then restarted the SSH service.

Prime Optical Client on Windows (using SSH tunneling)

This procedure explains the steps involved in configuring the Prime Optical client route and all its outbound connections into an SSH tunnel. This SSH tunnel connection is between the client machine and the proxy host. At the end of this procedure, the client will begin to use SOCKS through an SSH tunnel.

To log into the client:

Step 1 On the client machine, go to http://www.putty.org and download the plink.exe file.

Step 2 Open a command prompt (cmd.exe), and then change directory to the location where plink.exe has been saved.

Step 3 Execute the following command:
plink -N -D <proxy_port> <proxy_user>@<proxy_host>
For example:
plink -N -D 10080 myuser@myproxyhost
Note•The <proxy_user> user must exist on <proxy_host>. For security reasons, do not use root user for this purpose.
•Ensure that the <proxy_port> is not already in use on the client host. You can use the netstat command to verify if it is already in use.

Step 4 Enter the user's password when prompted.

Caution To avoid SSH being dropped, do not close the command prompt during the procedure or after the user has logged in.

Step 5 Launch the Prime Optical client.

Step 6 At the login screen, enter the server hostname, and the Prime Optical username and password.

Note Do not click the Login button at this time.

Step 7 Click Configure Settings.

Figure G-2 Cisco Prime Optical - Login

Step 8 In the Configure Settings dialog box, perform the following:

•Check the Connect server Through SOCKS Server check box.

•Enter "localhost" in the SOCKS Host field.

•Enter a value for Port that is the same as the port value specified in the plink.exe command (for example, 10080).

•(Optional) Check the Save as Default check box to save the SOCKS settings for the next time you log in.

Click Save.

Step 9 Click Login.

Prime Optical Client on UNIX (using SSH tunneling)

This procedure explains the steps involved in configuring the Prime Optical client route and all its outbound connections into an SSH tunnel. This SSH tunnel connection is between the client machine and the proxy host. Use this procedure if the Prime Optical client is launched on Solaris or Linux. At the end of this procedure, the client will begin to use SOCKS through an SSH tunnel.

To log into the client:

Step 1 On the client machine, open a terminal window and enter the following command:
ssh -N -D <proxy_port> <proxy_user>@<proxy_host>
For example:
ssh -N -D 10080 myuser@myproxyhost
Note The <proxy_user> user must exist on <proxy_host>. For security reasons, do not use root user for this purpose.

Step 2 Enter the user's password when prompted.

Caution To avoid SSH being dropped, do not close the command prompt during the procedure or after the user has logged in.

Step 3 Launch the Prime Optical client.

Step 4 At the login screen, enter the server hostname, and the Prime Optical username and password.

Note Do not click the Login button at this time.

Step 5 Click Configure Settings.

Step 6 In the Configure Settings dialog box, perform the following:

•Check the Connect server Through SOCKS Server check box.

•Enter "localhost" in the SOCKS Host field.

•Enter a value for Port that is the same as the port value specified in the plink.exe command (for example, 10080).

•(Optional) Check the Save as Default check box to save the SOCKS settings for the next time you log in.

Click Save.

Step 7 Click Login.

