Thread: connection forwarding

Question: lets say I want to remote desktop to my machine over the internet, but I dont' want to do port forwarding. What's the easiest way to add authentication to the remote desktop, i.e. require ssh-like authentication for connections. Would it be possible to authenticate on a linux computer, and then have it pass the connection on?

well, to be more exact, I have a home network with computers X and Y connected to the internet, one has linux, and the other server 2003. I want to connect to the windows box through the internet using rdp. Would SSH tunneling allow me to connect through the internet, authenticate to the ssh server, and then forward the connection on to the windows box?

If it is an SSH VPN that you are talking about then yes.

n00bius,

You know what *I* would do? I'd mount the whole 2003 Server via Samba onto my *nix box in, say, "/mnt/2003Srvr" or wherever. I haven't done this in a while, and there will be permissions and what not you'll have to set up, but I know that I used to be able to control my home XP box through my home Slack box remotely this way...

I dunno - just came to mind - maybe that's a way to go...

-Wiski

EDIT: Of course, this won't be RDP... but it's an easy way to SSH into your Windows box - sorta... I'm not sure what you're trying to accomplish - just thought I'd make a point... just things I think about ya know...

EDIT: And also - why wouldn't you want to port forward? I mean, I never used RDP much (I'm partial to RealVNC - same concept, is it not? I'll research...) - but, is there not half-ass secure way of logging into a box running the RDP server? I mean... I dunno... I'm rambling... More information please...

VPN would be your answer.

If you port forward 3389 this allows you to connect to your PC via RDP but in most cases you will be forwarding the port to a specific IP. This allows <b>anyone</b> to access that private IP and logon to the computer if they know the username and password.

If you setup a VPN (correctly) you will require a username and password for the VPN connection which will make you part of the internal network. From there you can RDP to any IP on that network and then enter the username and password for that machine.

I can elaborate more but am rushed at the moment let me know if you want more info.

[edit] In regards to your Linux Auth and pass on; Yes this is also possible but you will need to allow access to the linux box through the firewall anyway and so the machine you want to RDP to will need to be physically behind the Linux box in all connections. (Not just connected into the network via a switch, otherwise it becomes a security issue)

The easiest way is to get yourself a good hardware firewall w/ VPN.... Cyberguard Snapgear 300 will do the trick nicely - but there are others
[/edit]

CTO

I'd also go the VPN route. You can setup a VPN on either of your boxes.

The 2003 server is easy enough to setup a VPN.
http://technet.microsoft.com/en-us/l.../bb727041.aspx

For linux, there are many implementations.
http://openvpn.net/

Once you have a VPN, you'll be able to access your internal home network's resources with ease. If you're reluctant to setup one of your internal hosts as the VPN server, then find some old hardware and use ipcop or something similar. http://ipcop.org/

ok, that'll work, thanks for the help, i think i'm going to check out SSH tunneling, If I can put it together, like the other question I asked a while, back it'll be pretty good security (RSA key, plus two username/password pairs).

The way I do it is to ssh to my homenetwork like so..

ssh -L 8933:mywindows:3389 [email protected]

Then I use RDP to connect to localhost:8933 and ssh will tunnel it to mywindows.