Difference between revisions of "Remote desktop using SSH tunneling"
(Created page with "Category:Linux =Principle= Sometimes you cannot open the external Windows RDP port TCP 3389. It can be for a security reason or simply because you do not manage your co...") |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Linux]] | [[Category:Linux]] | ||
− | |||
=Principle= | =Principle= | ||
Line 9: | Line 8: | ||
To overcome this problem you can use a SSH tunnel. That's how it look like: | To overcome this problem you can use a SSH tunnel. That's how it look like: | ||
+ | [[File:Tunnel SSH.png|950px]] | ||
+ | |||
+ | |||
+ | =Requirements= | ||
+ | |||
+ | * You must be able to SSH to the middle server (''code.vehco.com'' in the example) from both ends [source + target]. | ||
+ | * The '''source''' computer is a Windows workstation. | ||
+ | * The '''target''' computer can be anything: iPad, Windows, Linux, Android... | ||
+ | |||
+ | |||
+ | |||
+ | =Source PC= | ||
+ | |||
+ | ==Requirements== | ||
+ | |||
+ | |||
+ | * Windows computer with RDP enable | ||
+ | * Bitvise # Tunnelier -> http://www.bitvise.com/download-area | ||
+ | |||
+ | |||
+ | ==How to proceed?== | ||
+ | |||
+ | |||
+ | * Enable Windows RDP | ||
+ | * Install Bitvise # Tunnelier | ||
+ | * Create a SSH tunnel | ||
+ | ** Start Tunnelier | ||
+ | ** Go to the '''S2C''' tab | ||
+ | ** '''Add''' a new entry | ||
+ | *** LISTEN => remote server (''code.vehco.com'' in that example) | ||
+ | **** LISTEN interface: 127.0.0.1 | ||
+ | **** LISTEN port: what_you_want (ex: 60001) | ||
+ | *** DESTINATION => local machine (RDP server) | ||
+ | **** DESTINATION interface: localhost | ||
+ | **** DESTINATION port: 3389 | ||
+ | ** Go to the '''login''' tab | ||
+ | *** server: code.vehco.com | ||
+ | *** port: TCP 22 | ||
+ | *** login: ''myLogin'' | ||
+ | *** passwd: ''myPassword'' | ||
+ | ** '''Save''' your profile | ||
+ | ** ''Start'' your profile | ||
+ | |||
+ | |||
+ | |||
+ | ==How to start Bitvise on boot?== | ||
+ | |||
+ | To start Bitvise automatically: | ||
+ | |||
+ | |||
+ | * Create a new entry in your Windows > Start menu > startup folder | ||
+ | * put the following shortcut: "C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup | ||
+ | |||
+ | |||
+ | where ''portforward.tlp'' is the name of your profile. | ||
+ | |||
+ | |||
+ | |||
+ | '''Limitations''' | ||
+ | |||
+ | |||
+ | * [!] You have to log-in on your PC for the SSH tunnel to work. | ||
+ | * [!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | =Target PC - Windows computer= | ||
+ | |||
+ | |||
+ | ==Requirements== | ||
+ | * Bitvise # Tunnelier -> http://www.bitvise.com/download-area | ||
− | + | ==How to proceed?== | |
− | + | ===Bitvise configuration=== | |
+ | * Install a RDP client or use the default one (Microsoft Windows Remote Desktop) | ||
+ | * Install Bitvise # Tunnelier | ||
+ | ** Go to the '''S2C''' tab | ||
+ | ** '''Add''' a new entry | ||
+ | *** LISTEN => remote server (''code.vehco.com'' in that example) | ||
+ | **** LISTEN interface: 127.0.0.1 | ||
+ | **** LISTEN port: what_you_put_earlier (ex: 60001) | ||
+ | *** DESTINATION => local machine (RDP client) | ||
+ | **** DESTINATION interface: localhost | ||
+ | **** DESTINATION port: 3390 | ||
+ | ** Go to the '''login''' tab | ||
+ | *** server: code.vehco.com | ||
+ | *** port: TCP 22 | ||
+ | *** login: ''myLogin'' | ||
+ | *** passwd: ''myPassword'' | ||
+ | ** '''Save''' your profile | ||
+ | ** ''Start'' your profile | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [!] Note the local TCP '''3390''' ! Not TCP ''3389'' !! | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [!] Don't forget to adjust the port number 60001 | |
+ | |||
+ | |||
+ | |||
+ | ===RDP configuration=== | ||
+ | |||
+ | |||
+ | * Start Windows RDP | ||
+ | * Connection to: '''localhost:3390''' | ||