	Cisco Prime Optical Installation Guide, 9.5
	Appendix G: Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding
Cisco Prime Optical Installation Guide, 9.5 Preface Chapter 1: Getting Started Chapter 2: System Requirements Chapter 3: Installing Cisco Prime Optical 9.5 and Oracle 11g Chapter 4: Using the Cisco Prime Optical Data Migrator Wizard Chapter 5: Installing Cisco Prime Optical GateWay/CORBA Chapter 6: Installing the Cisco Prime Optical Client Appendix A: Installing and Patching Oracle Appendix B: Understanding Installation Error Messages Appendix C: Uninstalling Cisco Prime Optical Appendix D: Mounting and Unmounting DVDs Appendix E: Changing the Cisco Prime Optical Server IP Address Appendix F: Verifying the Integrity of the Cisco Prime Optical Installation ISO Images Appendix G: Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding	Download this chapter Appendix G: Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding Download the complete book Book-length PDF (PDF - 750 KB) Feedback Table Of Contents Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding Prime Optical Client on Windows (using SSH tunneling) Prime Optical Client on UNIX (using SSH tunneling) Setting Up Client-Server Encrypted Connections Through SSH Tunneling and SOCKS Proxy Forwarding This appendix describes how to configure the Prime Optical client to route all its outbound network (TCP) connections to a SOCKS proxy server. The following hosts are involved: •Proxy host •Client host, on which the Prime Optical client runs •Server host, on which the Prime Optical server runs Figure G-1 explains the route of a connection. Every outbound connection of the client host, instead of being sent directly to the server host, is tunneled to the SSH port (22) of the proxy. Alternatively, you can also configure the server host to act as a proxy host. If configured, the Secure Shell Daemon (SSHD) service runs on the server host. Figure G-1 Route of a Connection The proxy host must satisfy the following prerequisites: •No firewall is present between the proxy host and the server host. In other words, the proxy host must be able to establish a connection on every port on the server host. •A UNIX user has been created on the proxy host. Note Cisco recommends that you avoid using the root UNIX user as the endpoint of the SSH tunnel. •The Proxy host is SSH-enabled. •You have changed the AllowTcpForwarding property value in the /etc/ssh/sshd_config file to yes and then restarted the SSH service. Prime Optical Client on Windows (using SSH tunneling) This procedure explains the steps involved in configuring the Prime Optical client route and all its outbound connections into an SSH tunnel. This SSH tunnel connection is between the client machine and the proxy host. At the end of this procedure, the client will begin to use SOCKS through an SSH tunnel. To log into the client: Step 1 On the client machine, go to http://www.putty.org and download the plink.exe file. Step 2 Open a command prompt (cmd.exe), and then change directory to the location where plink.exe has been saved. Step 3 Execute the following command: plink -N -D <proxy_port> <proxy_user>@<proxy_host> For example: plink -N -D 10080 myuser@myproxyhost Note•The <proxy_user> user must exist on <proxy_host>. For security reasons, do not use root user for this purpose. •Ensure that the <proxy_port> is not already in use on the client host. You can use the netstat command to verify if it is already in use. Step 4 Enter the user's password when prompted. Caution To avoid SSH being dropped, do not close the command prompt during the procedure or after the user has logged in. Step 5 Launch the Prime Optical client. Step 6 At the login screen, enter the server hostname, and the Prime Optical username and password. Note Do not click the Login button at this time. Step 7 Click Configure Settings. Figure G-2 Cisco Prime Optical - Login Step 8 In the Configure Settings dialog box, perform the following: •Check the Connect server Through SOCKS Server check box. •Enter "localhost" in the SOCKS Host field. •Enter a value for Port that is the same as the port value specified in the plink.exe command (for example, 10080). •(Optional) Check the Save as Default check box to save the SOCKS settings for the next time you log in. Click Save. Step 9 Click Login. Prime Optical Client on UNIX (using SSH tunneling) This procedure explains the steps involved in configuring the Prime Optical client route and all its outbound connections into an SSH tunnel. This SSH tunnel connection is between the client machine and the proxy host. Use this procedure if the Prime Optical client is launched on Solaris or Linux. At the end of this procedure, the client will begin to use SOCKS through an SSH tunnel. To log into the client: Step 1 On the client machine, open a terminal window and enter the following command: ssh -N -D <proxy_port> <proxy_user>@<proxy_host> For example: ssh -N -D 10080 myuser@myproxyhost Note The <proxy_user> user must exist on <proxy_host>. For security reasons, do not use root user for this purpose. Step 2 Enter the user's password when prompted. Caution To avoid SSH being dropped, do not close the command prompt during the procedure or after the user has logged in. Step 3 Launch the Prime Optical client. Step 4 At the login screen, enter the server hostname, and the Prime Optical username and password. Note Do not click the Login button at this time. Step 5 Click Configure Settings. Step 6 In the Configure Settings dialog box, perform the following: •Check the Connect server Through SOCKS Server check box. •Enter "localhost" in the SOCKS Host field. •Enter a value for Port that is the same as the port value specified in the plink.exe command (for example, 10080). •(Optional) Check the Save as Default check box to save the SOCKS settings for the next time you log in. Click Save. Step 7 Click Login.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks