Who needs GoToMyPC ;-)

GoToMyPC lets you access your PC desktop remotely from a web browser, for a fee, of course.

I think here's the next best thing: SSH + Windows XP Remote Desktop Connection. You use your SSH client connection to create a secure tunnel to your Remote Desktop PC. Granted, it's not the same as accessing your desktop through a browser, but...

If you're using Windows XP at home and you have an SSH server running on your home network, chances are you already know how to do this. Go and read more Dilbert--the rest of this article may not apply to you.

If you don't have an SSH server, and want to, install RedHat Fedora.

By default Remote Desktop Sharing is disabled on XP. You'll need to turn it on via the My Computer properties dialog.



In order to set up your tunnel, first, you'll need to download PuTTY, a very well-known SSH client created by Simon Tatham. If you're not familiar with this tool, here's the User Guide.

To create an SSH tunnel through PuTTY is quite simple. From the Tunnels Panel for your connection, add the following mapping:

  • Source Port: 127.0.0.2:3389
  • Destination: <Your RDP computer's IP address>:3389
    e.g. 192.168.2.100:3389
  • Type: Remote


Now, after you've established the SSH session with your server, you should be able to start up your Remote Desktop Connection client and connect to your remote desktop by entering the 127.0.0.2[:3389] in the Destination field (the part in the square brackets are optional). The Remote Desktop Connection client is found on your Start>Program>Accessories>Communications menu, if installed. If you don't have it installed already, you can download it here

For convenience, I usually put a shortcut on my Desktop, pointing to <Path_To_PuTTY_Program_Folder>\plink.exe -load <My SSH Tunnel Session Name> -l <login name>. This allows me to establish the tunnel with one single click. All I need to do after that would be to type in my password, when prompted.
PuTTY configuration screen

PuTTY Tunnel configuration screen

So why 127.0.0.2 instead of localchost [127.0.0.1]? Well, if you're using Windows XP on your local PC and you try to connect your Remote Desktop Client to localhost, you'd get a message by the application saying "I can't connect to myself" (I'm paraphrasing). The 127.0.0.2 IP address tricks the app into thinking that it's actually connecting to a remote computer instead of localhost.

Some of you nerds out there might wonder: why hassle with the SSH tunnel? Why not just connect to RDP directly? Well, I'm of a suspicious mind, and for some strange reason, I feel a little more secure when connecting through a 1024-bit DSA encrypted channel.

You can probably see that SSH tunnelling approach is not only limited to RDP, but can be used to create a secure tunnel into virtually any TCP service on the remote network: NetMeeting, VNC, Exchange Server.

I now have my mind set on my next toy: a wifi PDA running Windows Mobile. This way I can access my office desktop PC everywhere I go.

4 comments:

Anonymous said...

As a side note, if you ever run into issues with the ports you need being blocked, you can typically tunnel your connection over port 53. I haven't run into a network that blocks 53, since it's used for DNS.

-Jen

Thanh Hai Tran said...

Jen,
Great tip. I've never actually tried that--will try it sometime.

Kenny said...

GoToMyPC provides good services...

th2tran said...

Apparently, L127.254.254.254:3389=remotehostname:3389
also works.
Thanks to itauthor.com.