by
Etienne Liebetrau
Being able to remotely connect to a command line on a server can be extremely useful.
Sophos UTM’s HTML5 VPN Portal allows you to provide this without needing to expose the server directly to the Internet or allowing traditional VPN connections. Essentially the UTM proxies your shell session.
This is great because it can natively support Telnet and SSH, and as long as you are connecting to a SSH capable system, you can easily establish a secure encrypted session.
Let's have a look at how to offer PowerShell over SSH using the Sophos UTM.
The big problem now is that Microsoft Windows only supports Telnet or PowerShell PSSessions. Telnet could help you out in a pinch, but since the session is unencrypted, this is not really feasible. This leaves a serious gap. How do you establish a secure Shell connection to a Windows Server?
The good news is that Microsoft and the PowerShell team have indicated that they will add SSH support in the future. Until then (or with older systems once the support is added), you can use the following method.
It is possible to add SSH access to a Windows server. All you need to do is install a SSH server on the Windows machine.
There are a few free SSH Server options for Windows, but the best one I could find is from Bitvise. They have both a free and a commercial license, with a 30 day trial on the commercial version.
The Bitvise SSH Server allows you to use Enterprise features such as using domain accounts, and offers session tracking and logging. It also give you some options when it comes to selecting the shell you want to present.
At this stage you can test connectivity on the local LAN by establishing a SSH session to the Windows Server. This will confirm that the SSH server is functioning, that the Windows Firewall is not causing any issues, and that you're connecting to the correct shell.
The simplest way to test is to download a copy of the great PuTTY SSH client from https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Now that we have a working SSH server that drops us into a Windows PowerShell session, we can configure the HTML5 VPN portal to serve it. Of course this assumes you have already set up a working User Portal (Sophos UTM Web Admin | Management | UserPortal)
Now you are ready to try it out from your Internet connected test machine using a HTML 5 capable browser (any modern browser). No need to install PuTTY or any other terminal console tools.
This work around enables you to securely grant access to a Windows Server shell until the PowerShell team natively support SSH. The same connection type we used in this article is also a great way to grant access to other Unix / Linux based systems, as well as your network gear, or any other SSH enable device.
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
Configure a URL Redirect with Sophos UTM's Web Application Firewall
Deploying Endpoint Protection with Sophos UTM and Enterprise Console