{"id":740,"date":"2009-07-05T14:26:17","date_gmt":"2009-07-05T22:26:17","guid":{"rendered":"http:\/\/www.curlybrace.com\/words\/?p=740"},"modified":"2010-02-09T08:05:52","modified_gmt":"2010-02-09T16:05:52","slug":"ssh-port-forwarding-windows-rdc","status":"publish","type":"post","link":"https:\/\/www.curlybrace.com\/words\/2009\/07\/ssh-port-forwarding-windows-rdc\/","title":{"rendered":"SSH Tunneling Windows RDC"},"content":{"rendered":"<p>This article explains how to securely port-forward Windows Remote Desktop (Terminal Services) over SSH, using standard SSH command line syntax.  If you prefer to use GUI SSH tools, such as PuTTY, <a href=\"http:\/\/theillustratednetwork.mvps.org\/Ssh\/RemoteDesktopSSH.html\">there are other guides for that<\/a>.<\/p>\n<h4>Terminology Notes<\/h4>\n<p>My terminology assumes that you are connecting to a machine on your home network, which is protected by a firewall.  However, the diagrams and commands are valid regardless of whether the remote network is at home or not.<\/p>\n<p>Additionally, I use <tt><i>RDCHOST<\/i><\/tt> to represent the local name or IP of your RDC server <b>within the home network<\/b>, and <tt><i>my_home_ip<\/i><\/tt> to represent your home IP address as visible from the Internet.<\/p>\n<h3>Prerequisites<\/h3>\n<ul>\n<li \/>Depending on network configuration, port-forwarding may have to be configured on the firewall.\n<li \/>An SSH client (e.g. <a href=\"http:\/\/www.cygwin.com\/\">Cygwin&#8217;s OpenSSH<\/a> for Windows) must be installed on the local machine.\n<li \/>An SSH server (e.g. <a href=\"http:\/\/www.cygwin.com\/\">Cygwin&#8217;s OpenSSHD<\/a> for Windows) must be present on some machine within the home network.\n<li \/>SSH keys must be generated and deployed appropriately.\n<\/ul>\n<h3>SSH Command Syntax<\/h3>\n<blockquote><p><tt>ssh -C -N -L <i>localPort<\/i>:<i>destinationHost<\/i>:3389 <i>proxyHost<\/i><\/tt><\/p>\n<p \/>\n<ul>\n<li \/><i>localPort<\/i> is the port on localhost through which you wish to connect.\n<li \/><i>destinationHost<\/i> is the Remote Desktop host, <b>as it appears on the home network<\/b>.\n<li \/><i>proxyHost<\/i> is the host running SSHD, through which you will tunnel.\n<\/ul>\n<\/blockquote>\n<h3>Configuration 1:  Discrete Servers<\/h3>\n<p>This configuration has the firewall port-forward SSH to a server on the home network, which proxies the connection to the RDC server:<\/p>\n<blockquote>\n<pre>                       +-----------[ Home Network ]---------------+\r\n                       |                                          |\r\nlocalhost <----> Home Firewall <---> SSH Server <---> RDC Server  |\r\n                       |                                          |\r\n                       +------------------------------------------+<\/pre>\n<\/blockquote>\n<p>Command line:<\/p>\n<blockquote><p><tt>ssh -C -N -L 6009:<i>RDCHOST<\/i>:3389 <i>my_home_ip<\/i><\/tt><\/p><\/blockquote>\n<h3>Configuration 2:  Combined RDC &#038; SSH Servers<\/h3>\n<p>In this configuration, the RDC server also has an SSH server, and the firewall port-forwards directly to it:<\/p>\n<blockquote>\n<pre>                       +------[ Home Network ]-----+\r\n                       |                           |\r\nlocalhost <----> Home Firewall <-----> RDC & SSH   |\r\n                       |                Server     |\r\n                       +---------------------------+<\/pre>\n<\/blockquote>\n<p>Command line:<\/p>\n<blockquote><p><tt>ssh -C -N -L 6009:localhost:3389 <i>my_home_ip<\/i><\/tt><\/p><\/blockquote>\n<h3>Configuration 3:  Firewall as SSH Server<\/h3>\n<p>In this configuration, the firewall acts as the SSH server, proxying the connection directly to the RDC server on the home network:<\/p>\n<blockquote>\n<pre>                       +----[ Home Network ]----+\r\n                       |                        |\r\nlocalhost <----> Home Firewall <---> RDC Server |\r\n                  & SSH Server                  |\r\n                       |                        |\r\n                       +------------------------+\r\n<\/pre>\n<\/blockquote>\n<p>Command line:<\/p>\n<blockquote><p><tt>ssh -C -N -L 6009:<i>RDCHOST<\/i>:3389 <i>my_home_ip<\/i><\/tt><\/p><\/blockquote>\n<h3>Additional Suggestions<\/h3>\n<p>Rather than specifying the IP address of your home firewall, I suggest using <a href=\"http:\/\/www.dyndns.com\/\">DynDNS<\/a> to get a dynamic DNS entry.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article explains how to securely port-forward Windows Remote Desktop (Terminal Services) over SSH, using standard SSH command line syntax. If you prefer to use GUI SSH tools, such as PuTTY, there are other guides for that. Terminology Notes My &hellip; <a href=\"https:\/\/www.curlybrace.com\/words\/2009\/07\/ssh-port-forwarding-windows-rdc\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[200,193,15,283],"tags":[],"class_list":["post-740","post","type-post","status-publish","format-standard","hentry","category-linux","category-scripting","category-technology","category-windows-technology"],"_links":{"self":[{"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/posts\/740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/comments?post=740"}],"version-history":[{"count":32,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/posts\/740\/revisions"}],"predecessor-version":[{"id":917,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/posts\/740\/revisions\/917"}],"wp:attachment":[{"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/media?parent=740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/categories?post=740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.curlybrace.com\/words\/wp-json\/wp\/v2\/tags?post=740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}