Walker News

Setup Remote Desktop Port Forwarding In Windows Vista

SSH Tunnel is possible to encrypt most insecure TCP connections with the SSH port forwarding technique.

Other than security feature of SSH Tunnel, network administrators can also simplify firewall rules configuration by opening only port 22 (legacy TCP port of SSH protocol) to the public networks.

With the only TCP port 22 opened, the general public can utilize SSH port forwarding technique to remote access the servers in data centre (internal network) via Windows Remote Desktop protocol (RDP or port 3389), VNC protocol (RFB or Remote Frame Buffer protocol), Telnet protocol (port 23), FTP protocol (port 20 & port 21), etc.

How to setup Remote Desktop Connection with SSH port forwarding in Windows Vista Ultimate via Putty SSH client?

As the office Checkpoint Firewall only allows SSH traffic, I’ve to use SSH port forwarding technique to remote access Windows Server 2003 Standard Edition in data centre from my home Desktop that running on Windows Vista Ultimate

Open Putty Configuration dialog box, click the Session menu on the Category pane, specify the remote SSH server hostname / IP address, the SSH port number, and the SSH protocol.

Configure Remote Desktop port forwarding in Windows Vista using Putty SSH client.
In this example, only the RedhatSSH server is accessible from Internet via SSH protocol

Click the Tunnels menu in the Category tree, specify a free TCP port in the local system (the Vista Ultimate home Desktop), the Remote Desktop service host (the Windows Server 2003 in data centre) and the Remote Desktop service listening port (default to TCP port 3389) for the SSH Local Port Forwarding setting. Click the Add button to add them to the Forwarded Ports text-box.

To find out an unused (free) TCP port in Windows Vista, randomly select a port number (say 9999) and type netstat -ant | find "9999" in an elevated privilege Vista Command Prompt window. The command will show empty output if the TCP port is free or unused!

Remote Desktop port forwarding in Windows Vista using Putty SSH client.
Specify to use local TCP port 9999, Win2003 as the hostname of Windows Server 2003 and 3389 as the Remote Desktop service listening port. In order Vista Ultimate able to resolve the Win2003 hostname, edit %windir%\system32\drivers\etc\hosts file and add the IP-Hostname entry accordingly

As with X Window or Real VNC connection, Remote Desktop might be showing less responsive graphical interface when connecting over a slow network connection, such as dial-up modem or low-bandwidth ADSL broadband connection. For better graphical connection performance, click the SSH menu in the Category tree and tick “Enable Compression” check-box to turn on the SSH compression feature.

Remote Desktop port forwarding in Windows Vista using Putty SSH client.
Turn on SSH compression feature for better performance when connecting SSH server over a slow network connection, such as dial-up modem or low bandwidth ADSL broadband.

Click the Session menu in Category tree again follow by the Open button to attempt SSH connection to RedhatSSH server. Once the SSH authentication passed successfully, SSH Tunnel shall be established via the local port forwarding technique. Execute netstat -ant | find "9999" again will shows something similar to this:

C:\>netstat -ant | find “9977”
TCP   127.0.0.1:9977   0.0.0.0:0   LISTENING   InHost


Now, it’s ready to bypass Checkpoint Firewall restriction and connect to the forbidden Remote Desktop service from my Vista Ultimate PC at home, using the SSH port forwarding trick!

Click the Vista Orb, type Remote Desktop in Start Search (Vista Instant Search text box), click the Remote Desktop Connection in the Program list, specify 127.0.0.1:9999 in the Computer text-box and click the Connect button.

Remote Desktop port forwarding in Windows Vista using Putty SSH client.
Connect to Windows Server 2003 Remote Desktop service via SSH Local Port Forwarding technique.

When the Windows Security dialog box pop up, enter the Remote Desktop logon credential as prompt.

Desktop port forwarding in Windows Vista using Putty SSH client.

After the Remote Desktop log on credentials, an alert dialog box might pop up that says the Windows Vista Remote Desktop cannot verify the identity of the computer you want to connect to. Just click Yes to continue. As seen in the alert dialog box, this problem might caused by the remote computer is running a version of Windows that is earlier than Windows Vista or the remote computer is configured to support only the RDP security layer.

Windows Vista Remote Desktop Connection client pop up an alert dialog box when connecting to Remote Desktop service of a Windows version earlier than Windows Vista.

Custom Search

  1. WinFX Is Not Really .Net Framework 3 – Walker News 31-07-07@14:14

    [...] conjunction of Windows Vista and Windows Server 2008 (Longhorn) release, Microsoft temporarily introduces additional 4 [...]

  2. I Need a rock 09-08-07@07:48

    1. Start Registry Editor.
    2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\TerminalServer\\WinStations\\RDP-Tcp\\PortNumber

    3. On the Edit menu, click Modify, and then click Decimal.
    4. Type the new port number, and then click OK.
    5. Quit Registry Editor.

