Tunneling Remote Desktop over SSH in Windows 7
Posted by Spencer in Technology on June 27th, 2010
Every so often I find myself away from home and needing to use Remote Desktop over an unsecured wireless network. The Remote Desktop Protocol implemented in Windows 7 has made significant improvements in security over previous versions, but I still like to tunnel the Remote Desktop session through an SSH connection for the extra security. Tunnneling means that data sent to a local port are forwarded through an SSH connection to a remote port. In the case of Remote Desktop, once the SSH connection and tunnel are established, the Remote Desktop connection is made to <localhost>:<port> instead of the <remote host>:<port>. SSH listens for data on that local port and forwards it through the tunnel to the specified port on the remote host.
Before continuing, you’ll need
- SSH server on your remote Windows machine
- SSH client on the local machine
The rest of this article assumes you’ve got these components installed and working. I use copssh for an SSH server on Windows 7, and I use PuTTY for an SSH client on my local Windows 7 machine. With the server and client working, there are two simple steps to tunneling Remote Desktop over SSH: establish the tunnel, then establish the Remote Desktop connection.
Establishing the SSH Tunnel
In PuTTY, set up your session like normal then go to the Connection > SSH > Tunnels screen:
Setting up a tunnel in PuTTY
Set the source port to 3391, and set the destination to <hostname>:3389 (e.g. google.com:3389, or equivalently 66.102.7.99:3389). Leave “Local” and “auto” selected. Click Add. (I’m using google.com here instead of any useful domain just as an example)
Important: note the source port is 3391, not 3390 as is typically used in many tutorials around the web. Windows 7 blocks Remote Desktop connections to localhost:3390. The source port could be any number of ports, so feel free to try something else if 3391 is already used on your system. (But note that 3389 is the default Remote Desktop port, so do not change that number unless you know what you’re doing).
The added tunnel should look something like this:
PuTTY tunnel added
This means that the SSH connection will listen for data on local port 3391 and forward it to google.com, port 3389.
Now, open the SSH connection (click Open). A PuTTY terminal will open; you can minimize it or use it as needed, but we won’t need it any more for this tutorial. The simple fact that it’s present means that an SSH connection has been established between your local system and the remote host, and the tunnel is open.
Establishing the Remote Desktop Connection
Now that the tunnel has been opened between the local host port 3391 and remote host port 3389, we can start the Remote Desktop connection. Instead of typing the remote host name in the Remote Desktop connection window, type localhost:3391.
Remote Desktop Connection to localhost:3391
Hit Connect, and that’s it! Barring any unforeseen problems (see below for some tips on troubleshooting), you’ll be enjoying a Remote Desktop Connection to a remote computer tunneled securely through an SSH connection. This means all data transmitted and received over the course of interacting with the Remote Desktop session is protected by all the security measures inherent in the SSH protocol. It’s not impenetrable, but it’s better than RDP alone.
Suggestions for Troubleshooting
If you run into problems, these are some likely culprits:
Firewall – if there is a problem, this is often the source. Make sure you can successfully connect to the remote SSH server using the SSH client on the local machine (this requires port 22 open). Also make sure you can establish a Remote Desktop connection to the remote machine (port 3389). If you can do both of these, then the firewall is not the problem.
Try a different local port – there is always the possibility that port 3391 on the local machine is used for something else. Try changing this to something random.
Make sure remote desktop is available and enabled – only Professional and Ultimate versions of Windows 7 will serve Remote Desktop connections (other versions may have just the client for connecting to other machines). Additionally, Windows 7 disables Remote Desktop by default. From the start menu, right-click on Computer then click Properties, then click Remote Settings. You may also have to explicitly modify the Windows 7 Firewall to allow Remote Desktop (i.e. open port 3389).
Land of the Rising Sun
Posted by Spencer in Life, Photography, Travel on February 7th, 2010
I just got back from a conference held at Osaka University (Suita Campus) in Osaka, Japan. The conference was Advances in Neural Engineering and I thoroughly enjoyed participating and learning. I arrived in Osaka several days before the conference began so that I could adjust to the time and do some sight-seeing. I stayed in the Hotel Hankyu Expo Park which was a 10 minute monorail ride from the University and probably 30 minutes to 2 hours to get to most places around Osaka and Kyoto (nearby city with many temples). One of my hosts told me the text “Banpaku-kinen-koen” actually means Expo Park. It was the site of the 1970 international expo held in Osaka.
Chapter 1: Osaka Castle
So on to the sightseeing! The first day I went to Osaka Castle (main site, Wikipedia link), a huge fortress originally constructed in 1583 and modified over the years with the changing political landscape. The entire park is impressive. The castle itself is built on raised land supported by massive stone walls which you can see in this picture. Some of the walls extend as high as 20 meters (more than 60 feet). When you get up close to the walls, you can see how big the stones are. Many of them are several feet on a side – I can’t imagine how heavy they are.
