Dropbox 18 – Dropbox Client (Windows)

For Dropbox Clients running Windows we’ll be using Putty.

There are two ways that we can connect to our Dropbox Relay to establish our tunnels. Since we likely aren’t as restricted as our client environments we can connect directly through SSH. We can also connect just like the Dropbox Server over SSL/TLS to the HAProxy on port 443 so that we can block all access to the Dropbox Relay on port 22. Both methods will be demonstrated below.

Create Tunnels (SSH)

Create a session, we’ll name it DBOX01-Tunnels-SSH, with the following basic options.

Host Name: dbox-relay@<FQDN of Dropbox Relay>

Port: 22
Putty Tunnels SSH – General

Set the private key to use for authentication.

Putty Tunnels SSH – Auth

Forward local ports to tunnels on the Dropbox Relay. The local (L) ports here should be noted for use later but are mostly arbitrary (can’t be used by other services). The destination is the Dropbox Relay and those ports must correspond with the reverse SSH tunnels created by the Dropbox Server.

In this example we are creating the following mappings:

Dropbox Server 01 Dropbox Relay Dropbox Client 01
SSH 22 11095 11095
VNC 5901 11096 11096
HTTP Proxy (Squid) 3128 11097 11097
SOCKS Proxy 9999 11098 11098

 

Dropbox Server 02 Dropbox Relay Dropbox Client 02
SSH 22 12095 12095
VNC 5901 12096 12096
HTTP Proxy (Squid) 3128 12097 12097
SOCKS Proxy 9999 12098 12098

 

Putty Tunnels SSH – Tunnels

This will be repeated on the Dropbox Client for as many Dropbox Servers as you have.

After making all of your changes remember to go back up to Session and click Save.

Now select Open and you should be challenged for the passphrase to your private key. After entering it you will have an interactive shell on the Dropbox Relay and all of your tunnels should be tied to local ports.

Create Tunnels (SSL/TLS)

Create a session, we’ll name it DBOX01-Tunnels-SSL, with the following basic options.

Host Name: dbox-relay@localhost

Port: 22

localhost in this case refers to the Dropbox Relay as we will have already created an SSL/TLS tunnel to the host as seen in a subsequent step.

Putty Tunnels SSL – General

The private key authentication and tunnels setup are identical to the same sections in Create Tunnels (SSH).

We do need to configure our SSL/TLS proxy, though.

Under Connection -> Proxy -> Select ‘Local’ and check ‘Consider proxying local host connections’ then enter ‘ncat –ssl-verify <FQDN of Dropbox Relay> 443’ without the quotes under ‘Telnet command, or local proxy command’. This assumes that you have nmap/ncat installed.

Putty Tunnels SSL – Proxy

The only other setting we have to change is directly under Connection. Change ‘Seconds between keepalives’ from 0 to something fairly low, like 10. For the SSH-only solution we don’t need to worry about this, but if you don’t stay constantly active with the SSL/TLS tunnel it will die unless this is modified.

Putty Tunnels SSL – Keepalives

After making all of your changes remember to go back up to Session and click Save.

Now select Open and you should be challenged for the passphrase to your private key. After entering it you will have an interactive shell on the Dropbox Relay and all of your tunnels should be tied to local ports.

Leave a Reply

Your email address will not be published. Required fields are marked *