Extra Secure Remote Desktop

I have been using Microsoft's Remote Desktop for a few years now (pretty much since I switched to XP). It's decent, and I like that it retains sessions unlike TightVNC, which is what I had used before. By using a SSH tunnel, I feel confident that my connection is secure and I am willing to visit my banks, etc. using my desktop machine via my laptop on a wireless network. Here's what I did:

On the server (in this case my desktop):

  • Installed the Cygwin build of SSHD as a service
    • Many guides are available, just search with Google above keywords like "cygwin sshd". But in a nutshell:
      • Install cygwin (duh) - include openssh (under Net) and cygrunsrv (under Admin)
      • Set up sshd: "ssh-host-config -y"
      • Start it as a service: "cygrunsrv -S sshd"
  • Allow Remote Desktop usage:
    • Right click on "My Computer" and choose "Properties"
    • Go to the "Remote" tab
    • Make sure that "Allow users to connect remotely to this computer." is checked

On the client (in this case my laptop):

  • You need a way to setup an ssh tunnel. You can use Cygwin's ssh, PuTTY, or my favorite MyEnTunnel. I previously selected MyEnTunnel for some work-related stuff, so I was able to simply add a "Profile".
  • The key is that you want a tunnel from your machine's 3390 to the remote (server) machine's port 3389 (or any other port on your local machine of your choosing). With MyEnTunnel, it is this simple:
    • Profile Page 1 Profile Page 2
  • Once MyEnTunnel has established a connection (a green padlock), you can connect.
  • Start -> Run -> "mstsc"
    • MSTSC setup
  • As you can see, mstsc has no idea what machine you are connecting to. As far as it knows, you connect to localhost which is your machine, which MyEnTunnel then encrypts (using PuTTY's plink) and sends to the remote machine's sshd daemon which forwards it to Windows XP listening for the Remote Desktop connection.
    • (Client:Outgoing port) -> (Client:3390) -> (Client:22) -> [encrypted link] -> (Server:22) -> (Server:3389)

Attachments (3)

Download all attachments as: .zip

Comments

No comments.