The castle grounds are divided into an outer and inner area, and of course, there was a moat (a must for any decent, self-respecting castle) protecting the inner walls. A beautifully textured wooden bridge crossed the moat to the inner sanctum. From here visitors start to get a real idea of the size of the castle!
As big as it seemed from outside the castle walls or even just across the moat, it was much, much bigger in person. It is fascinating to me that people built this castle without the modern conveniences of combustion engines or hydraulics! If I remember correctly, there were 8 floors in the castle itself. The inside has been completely modernized so that there is an elevator and stairs. You can go the whole way to the upper pagoda where the view of the city is magnificent.
The museum inside the castle is very interesting and documents the history over the centuries as the castle changed hands and played a major role in the shaping of Japanese government. Among the many artifacts were samurai outfits originally belonging to some of the rulers. Their dress was intimidating! Unfortunately we weren’t allowed to take pictures of the older pieces.
Ornate designs decorated much of the exterior of the castle, such as the gold tiger in the picture below.
In the same inner area there was also a beautiful Japanese garden. I was running out of time but walked through quickly. The view of the castle was shaped quite well by the pond and garden elements.
Chapter 2: Osaka Kaiyukan Aquarium
On Saturday morning, I went to the Osaka Kaiyukan Aquarium at Osakako (the port). Their claim to fame is a whale shark exhibit, which was appreciably large! The fin of the shark was probably on the order of 5 feet tall. The length must have been 10-15 feet. It was a massive creature.
The theme of the aquarium focused on the variety of life around the Pacific Ring of Fire. They had dophins, huge sea turtles, large crabs, manta rays, otters, and many other species. Two of the exhibits I enjoyed the most (alongside the whale shark) were the penguins and the jellyfish. The penguins were quite playful and would come right up to the glass to see the “human exhibit”. This one in particular would come up to stare and play with some of the children holding their hands out. The jellyfish were fiery orange and red against the blue lighting of the tanks – an exhibit I always love no matter the aquarium.
One of the most interesting things I saw was a diver feeding the stingrays and other creatures in one of the really large central tanks. The diver would take a small squid or octupus out of a tupperware container and literally put the food into the mouths of these stingrays. Fish of all kinds swirled around him all through this process. In the background you can see the whale shark, in another area of the tank separated by a net.
Chapter 3: Kyoto
The last major destination I visited for sightseeing was the city of Kyoto Sunday afternoon. I went with the hosts of the conference and several other participants and had a great time. The weather was quite dreary and very wet. After spending some time trying to balance both the umbrella and the camera, I finally gave up with the umbrella and just got wet. 
The gardens of the temple were incredible. The preparation, design, and maintenance were clearly evident. I could probably have spent much more time in Kyoto, and in fact if I return some day I will go to Kyoto to see more of the temples and gardens. I saw only two of the twenty or so temples around the city.
Chapter 4: Odds and Ends
After the conference ended on Tuesday we all went to a traditional Japanese restaurant in downtown Osaka. The food was marvelous there as it was everywhere I ate. In these restaurants, patrons remove their shoes before going to a secluded eating area, often upstairs from the main entrance. We would approach these restuarants from sometimes very narrow (but brightly decorated!) alleyways, and walk through bright cloth banners in the entrance. Dishes were always beautifully prepared as well as very tasty.
Japan: A Wonderful Experience
I spent only a week in Japan but I found the people warm and accepting, the culture fascinating, and the scenery breathtaking. I spent a lot of time on subway trains; every so often, the train would stop service in the middle of a line. I assume this fact was announced over the loudspeaker but I could never be certain because it was only in Japanese, so I sat happily in my seat while everybody else on the whole train got off. Every time that happened (kind of funny that it happened more than once right? you’d think I’d start to notice a pattern), a grandmotherly woman would smile and gesture anxiously at me through the window from the platform, or elderly man would shake his hand on my shoulder and motion to get off. This experience was typical of all my interactions with people. The hosts of the conference were especially gracious. The students I met were as eager to learn about my culture as I was to learn about theirs.
I was also amazed at the volume of people! At the Osaka/Umeda station in downtown Osaka, there is an underground shopping area that must extend for miles (not an exaggeration), all lined with department stores and vendors of all kinds. This shopping center connects hotels, subway stations, and train stations, so at times there was a veritable sea of people moving in both directions (walking on the left, not the right!) and you could really only go with the swell. Times like these it was easy to feel somewhat lost in the cadence of footsteps and blur of faces, although being tall and red-haired I probably was anything but an invisible face in the crowd.
