|
Home |
|
|
Profile |
|
|
Packages |
|
|
Portfolio |
|
|
Web Help |
|
|
PC Help |
|
|
Calgary |
|
|
Biography |
|
|
Comedy |
|
|
Games |
|
|
|
Remote Desktop
Secure remote access of a private network using copSSH, PuTTY and Remote
Desktop
http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html
Secure Shell (SSH)
Secure Shell (SSH) from Wikipedia states Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.[1] Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception.[2] The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.
Remote Desktop
(from the online version -
Windows XP Professional Resource Kit)
Remote Desktop provides access and control functionality from a remote location to a computer running the Microsoft® Windows® XP Professional operating system, giving you the flexibility to work on your Windows XP Professional–based computer from anywhere, anytime.
The Example Network
Click on the image for a larger view
How-To and other information
Secure Shell (SSH)
-
Install copSSH server software
-
SSH Port forwarding through a firewall or router
Remote Desktop
-
Configure Remote Desktop on the Windows XP Pro host PC
PuTTY and Remote Desktop
-
Addressing the SSH server
-
Connect to the remote PC using Remote Desktop and SSH
-
Remote Desktop Tip: Disable the host desktop wallpaper to speed up the connection
Securing the copSSH Server
Install the copSSH server
The example installation is from an
installation on a Windows XP Professional desktop PC
-
Login as an Administrator or as a user with Administrator privileges then download the free copSSH server software to a temporary folder on the host PC.
-
Navigate to the temporary folder and double-click on the copSSH server install package. Install as directed including activating users. Note that in order to log onto the copSSH server PC as a SSH user the account must be local to the copSSH server PC and be activated.
Port forwarding for SSH
Port forwarding of TCP Port 22 through any firewall/NAT/router is required if the user needs to access the SSH server from a remote location. The following example is from a Buffalo WBR-G54 4-Port Broadband Router/Wireless Access Point. The screen shot is current with the Buffalo v2.20 firmware release.
Click on the image for a larger view
Port forwarding instructions for other routers may be found on the router manufacturers support web pages, in the router Users Guides or on the PortForward.com web site.
NOTE - For Windows XP SP2 Windows Firewall users: If the Windows XP SP2 Windows Firewall is used on a PC connected directly to the public internet, the firewall can be configured to allow SSH by adding a new port description in the Exceptions tab.
The Open Port Check tool
The CanYouSeeMe.org site Open Port Check tool can quickly tell you if port forwarding through local firewall/NAT/router devices is proper configured and working correctly. You can use this site to help troubleshoot SSH firewall/connectivity issues. Note that you should run this test from the SSH server PC.
Configure the Windows XP Professional Remote Desktop host PC
See this Windows XP Professional Resource Kit Enabling Remote Desktop section.
Configure Remote Desktop Users
See the Enabling Users to Connect to the Computer running Windows XP Professional section from the Windows XP Professional Resource Kit. Remote Desktop users should use a strong password as an added security practice.
Remote SSH server addressing
Calling the SSH server PC from a remote location is accomplished using the public IP address, as assigned by the ISP, or fully qualified domain name of the PC or router/NAT/firewall. To find the public IP open Internet Explorer on the PC at the remote location and go to sites like http://checkip.dyndns.org/ or http://www.whatismyip.com/ and note the reported IP address. If the firewall/NAT/router is configured correctly, the call will be successfully passed to the appropriate PC.
If the ISP assigns a dynamic IP then another solution is to setup an account with one of the dynamic naming services that map a fully qualified domain name to the IP. In my case I use a FREE service from No-IP.com. The No-IP.com software runs on a XP Pro box and on a time schedule basis contacts the No-IP.com servers. The No-IP.com servers then know what the public IP is and maps that to a fully qualified domain name. That information is then propagated over the public internet. You then call the SSH server PC using the fully qualified domain name.
Install and configure PuTTY on the
remote Client PC
The example installation is from an
installation on a Windows XP Professional desktop PC client
Download the PuTTY software file and save to a folder on the client PC. I recommend creating a C:\Program Files\PuTTY folder and saving the downloaded file there.
Navigate to the folder and double-click on the PuTTY.exe file. Click on the Window and Appearance tabs and configure as needed.
To configure port forwarding for the example network click on Tunnels and for Remote Desktop enter a Source port of 3390. Enter a Destination IP or name and port number of 3389 using a colon separator character. An example is for a Remote Desktop session to the PC Ashtabula. Tap the Add button. Repeat for additional Remote Desktop host PCs. Use a different Source port for each additional Remote Desktop host PC.
Click on SSH and configure to Enable compression and use SSH 2 only. Click on Session and enter the public IP address or a fully qualified domain name of the SSH server PC. Enter a unique name in the Saved Sessions window and click on Save. Click on Open and login to the SSH server with the appropriate user and password information.
SSH Tunneling the Remote Desktop session
Establishing a Remote Desktop connection to more than one XP Pro PC through the SSH tunnel is easily accomplished once PuTTY is started and the user has successfully logged onto to the SSH server. On the remote client PC go to Start | All Programs | Accessories | Communications and tap on Remote Desktop Connection. For example use an address of localhost:3390 to connect to Ashtabula and an address of localhost:3391 to connect to Norman...
Various options can be modified by clicking the Options>> button. To initiate the Remote Desktop connection click on the Connect button.
Problems connecting using the
localhost address
(from the online version -
Microsoft KB Article 884020)
On a computer that is running Microsoft Windows XP with Service Pack 2 (SP2), programs that connect to IP addresses that are in the loopback address range may not work as you expect. For example, you may receive an error message that says that you cannot establish a connection. Windows XP SP2 users can download a patch from Microsoft that corrects this.
Disable the remote host desktop wallpaper
Users can speed up the rendering of the remote PC desktop display, particularly over slow data links, by disabling the display of the remote PC desktop wallpaper on the client PC's. This can be configured on the Remote Desktop host PC using the Group Policy Editor. Run gpedit.msc and navigate to the Local Computer Policy | Computer Configuration | Administrative Templates | Windows Components | Terminal Services policies. Double click on the Enforce Removal of Remote Desktop Wallpaper policy and select Enable. Click OK to save the new configuration. Click on File | Exit to exit the Group Policy Editor.
Secure Shell (SSH) resources
copSSH - a free SSH server for the Windows operating system
PuTTY - a free SSH and Telnet client for the Windows operating system
WinSCP - a free SFTP client for the Windows operating system
Tunnelier a free SSH/SFTP client that launches a tunneled Remote Desktop session automatically
Windows XP Remote Desktop Resources
Remote Desktop troubleshooting help
Miscellaneous
Windows XP SP2 loopback patch
Broadband Reports Windows Based Remote Connections FAQ