Automatic SSH tunneling from Windows

Question

I'm trying to set up a Windows computer to always have two SSH tunnels to my Linux server.

Currently, I'm using PuTTY to open the two SSH tunnels: I log in to the server in PuTTY, leave it minimized, and never touch it. This works well, except when the SSH connection drops: PuTTY displays an error message, and I need to manually close the error and reconnect to the server.

What I'd like to do is have an application that can set up the two SSH tunnels, and can automatically reconnect, without needing to manually do anything, including enter a password. The data I'm sending across the two tunnels is VNC connections, so I often won't be at the machine to clear errors and enter passwords. The two tunnels are one local tunnel, and one remote tunnel.

(Yes, I am aware of the hazards of automatically logging in to SSH. I'm planning on making a dedicated user with no privileges and not allowed to interactively log in, and use that.)

I did find this question: How to reliably keep an SSH tunnel open?, but that's using Linux as the SSH client, and I'm using Windows.

Answer 1

Try Bitvise Tunnelier - it works for me. I set it to establish SSH tunnels while only being visible as a tray icon. It establishes the SSH connection on startup and re-establishes it as soon as connectivity is restored after a cut or after the system went to sleep. I still prefer the looks of the Putty console, so I keep using it - but for keeping tunnels up I now use Tunnelier. The only major downside I have found is the lack of IPv6 support, which Putty provides with no user action needed.

Answer 2

Try MyEnTunnel. It can reconnect at connections failures.

Answer 3

I tried many solutions like SSH tunnel managers, but all were inconvinient for me: too many configuration screens, sometimes buggy (one time SSH tunnel manager purged all! settings I had! So I had to restore settings for all 30 tunnels). So they all lost my trust. That's why I come up with custom Powershell script, easy configurable, changeable, small, but works. Posted here and below:

To start using it you need a config like this:

# LocalPort TargetHost  TargetPort  SshHost SshUsername SshKeyPath 
18080   google.com  80  bastion.example.com User    D:\secure\path\to\private_key.ppk

Save it as a config.csv. And use a powershell script to keep it up is:

<#
.SYNOPSIS
  Powershell script for keeping ssh tunnel up and running

.DESCRIPTION
  This script uses configuration of tunnels located in config.csv. For more information visit http://tsherlock.tech/2019/03/13/simple-ssh-tunnel-auto-reconnect-using-putty-and-powershell/

.NOTES
  Version:        1.0
  Author:         Anton Shkuratov
  Creation Date:  2019-03-13
  Purpose/Change: Initial script development

#>

$currentDir = $PSScriptRoot
if (-not $env:PATH.Contains($currentDir)) {
  $env:PATH="$env:PATH;$currentDir"
}

# Check plink is accessible
try {
  Start-Process plink.exe -WindowStyle Hidden
} catch {
  Write-Host Error running plink.exe Please make sure its path is in PATH environment variable
  EXIT 1
}

# Parse config
$config = [System.IO.File]::ReadAllLines("$currentDir\config.csv");
$bindings = New-Object System.Collections.ArrayList
$regex = New-Object System.Text.RegularExpressions.Regex("(\d)+\s([^ ]+)\s(\d+)\s([^ ]+)\s([^ ]+)\s([^ ]+)", [System.Text.RegularExpressions.RegexOptions]::IgnoreCase);
$keyPasswords = @{}
$procs = @{}

foreach($line in $config) {
  $match = $regex.Match($line)

  if ($match.Success) {
    $sshKey = $match.Groups[6];

    $bindings.Add(@{
      LocalPort = $match.Groups[1];
      TargetHost = $match.Groups[2];
      TargetPort = $match.Groups.Groups[3];
      SshHost = $match.Groups[4];
      SshUser = $match.Groups[5];
      SshKey = $match.Groups[6];
    });

    if (-not $keyPasswords.ContainsKey($sshKey)) {
      $pass = Read-Host "Please enter password for key (if set): $sshKey" -AsSecureString
      $keyPasswords.Add($sshKey, $pass);
    }
  }
}