Today, with the effects of travel beginning to wear off and sleep returning to a more normal schedule, I downloaded all 1000+ photos and started poring over them, revisiting all the places I saw and people I met. It was a wonderful experience! I think I will have many warm memories of Japan.
Why I Love the Lenovo X200s
Posted by Spencer in Technology on December 3rd, 2009
Feast your eyes on the amount of battery life I was projected to get from my Lenovo X200s today:
Close up of the battery meter
Granted, I probably won’t end up getting the full 15 hours. That came up while viewing a PDF in class with wireless off and the screen at fairly low brightness. In normal use I probably get only 8-10 hours.
You know, only 8-10 hours for a dual-core laptop with 1440×900 screen and 4gb ram. In a well-built 3-lb package. Gotta say, I do love this little laptop.
The Brazil Experience: Chapter 1
Almost two months ago now I went to a conference (VLSI-SoC 2009) in Florianópolis, Santa Catarina, Brazil. Florianópolis is an island just off the mainland, about 430 miles south of São Paulo and 700 miles south of Rio de Janeiro. Wikipedia has more information; check out Google Maps below for how the island is laid out.
I flew out Friday morning at about 10am from SLC and arrived in Floripa the next day, Saturday, at about 5pm with stops in JFK and São Paulo. According to Delta’s Skymiles program, I traveled 6,734 miles in approximately 31 hours, or about 217 miles per hour average!
We stayed at the Jurere Beach Village, which is literally right on the beach as you can see. If you zoom in on the map, you’ll find Jurere at the north end of the island which is more the tourist area. My room was on the top floor looking out into the center court. I fell asleep at nights to a cool ocean breeze ruffling the curtains and the rhythm of the incoming waves. I woke up in the morning to sunlight streaming through the same curtains with the same breeze and waves. Breakfast every morning was a buffet with fresh fruits, juices, breads, pastries, eggs, sausage… you name it.
I didn’t do much Saturday evening or Sunday. Monday night I took off with some friends to downtown Floripa. We walked along the avenue toward the bridge to the mainland for a while at sunset (pictures below) before hitting up the Churrascaria Ataliba for dinner.
Dinner was amazing. We were the first ones in the door and the Maître d’ let us go back to see the furnace and the chef. They had cards illustrating where the meat was from on the cow, and there must have been 30 different cuts of meat from beef alone, plus chicken, pork, and lamb. If you’ve ever been to a Rodizio’s or a Tucano’s, this was that same idea. They just keep bringing the meat until you say no. I got a limeade that was tart and sweet to the point of turning my mouth inside out.
After dinner we took a taxi to the nightlife area of the island called Lagoa da Conceição (a lagoon around the center-west of the island). Caught some live music from a local band for an hour or two then started to head back home. On the way home we decided to find a local taxi cause the hotel’s taxi service was ripping us off. Amlan, one of my labmates from India, decided we wouldn’t pay more than R$50 to get back to the hotel (it would have cost more like R$75-100 from the other taxi). We flagged a guy in a little 5-seat hatchback and Amlan talked him down like a pro till he finally gave in. I think there are some aspects of the world cultural experience I may have missed in middle-class America!
I’m particularly glad to be enjoying my continued existence post-Brazilian-taxi. That guy drove his little hatchback like it was a Formula 1 match. I held out hope that he was at least marginally sane. In the end, he got us back home in little enough time that it was indeed only R$50.
My Experience with HTC TouchFLO and Windows Mobile 6.5
Posted by Spencer in Technology on November 10th, 2009
HTC Imagio
I purchased the HTC Imagio (on Verizon) the day it came out. I had been steadily following the reviews and it looked like the perfect phone. Wi-Fi, GPS, Bluetooth, Verizon’s 3G network, FM receiver, huge touch screen, and TouchFLO, HTC’s interface to Windows Mobile.
I wanted to love this phone. I just couldn’t. Returning to my iPod Touch was like being reunited with an old friend.
I thought it might be useful to give a detailed review of what worked for me and what didn’t; why, in the end, I returned the phone.
The Good
HTC’s TouchFLO interface is generally very well done. The front screen, shown above, is really nice. You get a nice big clock, the weather, call information, and upcoming appointments all in one place. Along the bottom you can quickly see if there are emails or texts waiting to be read.
The screen is beautiful. It’s large so you can fit quite a lot on it. It’s vibrant and colorful. It’s easy to look at.
The phone itself just feels good. It’s the right size and weight, and the case is solid. There’s a 3.5mm jack for using normal headphones (more and more common these days, but still nice).
The on-screen keyboard was fine. Friends who tried it out didn’t like it, but I had no problems. The XT9 technology makes typing on virtual keyboards basically painless.
The TouchFLO contacts integration is very well done. Information such as profile pictures can be pulled from Facebook. You can see in one place all text messages you’ve shared, all emails, appointments, events for each contact.
