Difference between revisions of "Remote desktop using SSH tunneling"

 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
[[Category:Linux]]
 
[[Category:Linux]]
 
  
 
=Principle=
 
=Principle=
Line 132: Line 131:
 
=Target PC - Linux computer=
 
=Target PC - Linux computer=
  
Create a SSH tunnel:
+
 
 +
==Create a SSH tunnel==
 +
 
 +
You can use the SSH -L command. The pattern is:
 +
 
 +
SSH -L localComputer:remoteComputer
 +
 
 +
 
 +
So:
 +
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
 
ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com
 
ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
[!] replace 3390 by your LOCAL port
 +
 +
[!] replace 60001 by the port you previously chose.
  
 
[!] replace ''mylogin'' and ''code.vehco.com'' by our own server!
 
[!] replace ''mylogin'' and ''code.vehco.com'' by our own server!
  
  
 +
Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough.
  
​local computer (= your laptop)
 
remote computer (= the code.vehco.com server)
 
This will open locally the port TCP 3390 and bind it to the remote port TCP 60001.
 
  
 +
==RDP client==
  
2. Then execute a RDP client and connect to localhost:3390  
+
Just execute a RDP client and connect to '''localhost:3390'''
 
 
  
  
 
That's All !! :-)​
 
That's All !! :-)​
[!] Don't forget to adjust the port number 60001
 

Latest revision as of 14:37, 15 October 2014


Principle

Sometimes you cannot open the external Windows RDP port TCP 3389. It can be for a security reason or simply because you do not manage your company's firewall.


To overcome this problem you can use a SSH tunnel. That's how it look like:

Tunnel SSH.png


Requirements

  • You must be able to SSH to the middle server (code.vehco.com in the example) from both ends [source + target].
  • The source computer is a Windows workstation.
  • The target computer can be anything: iPad, Windows, Linux, Android...


Source PC

Requirements


How to proceed?

  • Enable Windows RDP​
  • Install Bitvise # Tunnelier
  • Create a SSH tunnel
    • Start Tunnelier
    • Go to the S2C tab
    • Add a new entry
      • LISTEN => remote server (code.vehco.com in that example)
        • LISTEN interface: 127.0.0.1 ​
        • LISTEN port: what_you_want (ex: 60001)
      • DESTINATION => local machine (RDP server)
        • DESTINATION interface: localhost
        • DESTINATION port: 3389
    • Go to the login tab
      • server: code.vehco.com
      • port: TCP 22
      • login: myLogin
      • passwd: myPassword
    • ​Save your profile
    • Start your profile


How to start Bitvise on boot?

To start Bitvise automatically:


  • ​Create a new entry in your Windows > Start menu > startup ​folder
  • put the following shortcut: "C:\Program Files (x86)\Bitvise SSH Client\BvSsh.exe" -profile="portforward.tlp" –loginOnStartup


where portforward.tlp is the name of your profile.


Limitations


  • [!] You have to log-in on your PC for the SSH tunnel to work.
  • [!] You should disable screensavers | energy savers otherwise your PC will NOT be available anymore.



Target PC - Windows computer

Requirements


How to proceed?

Bitvise configuration

  • Install a RDP client or use the default one (Microsoft Windows Remote Desktop)
  • Install Bitvise # Tunnelier
    • Go to the S2C tab
    • Add a new entry
      • LISTEN => remote server (code.vehco.com in that example)
        • LISTEN interface: 127.0.0.1 ​
        • LISTEN port: what_you_put_earlier (ex: 60001)
      • DESTINATION => local machine (RDP client)
        • DESTINATION interface: localhost
        • DESTINATION port: 3390
    • Go to the login tab
      • server: code.vehco.com
      • port: TCP 22
      • login: myLogin
      • passwd: myPassword
    • ​Save your profile
    • Start your profile


[!] Note the local TCP 3390 ! Not TCP 3389 !!


[!] Don't forget to adjust the port number 60001


RDP configuration

  • Start Windows RDP
  • Connection to: localhost:3390


That's All !! :-)



Target PC - Linux computer

Create a SSH tunnel

You can use the SSH -L command. The pattern is:

SSH -L localComputer:remoteComputer


So:

ssh -v -N -L 127.0.0.1:3390:127.0.0.1:60001 myLogin@code.vehco.com

[!] replace 3390 by your LOCAL port

[!] replace 60001 by the port you previously chose.

[!] replace mylogin and code.vehco.com by our own server!


Since you're already log-on to the remote server through SSH you don't need to put "code.vehco.com" again ; 'localhost' is enough.


RDP client

Just execute a RDP client and connect to localhost:3390


That's All !! :-)​