WebGUI for managing SSH tunnels?

Clouseau

I would like to use pfSense as SSH Gateway. There is all the great SSH features available via cli but it's just so painful to put up the tunnels with default rsa-keys etc… There is excellent WebGui done for pfSense and why not build up one menu for tunnel and key management? There is similar menus for IPSEC, PPTP, L2TP and openVPN so why not add SSH Tunnels?

I know that after this modification pfSense would be the ultimate tunneling applications! pfSense acts now as SSHD but I need also all the features to manage all the connections, tunnels, users and their rsa-keys. Good reference would be Tunnelier application for Windows OS. I use Tunnelier also in Linux running it in Wine. On Linux there is no decent SSH GUI Client as good as Tunnelier.

Totally stupid idea? How to get this request as proposal?

jimp

In pfSense 2.0 there is a user manager and in there you can allow people ssh access, each with their own username, password, ssh keys, etc.

SSH port forwarding/tunnels don't work like other VPN tunnels in quite the same way so it doesn't really make sense to treat them like VPN tunnels.

Clouseau

@jimp:

In pfSense 2.0 there is a user manager and in there you can allow people ssh access, each with their own username, password, ssh keys, etc.

SSH port forwarding/tunnels don't work like other VPN tunnels in quite the same way so it doesn't really make sense to treat them like VPN tunnels.

Yes - pfSense works now when using it like SSHD server on incoming connections! But what you say about that SSH don't work like other VPN tunnels and thats why it should not treat as VPN tunnels is just weird? Thank god it wont work like other VPN tunnels and thats why it so usable and flexible! You are not only able to do port forwarding you are also able map hole networks etc… You really should treat SSH even much higher priority than legacy VPN. You should build in all the advanced ssh options possible! pfSense as ssh gateway is much needed and wanted option. pfSense would be perfect solution for a lot of users if this would be possible! Make it happen because you can!  What we need is that pfSense works like ssh client (not server only).

!! pfSense is just great !!

bytemuncher

@Clouseau,

I totally agree with you.  Right now I am searching for an SSH daemon compatible with Windows 7…because I didn't even know Pfsense had this function!

However, I don't know if I am confident (or ambitious) enough to attempt configuring a tunnel using the cli.  Would be awesome if this was in the WebGui.

Clouseau

@bytemuncher:

@Clouseau,

I totally agree with you.  Right now I am searching for an SSH daemon compatible with Windows 7…because I didn't even know Pfsense had this function!

However, I don't know if I am confident (or ambitious) enough to attempt configuring a tunnel using the cli.  Would be awesome if this was in the WebGui.

On Window I use these:
sshd server for Windows: http://www.freesshd.com/
ssh client for Windows: http://www.bitvise.com/tunnelier

Both works fine!

bytemuncher

@Clouseau:

@bytemuncher:

@Clouseau,

I totally agree with you.  Right now I am searching for an SSH daemon compatible with Windows 7…because I didn't even know Pfsense had this function!

However, I don't know if I am confident (or ambitious) enough to attempt configuring a tunnel using the cli.  Would be awesome if this was in the WebGui.

On Window I use these:
sshd server for Windows: http://www.freesshd.com/
ssh client for Windows: http://www.bitvise.com/tunnelier

Both works fine!

Thanks for the advise.  After much testing I settled on bitvise tunnelier (really cool program) and MobaSSH server.  I tried freesshd but had it has (known) issues with win7 x64.

Clouseau

Still asking after SSH GUI  ;) Is it possible?

Here is some topics why SSH needs a proper GUI on pfSense:
http://forum.pfsense.org/index.php/topic,20283.0.html
http://forum.pfsense.org/index.php/topic,3156.0.html
http://forum.pfsense.org/index.php/topic,8322.0.html
http://forum.pfsense.org/index.php/topic,1986.0.html

I seriously think that SSH should be implemented also in GUI like OpenVPN, IPSEC etc has been…

Is there any reason why not to do it? Should not, beacause there is full SSH support build in by default and I would like to exploit the full power of it as easy as possible. Just make it plain and simple sshd management with goog user and ssh-key manager etc. It's really painfull to edit sshd.conf manually and I rather do setups via GUI. Then they (setups) most likely are done correctly with less errors and mistakes. This topic needs at least proper discussion!

pfSense just is great product and why not make it even beter!

jimp

Patches accepted. :)

deepakgkk2003

Hi Guys,,
I am facing a huge difficulty in accessing the ssh tunnels via pfsense. I have disabled the firewall.
I have trying to create a tunnel to a secure server using ssh. I am unable to do it. I always get permission denied in the cli.
I need an urgent help. Can anybody please help me? I need to setup this for my boss as soon as possible

Efonnes

According to the OpenSSH documentation, it is also possible to use it with tun interfaces for using it to make a VPN connection.  Of course, other VPN types (like OpenVPN, for example) are probably more suitable for that.