That's All !! :-) | That's All !! :-) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | =Target PC - Linux computer= | |
− | |||
− | + | ==Create a SSH tunnel== | |
− | + | ||
+ | You can use the SSH -L command. The pattern is: | ||
+ | |||
+ | SSH -L localComputer:remoteComputer | ||
+ | |||
+ | |||
+ | So: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com | ||
+ | </syntaxhighlight> | ||
+ | [!] replace 3390 by your LOCAL port | ||
+ | [!] replace 60001 by the port you previously chose. | ||
− | + | [!] replace ''mylogin'' and ''code.vehco.com'' by our own server! | |
− | |||
− | |||
− | + | Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough. | |
− | remote | ||
− | |||
− | + | ==RDP client== | |
+ | Just execute a RDP client and connect to '''localhost:3390''' | ||
That's All !! :-) | That's All !! :-) | ||
− |
Latest revision as of 14:37, 15 October 2014
Contents
Principle
Sometimes you cannot open the external Windows RDP port TCP 3389. It can be for a security reason or simply because you do not manage your company's firewall.
To overcome this problem you can use a SSH tunnel. That's how it look like:
Requirements
- You must be able to SSH to the middle server (code.vehco.com in the example) from both ends [source + target].
- The source computer is a Windows workstation.
- The target computer can be anything: iPad, Windows, Linux, Android...
Source PC
Requirements
- Windows computer with RDP enable
- Bitvise # Tunnelier -> http://www.bitvise.com/download-area
How to proceed?
- Enable Windows RDP
- Install Bitvise # Tunnelier
- Create a SSH tunnel
- Start Tunnelier
- Go to the S2C tab
- Add a new entry
- LISTEN => remote server (code.vehco.com in that example)
- LISTEN interface: 127.0.0.1
- LISTEN port: what_you_want (ex: 60001)
- DESTINATION => local machine (RDP server)
- DESTINATION interface: localhost
- DESTINATION port: 3389
- LISTEN => remote server (code.vehco.com in that example)
- Go to the login tab
- server: code.vehco.com
- port: TCP 22
- login: myLogin
- passwd: myPassword
- Save your profile
- Start your profile
How to start Bitvise on boot?
To start Bitvise automatically:
- Create a new entry in your Windows > Start menu > startup folder
- put the following shortcut: "C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup
where portforward.tlp is the name of your profile.
Limitations
- [!] You have to log-in on your PC for the SSH tunnel to work.
- [!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore.
Target PC - Windows computer
Requirements
- Bitvise # Tunnelier -> http://www.bitvise.com/download-area
How to proceed?
Bitvise configuration
- Install a RDP client or use the default one (Microsoft Windows Remote Desktop)
- Install Bitvise # Tunnelier
- Go to the S2C tab
- Add a new entry
- LISTEN => remote server (code.vehco.com in that example)
- LISTEN interface: 127.0.0.1
- LISTEN port: what_you_put_earlier (ex: 60001)
- DESTINATION => local machine (RDP client)
- DESTINATION interface: localhost
- DESTINATION port: 3390
- LISTEN => remote server (code.vehco.com in that example)
- Go to the login tab
- server: code.vehco.com
- port: TCP 22
- login: myLogin
- passwd: myPassword
- Save your profile
- Start your profile
[!] Note the local TCP 3390 ! Not TCP 3389 !!
[!] Don't forget to adjust the port number 60001
RDP configuration
- Start Windows RDP
- Connection to: localhost:3390
That's All !! :-)
Target PC - Linux computer
Create a SSH tunnel
You can use the SSH -L command. The pattern is:
SSH -L localComputer:remoteComputer
So:
ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com
[!] replace 3390 by your LOCAL port
[!] replace 60001 by the port you previously chose.
[!] replace mylogin and code.vehco.com by our own server!
Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough.
RDP client
Just execute a RDP client and connect to localhost:3390
That's All !! :-)