    Walker comment:
    This Registry tweak has nothing to do with Port Forwarding over SSH protocol. In fact, it’s only about to change the legacy listening port number of Remote Desktop service.

  3. Direct Download Remote Desktop For Windows 2000 – Walker News 12-11-07@23:57

    [...] Windows XP and above is pre-installed with Remote Desktop connection software for RDP protocol, it’s not available in older Windows, including Windows 2000 [...]

  4. Cyne 07-02-08@21:40

    I’m trying to connect to my computer with remote desktop through an SSH tunnel but I can’t get it to work.

    The setup is as follows:

    Client computer (Vista Ultimate 32-bit)
    |
    Norton 360 Firewall
    |
    Internet
    |
    D-Link 524 NAT Router with firewall
    |
    Norton 360 Firewall
    |
    Server computer (XP Pro 32-bit)
    ————————————-
    My home connection uses a dynamic IP address (though it hasn’t changed the last year…) but I’ve set up a DynDNS account just in case.

    I have forwarded port 22 through my router to my server computer who uses a static local IP address.

    I have opened port 22 on all 3 firewalls.

    I can connect to my server through SSH with Putty and browse all my files through the terminal window.

    I have forwarded Source Port 3391 to destination 192.168.0.101:3389 in Putty (If I try to forward Port 3390 in Putty I get an error message stating that the Port is busy. I think it’s occupied by Media Center or something).
    ————————————-
    When I try to connect with Remote Desktop to localhost:3391 from my Vista machine I get an error message stating: “Can not connect to remote computer. Try to connect again or contact your network administrator”. Since I’m my own “network administrator” that error message isn’t very helpful…

    If I just forward port 3389 in my router to the server and connect without the SSH tunnel it works great, but then the connection isn’t encrypted which is bad.

    Since I can connect to my computer through an SSH tunnel, and since I can connect with remote desktop if I forward port 3389 it feels as if it’s just the Port-Forwarding in Putty that isn’t working.

    I’ve tried with Source Port 3391, 127.0.0.1.3391, 127.0.0.2.3391 etc. and also with other ports then 3391 and I’ve also checked that they are not in use.

    I’ve tried with SSH v1 only, v2 only, and both.
    I’ve searched for solutions to this all across the internet but I can’t find what’s wrong. Is there a setting I’ve missed?

  5. Walker 08-02-08@16:49

    Hi Cyne,

    From your comment, you said

    1) You’re able to RDP directly to XP from Vista without using SSH
    2) You’re able to SSH directly to XP SSH server

    I assume that both RDP and SSH are working well.

    Are you running SSH server with WinSSH alike Windows program in XP or you’re running VMWare in XP that power a Linux OS with full function of OpenSSH?

    (So far, I’ve only tried to RDP from my Vista Ultimate to Windows 20003 over SSH port forwarding on RHEL4 OpenSSH machine. The Windows SSH server might not working with port forwarding – please confirm with the documentation.)

    After attempting to connect to SSH-XP, have you checked the XP Events Log (in case you’re running Windows SSH)?

  6. Cyne 08-02-08@17:04

    Thanks for the reply, as you seem to have guessed it probably lies in the SSH server program.

    I solved the problem by changing SSH-server program on the XP machine. I can’t remember the old ones name, but I changed to cygwin and now it works as intended.

    I think the problem was something in the lines of that the old SSH-server program didn’t support SSH2, while Vista ONLY support SSH2. So no matter if I tried SSH1 onlt or SSH2 only, one of the computers didn’t support it. This is just my speculations though.

    If anyone else run in to the same problem, I really recommend getting cygwin and following this guide (the one that I used):
    http://pigtail.net/LRP/printsrv/cygwin-sshd.html
    It takes you through the setup process step-by-step with easy-to-follow pictures.

  7. Walker 09-02-08@17:35

    Glad to hear that.
    In fact, RDP itself is secured as compare to VNC connection. So, it’s not really to use RDP over SSH port forwarding (unless for the above purpose – to simplify firewall rules setup for various inbound connections.)

  8. How To Keep Inactive SSH Session From Disconnected – Walker News 11-05-08@01:26

    [...] an idle connection. That was the problem what my colleague encountered this morning. When his Putty initiated SSH connection from outskirt to servers at HQ over VPN connection, with a not-so-good [...]

  9. How To Reboot or Shutdown Windows Vista In Remote Desktop Connection? – Walker News 20-07-08@21:50

    [...] Remote Desktop allows Windows users to remotely access another networked computer (normally is Windows machine) that supports Remote Desktop protocol (RDP). For the sake of security and performance, I recommend my friends to use RDP, simply because RDP is Microsoft own solution and is supposed well integrated. [...]

  10. John Leveille 21-07-08@02:19

    I have used local port forwarding and remote port forwarding. I usually use port forwarding to tunnel remote desktop. This works great over local port forward, but remote desktop hangs after login when using a remote port forward. Anybody know why?

  11. Stephen Reese 06-08-09@22:53

    That worked well, thanks!

2014  •  Privacy Policy