https://vistapedia.com/api.php?action=feedcontributions&feedformat=atom&user=ForumVistApedia - User contributions [en]2026-04-07T20:50:27ZUser contributionsMediaWiki 1.43.0https://vistapedia.com/index.php?title=SSH_Tunneling_for_CPRS&diff=4534SSH Tunneling for CPRS2006-12-05T00:08:00Z<p>Forum: Added the 127.0.0.1 is the normal local ip address.</p>
<hr />
<div>Marc Krawitz contributed this tutorial to Hardhats.<br />
It is reproduced here as it appeared on [http://groups-beta.google.com/group/Hardhats/t/e586004c6890f228?hl=en Hardhats@googlegroups.com]. 11/29/2006 9:11 PM<br />
<br />
== [Hardhats] Tutorial on ssh tunneling with CPRS ==<br />
<br />
<br />
It took me all day to figure this out, so I thought I would share.<br />
The goal here is to enable CPRS to work remotely by communicating over<br />
the public internet when the target VistA linux server only exposes<br />
port 22 (ssh). The channel needs to be (and is) encrypted of course.<br />
<br />
----<br />
<br />
To do this, make the following changes to /etc/ssh/sshd_config on your<br />
linux server:<br />
<br />
AllowTcpForwarding yes<br />
GatewayPorts yes<br />
TCPKeepAlive yes<br />
ClientAliveInterval 10<br />
ClientAliveCountMax 99999<br />
<br />
Restart sshd:<br />
<br />
/etc/init.d/sshd restart<br />
<br />
----<br />
<br />
Next, create a dedicated linux account with username 'remoteaccess'.<br />
This account will be used to handle the ssh connections. In this<br />
example, I will use an example password of remotepw. For security<br />
purposes, change the shell of 'remoteaccess' to rbash which is a<br />
restricted shell:<br />
<br />
chsh -s /usr/bin/rbash remoteaccess<br />
<br />
Next, edit the .bashrc file for remoteaccess as follows:<br />
<br />
trap exit SIGINT SIGTERM SIGQUIT SIGHUP<br />
stty susp \000<br />
echo "For remote access to VistA only..."<br />
while [ true ]<br />
do<br />
sleep 60000000<br />
done<br />
<br />
----<br />
You are now done setting things up on the linux side. Now we proceed<br />
with the Windows client which runs CPRS:<br />
----<br />
1) Obtain plink.exe from the web. Its essentially a command line<br />
version of putty.<br />
<br />
2) Create the following shortcut on your desktop. This assumes you<br />
have your RPC broker on linux listening on port 9000. Change as<br />
needed. local-ip-of-linux-server is the internal ip address of the<br />
linux server on the network in which it resides.<br />
remote-ip-of-linuxserver is the ip address used to access it on the<br />
public internet.<br />
<br />
plink.exe -N -ssh -l remoteaccess -pw remotepw -L<br />
9000:local-ip-of-linux-server:9000 remote-ip-of-linuxserver<br />
<br />
(local-ip-of-linux-server will normaly be 127.0.0.1)<br />
<br />
Configure the shortcut to run minimized.<br />
<br />
3) Create the following second shortcut on your desktop:<br />
<br />
CPRSChart.exe S=localhost P=9000 CCOW=DISABLE<br />
<br />
To get this work, simply start the 1st shortcut and leave it running<br />
minimized on your taskbar for the duration of the time in which you<br />
will be using CPRS. Then click on the second shortcut to start CPRS.<br />
All communication between CPRS and the server should then occur over<br />
the encrypted connection established by plink on port 22.<br />
<br />
If anyone has suggestions for improvement, feel free to comment.<br />
Also, please review for security holes.<br />
<br />
Thanks,<br />
<br />
Marc<br />
<br />
<br />
--[[User:JohnLeoZ|gra'pa Z]] 20:57, 1 Dec 2006 (CST)</div>Forum