I thought I would throw this out there for those looking for a secure way to use RDP over SSH. Here is some background on why I am using SSH with RDP. I work for a security company and we only have a limited # of ports open to the internet, port 22 being one of them. Many times my wife might have an issue with her computer and instead of her calling me and me telling her how to fix it, I just use RDP to get to my home network. I initiate an SSH session out of our network over Port 22, and tunnel 3389 within the SSH session.
Unfortunately I am also running XP here at work and when you try to call 127.0.0.1 it tries to connect locally instead of going out the SSH tunnel. So I just use 3390 for my local port but map it to 3389 at home. This will make more sense on why I have steps 4, 7 and 10.
Please let me know if you have any problems with the below process and I will try to clarify/fix if needed.
*********************************************************************************
XP Pro (Win2k Server with Terminal Services) with Remote Desktop
*********************************************************************************
1. Go to http://sshwindows.sourceforge.net/ (Package - http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=116570) and download OpenSSH for Windows. Install package. Once installed, there is a READ ME/QuickStart that shows you how to create a local group and register your local windows user.
2. Go to your home router and forward port 22 to your XP Pro system.
3. Enable Remote Desktop (My Computer - Properties - Remote) on the XP system.
Following Steps to be done on your work system.
4. On your XP work system, create the directory 'C:\RDP' and copy the following files to this directory.
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\mstscax.dll
5. Go to C:\RDP and right click on mstsc.exe and select Properties. Change the Compatibility mode to Windows 98/Windows ME and then Click OK.
6. Go to http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/SSH/ and download the SSHSecureShellClient-3.2.9.exe program. Install it on your work system.
7 . Launch SSH Secure Shell and go to Edit - Settings - Tunneling. Add an Outgoing tunnel with the following:
Display Name: RDP
Type: TCP
Listen port: 3390 with "Allow Local Connections Only" checked
Destination Host: the NetBIOS name or IP address of your XP Pro system
Destination Port: 3389
8 . Click OK to close the Settings box.
9 . Use quick connect and use the following:
Host Name:
User Name: the windows user that you use to log into your XP Pro system
Port: 22
You need the IP address of your router's public ip address. I use www.dyndns.org configured on my router. So then I can just use myname.gotdns.com. If your router doesn't support one of the dynamic DNS providers, the software client will work as well.
When connecting accept the host key and then use your XP Pro system's password when prompted.
10. Once SSH has connected, launch Remote desktop from C:\RDP\mstsc.exe and use the following:
Computer: 127.0.0.1:3390
Also, go to the Options tab -> Experience and selelct Broadband for connection speed.
Unfortunately I am also running XP here at work and when you try to call 127.0.0.1 it tries to connect locally instead of going out the SSH tunnel. So I just use 3390 for my local port but map it to 3389 at home. This will make more sense on why I have steps 4, 7 and 10.
Please let me know if you have any problems with the below process and I will try to clarify/fix if needed.
*********************************************************************************
XP Pro (Win2k Server with Terminal Services) with Remote Desktop
*********************************************************************************
1. Go to http://sshwindows.sourceforge.net/ (Package - http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=116570) and download OpenSSH for Windows. Install package. Once installed, there is a READ ME/QuickStart that shows you how to create a local group and register your local windows user.
2. Go to your home router and forward port 22 to your XP Pro system.
3. Enable Remote Desktop (My Computer - Properties - Remote) on the XP system.
Following Steps to be done on your work system.
4. On your XP work system, create the directory 'C:\RDP' and copy the following files to this directory.
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\mstscax.dll
5. Go to C:\RDP and right click on mstsc.exe and select Properties. Change the Compatibility mode to Windows 98/Windows ME and then Click OK.
6. Go to http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/SSH/ and download the SSHSecureShellClient-3.2.9.exe program. Install it on your work system.
7 . Launch SSH Secure Shell and go to Edit - Settings - Tunneling. Add an Outgoing tunnel with the following:
Display Name: RDP
Type: TCP
Listen port: 3390 with "Allow Local Connections Only" checked
Destination Host: the NetBIOS name or IP address of your XP Pro system
Destination Port: 3389
8 . Click OK to close the Settings box.
9 . Use quick connect and use the following:
Host Name:
User Name: the windows user that you use to log into your XP Pro system
Port: 22
You need the IP address of your router's public ip address. I use www.dyndns.org configured on my router. So then I can just use myname.gotdns.com. If your router doesn't support one of the dynamic DNS providers, the software client will work as well.
When connecting accept the host key and then use your XP Pro system's password when prompted.
10. Once SSH has connected, launch Remote desktop from C:\RDP\mstsc.exe and use the following:
Computer: 127.0.0.1:3390
Also, go to the Options tab -> Experience and selelct Broadband for connection speed.