Difference between revisions of "Remote desktop using SSH tunneling"

(Created page with "Category:Linux =Principle= Sometimes you cannot open the external Windows RDP port TCP 3389. It can be for a security reason or simply because you do not manage your co...")
 
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Linux]]
 
[[Category:Linux]]
 
  
 
=Principle=
 
=Principle=
Line 9: Line 8:
 
To overcome this problem you can use a SSH tunnel. That's how it look like:
 
To overcome this problem you can use a SSH tunnel. That's how it look like:
  
 +
[[File:Tunnel SSH.png|950px]]
 +
 +
 +
=Requirements=
 +
 +
* You must be able to SSH to the middle server (''code.vehco.com'' in the example) from both ends [source + target].
 +
* The '''source''' computer is a Windows workstation.
 +
* The '''target''' computer can be anything: iPad, Windows, Linux, Android...
 +
 +
 +
 +
=Source PC=
 +
 +
==Requirements==
 +
 +
 +
* Windows computer with RDP enable
 +
* Bitvise # Tunnelier -> http://www.bitvise.com/download-area
 +
 +
 +
==How to proceed?==
 +
 +
 +
* Enable Windows RDP​
 +
* Install Bitvise # Tunnelier
 +
* Create a SSH tunnel
 +
** Start Tunnelier
 +
** Go to the '''S2C''' tab
 +
** '''Add''' a new entry
 +
*** LISTEN => remote server (''code.vehco.com'' in that example)
 +
**** LISTEN interface: 127.0.0.1 ​
 +
**** LISTEN port: what_you_want (ex: 60001)
 +
*** DESTINATION => local machine (RDP server)
 +
**** DESTINATION interface: localhost
 +
**** DESTINATION port: 3389
 +
** Go to the '''login''' tab
 +
*** server: code.vehco.com
 +
*** port: TCP 22
 +
*** login: ''myLogin''
 +
*** passwd: ''myPassword''
 +
** '''​Save''' your profile
 +
** ''Start'' your profile
 +
 +
 +
 +
==How to start Bitvise on boot?==
 +
 +
To start Bitvise automatically:
 +
 +
 +
* ​Create a new entry in your Windows > Start menu > startup ​folder
 +
* put the following shortcut: "C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup
 +
 +
 +
where ''portforward.tlp'' is the name of your profile.
 +
 +
 +
 +
'''Limitations'''
 +
 +
 +
* [!] You have to log-in on your PC for the SSH tunnel to work.
 +
* [!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore.
 +
 +
 +
 +
 +
=Target PC - Windows computer=
 +
 +
 +
==Requirements==
  
  
 +
* Bitvise # Tunnelier -> http://www.bitvise.com/download-area
  
  
Due to the latency the result might be a little "slow", so let's consider that as a Plan B​.
+
==How to proceed?==
  
  
Tunnel_SSH.png
+
===Bitvise configuration===
  
  
 +
* Install a RDP client or use the default one (Microsoft Windows Remote Desktop)
 +
* Install Bitvise # Tunnelier
 +
** Go to the '''S2C''' tab
 +
** '''Add''' a new entry
 +
*** LISTEN => remote server (''code.vehco.com'' in that example)
 +
**** LISTEN interface: 127.0.0.1 ​
 +
**** LISTEN port: what_you_put_earlier (ex: 60001)
 +
*** DESTINATION => local machine (RDP client)
 +
**** DESTINATION interface: localhost
 +
**** DESTINATION port: 3390
 +
** Go to the '''login''' tab
 +
*** server: code.vehco.com
 +
*** port: TCP 22
 +
*** login: ''myLogin''
 +
*** passwd: ''myPassword''
 +
** '''​Save''' your profile
 +
** ''Start'' your profile
  
Source PC (= French workstation)
 
Enable Windows RDP​
 
Install bitvise
 
Create a SSH tunnel
 
Allez dans l'onglet S2C
 
Add a new entry
 
LISTEN => remote server (code.vehco.com)
 
LISTEN interface: 127.0.0.1 ​
 
LISTEN port: what_you_want (ex: 60001)
 
DESTINATION => local machine (RDP server)
 
DESTINATION interface: localhost
 
DESTINATION port: 3389
 
​image001.png
 
​Allez dans l'onglet LOGIN
 
server: code.vehco.com
 
port: TCP 22
 
login: vadmin
 
passwd: Julgran123
 
  
​Save your profile !
+
[!] Note the local TCP '''3390''' ! Not TCP ''3389'' !!
Start it
 
  
To start bitvise automatically:
 
​Create a new entry in your Windows > Start menu > startup ​folder
 
put the following shortcut:
 
"C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup
 
  
where "portforward.tlp" = the name of your profile
+
[!] Don't forget to adjust the port number 60001
 +
 
 +
 
 +
 
 +
===RDP configuration===
 +
 
 +
 
 +
* Start Windows RDP
 +
* Connection to: '''localhost:3390'''
  
  
 
That's All !! :-)
 
That's All !! :-)
[!] You have to log-in on your PC for the SSH tunnel to work.
 
