PowerShell Server 2016
PowerShell Server 2016
Questions / Feedback?

Tunnels

The Tunnels tab holds the configuration for SSL and SSH Reverse Tunnel related settings. The information provided in the list is as follows:

  • Tunnel Name provides a friendly name for the tunnel.
  • Type indicates the type of tunnel. Plaintext, SSL, and SSH Reverse Tunnels are supported.
  • Listening Host indicates where the tunnel is listening.
  • Forwarding host indicates where the tunnel is directing its traffic.
  • SSH Server is the SSH server that PowerShell Server will connect to in order to establish the SSH Reverse Tunnel.
  • User is the username PowerShell Server will use to authenticate to the SSH server.
  • Status indicates whether the tunnel is Enabled or Disabled.
Clicking the Add... or Edit buttons will present a form that can be used to create a new tunnel, or edit an existing one, and clicking Delete will remove the selected tunnel.

Note that granular control for tunnels is available via the registry, where the reconnection logic, as well as other settings can be modified. These registry keys are documented on the SSL Tunnels and SSH Reverse Tunnels pages.

SSH Reverse Tunnels

SSH Reverse Tunnels provide a way to allow connections to network resources that would not typically be accessible. For example, a device behind a firewall that would not typically be accessible to the outside world, can be accessed through a SSH Reverse Tunnel. The client connects to the publicly accessible port on the SSH host and traffic is forwarded to the endpoint inside the network protected by the firewall.

In the above diagram, assume that PowerShell Server and the host identified by Server are on the same network, isolated from the Client. SSH Host is accessible by the Client. For the sake of clarity, assume that Port XXXX is 7777, but any open port may be used.

PowerShell Server connects to a SSH Host and requests that the incoming traffic on Port 7777 be forwarded back to PowerShell Server, which will then be directed to Server. Once this tunnel has been established, Client will then be able to connect to SSH Host on Port 7777 in order to communicate with Server.

When adding or editing a SSH Reverse Tunnel the following settings are available:

  • Enabled indicates whether the tunnel should be active or not.
  • Tunnel Name provides a friendly name for the tunnel.
  • Tunnel Type indicates the type of tunnel. Plaintext, SSL, and SSH Reverse Tunnels are supported.
  • Remote SSH Host is the SSH server that PowerShell Server will connect to in order to establish the SSH Reverse Tunnel.
  • Remote SSH Port is the port on which communication with the SSH server will take place. Most servers use port 22, which is the default value.
  • AuthMode is the type of authentication that will be attempted when logging in to the server. Password and Public Key authentication are supported.
  • Username is the username PowerShell Server will use to authenticate to the SSH server.
  • Password is the password PowerShell Server will use to authenticate to SSH server when using Password authentication.
  • SSH Client Key is the certificate PowerShell Server will use to authenticate to the SSH server during Public Key authentication.
  • Server Fingerprint indicates the SSH host key fingerprint of the server. This value is read-only and purely informational.
  • Listening Port indicates the port on which the SSH server will listen for the tunneled traffic.
  • Forwarding Host is the host where the tunneled traffic will be forwarded.
  • Forwarding Port is the port to which the tunneled traffic will be forwarded.

Once the necessary information has been entered, the Test SSH Connection button may be used to test the connection to the SSH server in order to verify the validity of the information provided.

SSL Tunnels

SSL Tunnels support outgoing connections to both SSL and plaintext hosts, and can receive both SSL and plaintext incoming connection attempts. These settings can be used in any combination, allowing for secure connections to what would otherwise be plaintext resources, and vice versa.

When adding or editing an SSL Tunnel the following settings are available:

  • Enabled indicates whether the tunnel should be active or not.
  • Tunnel Name provides a friendly name for the tunnel.
  • Tunnel Type indicates the type of tunnel. SSL (or plaintext) and SSH Reverse Tunnels are supported.
  • Secure Server (SSL) determines whether incoming connections must negotiate SSL.
  • Certificate specifies a certificate with private key used when accepting incoming SSL connections.
  • Listening Port indicates the port on which the server will listen for the tunneled traffic.
  • Forwarding Host is the host where the tunneled traffic will be forwarded.
  • Forwarding Port is the port to which the tunneled traffic will be forwarded.
  • Server Certificate is the forwarding host's public certificate; this can be detected and accepted on-the-fly by testing the outgoing connection.
  • Accept Any Server Certificate determines whether the tunnel will automatically trust any certificate presented by the forwarding host.

The Test Connection button can be used to verify outgoing connection settings. During a connection test, the option to accept server certificates is available if the forwarding host presents a certificate that is not already trusted (and the Accept Any Server Certificate option is not enabled). This will automatically update the outgoing connection settings.

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
PowerShell Server 2016 - Version 16.0 [Build 6446]