I loved the camera and I especially loved the video recording. I’ve never had a mobile camera (that was any good anyway), so this was a new experience for me. I could get used to it.
The Bad
Here’s a list of my grievances:
- The processor in the phone is ancient and it shows. Opening applications takes forever (notably, mobile outlook), switching applications takes forever, and sometimes the phone just isn’t responsive. You can never tell whether you’ve pressed something incorrectly without just waiting. Scrolling in any context – text, websites, pictures, etc. – is slow and jerky.
- I really dislike the overall email solution which is sad given the importance of email to the whole smartphone experience. As you can see in this picture (from pocketnow), the TouchFLO email interface is an envelop with letters sticking out. This seems fancy and slick, but there are some problems.
- The slanted edges of the envelope hide text from the middle of sentences and makes previewing the email annoying. To read the full email, you have to open mobile outlook. SLOW.
- The character set is messed up so that HTML email messages and anything else other than standard text will show the uncomfortable-looking empty box-characters for unknown ASCII codes.
- The direction for flicking your finger across the screen to move between messages is opposite in the email interface what it is in the text messaging interface. This may seem trivial, but if you flick the wrong direction on the first email, it automatically loads mobile outlook – and outlook takes forever to load.
- There is no way to mark a message read from the preview screen (you have to open the email in mobile outlook – recall yet again the bit about it being slow. Seeing a pattern here?).
- Mobile outlook is just painful. It’s slow both to open and operate. It’s not finger friendly. It is painful on the eyes. I couldn’t customize which folders held deleted messages or sent messages, and the default setting was different from all three of my email accounts – so, for instance, when I deleted emails on the phone, I had to delete them again in gmail from this new folder that just showed up.
- I dislike the music and picture and video interfaces. The visual media interface (like the email) tries too hard to be “slick” and ends up just taking up too much space and displaying pictures/videos that much smaller. The music interface was just terrible. I could never tell what group of songs I was playing from. Because the processor was so slow, I hated trying to flip between songs. The phone couldn’t even play music smoothly in the background while performing other operations – even the non-multi-tasking ipod touch can do that.
- There are two competing interfaces for reading and sending text messages. This wasn’t necessarily bad in and of itself; the problem is that it seemed completely random which one would come up. The TouchFLO text messaging interface is really well done. I loved it. It was fast, it looked good, and it was easy to use. The Windows Mobile text messaging interface is terrible. It’s basically mobile outlook with all the inherent problems, including being slow to open and navigate. Hard to believe HTC allowed that Windows Mobile interface to survive at all.
- I actually had to get involved in memory management. If I didn’t reboot the phone for a week or so, the memory baseline (e.g., all applications closed) would hit up around 85-90% utilization and everything would slow down (even more) considerably. I cannot imagine a “normal” person (I mean non-nerd), for instance my mother, owning this phone and having to deal with memory management on a regular basis.
- I really missed having a dedicated power button to put the phone to sleep. I had to lock it (only available from the home screen, or depress the “end call” button for three seconds then select that option from the menu) and then just wait for the screen to turn off.
- It is impossible to have the phone set to vibrate and the music playback volume set to anything other than silent at the same time. This is very frustrating when you want to listen to music but forget that turning up the volume for the music turns up the volume on the ringer as well. I got some nasty surprises from this issue. Note that when you change the volume, you can change the system volume and ringer volume separately – so they can be at two different audible levels. You just can’t have one vibrate and the other audible.
The End
In the end, the contrast between the TouchFLO interface and Windows Mobile was just too much. It’s like living with Dr. Jekyll and Mr. Hyde in your pocket, and never knowing which will appear when you wake up the phone. This problem is only compounded by the slow processor, since mistakes generally mean you wait.
So, after nearly a month of use, I begrudgingly called Verizon and returned the phone. To Verizon’s credit, it couldn’t have been easier. The CSR gave me zero problems and was actually very understanding. The return shipping label was included in the original shipping. I put everything back in the box, affixed the label, and dropped it in a Fedex dropoff. Several days later I called back up, verified the credits to my account, and everything was done. The reps in every instance were respectful and courteous. (This is the main reason we switched from Cingular back in the day, and it’s one of the main reasons we stay with Verizon – they seem to be willing to bend over backwards to help me no matter the problem).
HTC has another Windows Mobile 6.5 phone, the HD2, with supposedly much better specs – in particular, a Snapdragon 1GHz processor and a larger capacitive touch screen. Considering my experience with the Imagio however, the slow processor is only part of the problem. The real problem is an inconsistent user interface that plagues bottom-line usability of the device. As nice as that HD2 looks, I’d be wary of the actual user experience.
The Future
So… Droid anyone?
S. Kellis Photography
