In the previous part we have generated a SSH key pair and used it for a password-less PuTTY session and for a secure FTP (SFTP) session. More can be done.

SSH Filesystem

With an SSH filesystem you can access all files stored on the server in a designated drive on a Windows system. One tool is called SSHFS and based on SFTP.

* Download win-sshfs at https://code.google.com/p/win-sshfs/ (tested win-sshfs-0.0.1.5-setup.exe)
* Open the sshfs manager.
* Add a session with hostname, port (22), username and importantly the private key file. Snag: the default private key file is not accepted. Return to PuTTYgen, load the default private key and convert to an so-called OpenSSH private key. Store next to the default key but under a different name. For different occasions you need one of them.
* Select a drive letter and mount.

On the Windows filesystem the drive is now available with all the remote server files. It is now possible to run the Netbeans (8) IDE on this filesystem as a local resource. Just select the drive as the source folder and you are done.

Unresolved issues:
* The sshfs website explains the project is on hiatus. Working with unsupported tools is risky business
* A known bug is the inability of Windows to detect symlinks, content may vanish if only the symlink is deleted.

SSHFS does not seem to have a lot of competition. Any alternative tools around that we can give a try?

SSHFS bugs

The tool is not without its bugs. First of all, drive settings are only stored after exiting the program. If you do not explicitly exit the program all settings are lost. More seriously, the tool can simply refuse to work. See this bug report: https://code.google.com/p/win-sshfs/issues/detail?id=15. The error message is not helpful at all: “System.Xml.XmlException: Unexpected end of file”. It does not mention the name of the file. This file turns out to be the config.xml file and is stored in Users\MyUser\AppData\Local\IsolatedStorage and is not destroyed on uninstalling the program. So therefore the bugfix for now is uninstall – destroy config.xml manually – re-install.

Securing github

Key pairs can also be used to secure a github account. For example if you use TortoiseGit
* make sure in settings >> network the SSH client is C:\Program Files\TortoiseGit\bin\TortoiseGitPLink.exe
* go to settings >> remote
* define a remote called “origin”
* add as url the url defined in your github account with syntax git@github.com:account_name/project_name.git
* add the private key as Putty key
* in the github account add the public key in settings >> ssh keys as a single line starting with ssh-rsa (extract from puttygen)

Securing a MySQL connection

For example with HeidiSQL. The basic idea is to login using a SSH connection. The database may then pretend to make a localhost connection. This solution is much more save than old-fashioned PHPMyAdmin.

Start in the session manager with settings:
* Network type is “MySQL (SSH tunnel)”
* The hostname is 127.0.0.1
* The user is the mysql user as defined in your mysql database
* The password is the password required to access the database
* The port is 3306

Then for the SSH tunnel part
* Define the location of the plink.exe tool for example C:\plink.exe
* SSH host plus port are for example the IP number of the server and port 22
* The username is the SSH username
* Leave password empty but may be required in the first run.
* The private key file is the file already generated. It is assumed that the public key is already stored on the server (see previous section)
* Port number is 3307

There are many ways to get settings just wrong….

Advertisements