[!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore.
 
  
  
  
Target PC (= your Laptop)  # Windows
 
Install a RDP client
 
Install bitvise
 
​Go to the tab: S2C
 
Add a new entry
 
LISTEN => remote server (code.vehco.com)
 
LISTEN interface: 127.0.0.1 ​
 
LISTEN port: what_you_put_earlier (ex: 60001)
 
DESTINATION => local machine (RDP server)
 
DESTINATION interface: localhost
 
DESTINATION port: 3390
 
​image001.png
 
​Allez dans l'onglet LOGIN
 
server: code.vehco.com
 
port: TCP 22
 
login: vadmin
 
passwd: Julgran123
 
  
​Save your profile !
 
Start it !
 
  
>>> Start Windows RDP client
+
=Target PC - Linux computer=
Connection to: localhost:3390
 
  
  
That's All !! :-)
+
==Create a SSH tunnel==
[!] Don't forget to adjust the port number 60001
+
 
 +
You can use the SSH -L command. The pattern is:
 +
 
 +
SSH -L localComputer:remoteComputer
 +
 
 +
 
 +
So:
  
 +
<syntaxhighlight lang="bash">
 +
ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com
 +
</syntaxhighlight>
  
 +
[!] replace 3390 by your LOCAL port
  
 +
[!] replace 60001 by the port you previously chose.
  
Target PC (= your Laptop)  # Linux
+
[!] replace ''mylogin'' and ''code.vehco.com'' by our own server!
  
1. Create a SSH tunnel:
 
ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 vadmin@code.vehco.com
 
  
​local computer (= your laptop)
+
Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough.
remote computer (= the code.vehco.com server)
 
This will open locally the port TCP 3390 and bind it to the remote port TCP 60001.  
 
  
  
2. Then execute a RDP client and connect to localhost:3390
+
==RDP client==
  
 +
Just execute a RDP client and connect to '''localhost:3390'''
  
  
 
That's All !! :-)​
 
That's All !! :-)​
[!] Don't forget to adjust the port number 60001
 

Latest revision as of 14:37, 15 October 2014


Principle

Sometimes you cannot open the external Windows RDP port TCP 3389. It can be for a security reason or simply because you do not manage your company's firewall.


To overcome this problem you can use a SSH tunnel. That's how it look like:

Tunnel SSH.png


Requirements

  • You must be able to SSH to the middle server (code.vehco.com in the example) from both ends [source + target].
  • The source computer is a Windows workstation.
  • The target computer can be anything: iPad, Windows, Linux, Android...


Source PC

Requirements


How to proceed?

  • Enable Windows RDP​
  • Install Bitvise # Tunnelier
  • Create a SSH tunnel
    • Start Tunnelier
    • Go to the S2C tab
    • Add a new entry
      • LISTEN => remote server (code.vehco.com in that example)
        • LISTEN interface: 127.0.0.1 ​
        • LISTEN port: what_you_want (ex: 60001)
      • DESTINATION => local machine (RDP server)
        • DESTINATION interface: localhost
        • DESTINATION port: 3389
    • Go to the login tab
      • server: code.vehco.com
      • port: TCP 22
      • login: myLogin
      • passwd: myPassword
    • ​Save your profile
    • Start your profile


How to start Bitvise on boot?

To start Bitvise automatically:


  • ​Create a new entry in your Windows > Start menu > startup ​folder
  • put the following shortcut: "C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup


where portforward.tlp is the name of your profile.


Limitations


  • [!] You have to log-in on your PC for the SSH tunnel to work.
  • [!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore.



Target PC - Windows computer

Requirements


How to proceed?

Bitvise configuration

  • Install a RDP client or use the default one (Microsoft Windows Remote Desktop)
  • Install Bitvise # Tunnelier
    • Go to the S2C tab
    • Add a new entry
      • LISTEN => remote server (code.vehco.com in that example)
        • LISTEN interface: 127.0.0.1 ​
        • LISTEN port: what_you_put_earlier (ex: 60001)
      • DESTINATION => local machine (RDP client)
        • DESTINATION interface: localhost
        • DESTINATION port: 3390
    • Go to the login tab
      • server: code.vehco.com
      • port: TCP 22
      • login: myLogin
      • passwd: myPassword
    • ​Save your profile
    • Start your profile


[!] Note the local TCP 3390 ! Not TCP 3389 !!


[!] Don't forget to adjust the port number 60001


RDP configuration

  • Start Windows RDP
  • Connection to: localhost:3390


That's All !! :-)



Target PC - Linux computer

Create a SSH tunnel

You can use the SSH -L command. The pattern is:

SSH -L localComputer:remoteComputer


So:

ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com

[!] replace 3390 by your LOCAL port

[!] replace 60001 by the port you previously chose.

[!] replace mylogin and code.vehco.com by our own server!


Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough.


RDP client

Just execute a RDP client and connect to localhost:3390


That's All !! :-)​