# Starting Processes
function EnsureRunning($procs, $keyPasswords, $binding) {

  if ($procs.ContainsKey($binding) -and $procs[$binding].HasExited) {

    $proc = $procs[$binding]
    $sshKey = $binding.sshKey
    $out = $proc.StandardError.ReadToEnd()

    if ($out.Contains("Wrong passphrase")) {
      Write-Host "Wrong pass phrase for $sshKey, please re-enter"
      $pass = Read-Host "Please enter password for key: $sshKey" -AsSecureString
      $keyPasswords[$sshKey] = $pass;
    } else {
      $exitCode = $proc.ExitCode
      $tHost = $binding.sshHost

      Write-Host "Connection to $tHost is lost, exit code: $exitCode"
    }
  }

  if (-not $procs.ContainsKey($binding) -or $procs[$binding].HasExited) {
    $sshUser = $binding.SshUser
    $sshHost = $binding.SshHost
    $sshKey = $binding.SshKey
    $lPort = $binding.LocalPort
    $tPort = $binding.TargetPort
    $tHost = $binding.TargetHost
    $sshKeyPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($keyPasswords[$sshKey]))

    $psi = New-Object System.Diagnostics.ProcessStartInfo;
    $psi.FileName = "plink.exe";
    $psi.UseShellExecute = $false;

    $psi.CreateNoWindow = $true;
    $psi.RedirectStandardInput = $true;
    $psi.RedirectStandardError = $true;

    $psi.Arguments = "-ssh $sshUser@$sshHost -i `"$sshKey`" -batch -pw $sshKeyPass -L $lPort`:$tHost`:$tPort"

    $proc = [System.Diagnostics.Process]::Start($psi);

    Start-Sleep 1

    if (-not $proc.HasExited) {
      Write-Host Connected to $sshUser@$sshHost
    }

    $procs[$binding] = $proc;
  }
}

function EnsureAllRunning($procs, $keyPasswords, $bindings) {
  while($true) {
    foreach($binding in $bindings) {
      EnsureRunning $procs $keyPasswords $binding
    }
    Start-Sleep 1
  }
}


try {
  # Waiting for exit command
  Write-Host Working... Press Ctrl+C to stop execution...
  EnsureAllRunning $procs $keyPasswords $bindings
} finally {
  # Clean up
  Write-Host Clean up

  foreach($proc in $procs.Values) {
    if ($proc -ne $null -and -not $proc.HasExited) {
      $proc.Kill();
    }
  }
}

After it is configured just run it like:

powershell -File autossh.ps1

Answer 4

Two great tools :

Both have those features :

• Could be automated at boot
• Opensource
• Manage many tunnels at the same time
• Could reside in the system tray
• Free of charge (Mobaxterm have a free version)
• Encrypt stored password

1. Mobaxterm

Site : http://mobaxterm.mobatek.net/

Capture :

2. SSH Tunnel Manager

Site : https://code.google.com/archive/p/ssh-tunnel-manager/

Capture :

Answer 5

Have a look at Xshell - it's more scriptable than PuTTY and is free for home use (if that's where you need to use it). It claims to have an auto-reconnect feature but I haven't tried it and have been on a Linux-based laptop for a good few months now so don't have any means to test it at the mo.

Answer 6

If your a fan of Putty, try out Putty Tray.

It has a few additional functions, including attempting to auto-reconnect after a connection failure and reconnecting when your computer wakes from standby.

As already mentioned by someone else, I'd combine this with public-key authentication with no pass-phrase.

In theory this should be pretty reliable, but i'm no security expert so can't advise you on that front.

Answer 7

I googled it and gota a few results for your question, basically you could always try a search combo of automate putty login which I did. Here is a particularly useful result that should suit you:

http://www.neox.net/w/2008/04/22/putty-auto-login-macro-putty-connection-manager/

It walks you through how to setup a macro for putty. Also download Putty connection manager here (as the link is broken from initial link):

http://sourceforge.net/projects/puttycm/

Answer 8

I used Putty as well and had the same problem until I found a better solution - Try ADVSoft Persistent SSH https://persistentssh.com works as a Windows service and keeps SSH tunnels in run state. Free for personal use, no need to install anything else.

Answer 9

This simple PS script works well for me.

while($true) {
    echo "Starting Proxy"
    ssh <host> -R 23000:localhost:2276 -N
    echo "Connection Error"
    echo "Sleeping 10s"
    Start-Sleep -Seconds 10
}