Tunneling remote desktop (RDP) over SSH

Thursday, 07 Jun 2007 - 02:11 EST  |  Hacks, Network, Privacy, Windows

Windows remote desktop (RDP) is an extremely useful way to have access to your computer’s desktop from everywhere. Suppose you need to connect to your work computer through RDP, but your company’s IT staff configured the firewalls to block all remote connections except secure connections (e.g. SSH). This is just an example scenario where you need to tunnel remote desktop over SSH.

In this hack, we’ll show you how to tunnel remote desktop connections over SSH, and how to remotely connect any internal computer by tunneling remote desktop through the main gateway.

In our examples, we use Plink, a command-line interface to the PuTTY back ends.

Scenario 1: SSH and RDP on the same computer

This is the classic scenario where you want to tunnel remote desktop over SSH. The idea is that you connect to the SSH server on your remote Windows workstation and create a tunnel where your computer will listen on a local port and tunnel it through the SSH server, which will then connect to the local remote desktop server.

Assuming you have remote desktop enabled and SSH is running on the remote Windows workstation, run the following command:

plink.exe -ssh -2 -batch -v -L 3390:127.0.0.1:3389 -pw PASSWORD USER@REMOTE_IP

This configures a tunnel so that your computer’s port 3390 is tunneled through SSH to port 3389 on the remote Windows workstation (the RDP server). Now, you can open up Remote Desktop, and type in “localhost:3390″ when asked where to connect. You should see your home/work computer come on up, where you can login as normal.

Scenario 2: Tunneling through the main gateway

Suppose you’re running a small business (or have lots of computers at home), and remote desktop is enabled on each computer. You can’t have that many computers exposed to the Internet directly. Most likely they will connect the Internet through the main gateway.

So, how do you forward RDP through the main gateway? using double-tunnels. The idea is to tell your SSH client to map port 3390 on your computer, through the gateway server, to port 3389 on the remote workstation behind the gateway. Run the following command to establish a double-tunnel:

plink.exe -ssh -2 -batch -v -L 127.0.0.1:3390:REMOTE_WORKSTATION_IP:3389 -pw PASSWORD USER@SSH_SSHSERVER

Once logged into SSH, open up the remote desktop client, point it at “localhost:3390″, and you should see your home/work computer come on up, where you can login as normal.


Comments

There is a number of services that are able to pass firewalls and proxies. So, configuring security policy to access remote PC is not an issue, while accessing remote computers.
I prefer Techinline Remote Desktop. The pricing is fair and there are not much requirements.

By helios on Jun 7th, 2007 at 2:24 am

… or, you could just use Bitvise Tunnelier, which is a free SSH client with a graphical interface that allows you to simply click the “Remote Desktop” icon when connected, and it will be forwarded automatically. :-) In addition, you don’t even have to type in your Remote Desktop username and password if it’s the same as for the SSH connection. And it’s free for individual use!

By denis bider on Jun 8th, 2007 at 11:03 am

Post a Comment


Security-Hacks is a web site that covers tips and tricks for security. Updated several times daily, Security-Hacks points out tools downloads, how-to's and tutorials.

Contact


Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com

subscribe

Enter your Email

Search

Latest Entries

Archives

Add to Technorati Favorites

Related Entries