Posts Tagged Windows 7

Tunneling Remote Desktop over SSH in Windows 7

Posted by Spencer in Technology on June 27th, 2010

Every so often I find myself away from home and needing to use Remote Desktop over an unsecured wireless network.   The Remote Desktop Protocol implemented in Windows 7 has made significant improvements in security over previous versions, but I still like to tunnel the Remote Desktop session through an SSH connection for the extra security.  Tunnneling means that data sent to a local port are forwarded through an SSH connection to a remote port.  In the case of Remote Desktop, once the SSH connection and tunnel are established, the Remote Desktop connection is made to <localhost>:<port> instead of the <remote host>:<port>.  SSH listens for data on that local port and forwards it through the tunnel to the specified port on the remote host.

Before continuing, you’ll need

  1. SSH server on your remote Windows machine
  2. SSH client on the local machine

The rest of this article assumes you’ve got these components installed and working.  I use copssh for an SSH server on Windows 7, and I use PuTTY for an SSH client on my local Windows 7 machine.  With the server and client working, there are two simple steps to tunneling Remote Desktop over SSH: establish the tunnel, then establish the Remote Desktop connection.

Establishing the SSH Tunnel

In PuTTY, set up your session like normal then go to the Connection > SSH > Tunnels screen:

PuTTY tunnel options

Setting up a tunnel in PuTTY

Set the source port to 3391, and set the destination to <hostname>:3389 (e.g. google.com:3389, or equivalently 66.102.7.99:3389).  Leave “Local” and “auto” selected.  Click Add.  (I’m using google.com here instead of any useful domain just as an example)

Important: note the source port is 3391, not 3390 as is typically used in many tutorials around the web.  Windows 7 blocks Remote Desktop connections to localhost:3390.  The source port could be any number of ports, so feel free to try something else if 3391 is already used on your system. (But note that 3389 is the default Remote Desktop port, so do not change that number unless you know what you’re doing).

The added tunnel should look something like this:

PuTTY Tunnel added

PuTTY tunnel added

This means that the SSH connection will listen for data on local port 3391 and forward it to google.com, port 3389.

Now, open the SSH connection (click Open).  A PuTTY terminal will open; you can minimize it or use it as needed, but we won’t need it any more for this tutorial.  The simple fact that it’s present means that an SSH connection has been established between your local system and the remote host, and the tunnel is open.

Establishing the Remote Desktop Connection

Now that the tunnel has been opened between the local host port 3391 and remote host port 3389, we can start the Remote Desktop connection. Instead of typing the remote host name in the Remote Desktop connection window, type localhost:3391.

Remote Desktop Connection

Remote Desktop Connection to localhost:3391

Hit Connect, and that’s it!  Barring any unforeseen problems (see below for some tips on troubleshooting), you’ll be enjoying a Remote Desktop Connection to a remote computer tunneled securely through an SSH connection.  This means all data transmitted and received over the course of interacting with the Remote Desktop session is protected by all the security measures inherent in the SSH protocol.  It’s not impenetrable, but it’s better than RDP alone.

Suggestions for Troubleshooting

If you run into problems, these are some likely culprits:

Firewall – if there is a problem, this is often the source.  Make sure you can successfully connect to the remote SSH server using the SSH client on the local machine (this requires port 22 open).  Also make sure you can establish a Remote Desktop connection to the remote machine (port 3389).  If you can do both of these, then the firewall is not the problem.

Try a different local port – there is always the possibility that port 3391 on the local machine is used for something else.  Try changing this to something random.

Make sure remote desktop is available and  enabled – only Professional and Ultimate versions of Windows 7 will serve Remote Desktop connections (other versions may have just the client for connecting to other machines).  Additionally,  Windows 7 disables Remote Desktop by default.  From the start menu, right-click on Computer then click Properties, then click Remote Settings.  You may also have to explicitly modify the Windows 7 Firewall to allow Remote Desktop (i.e. open port 3389).

, , , , ,

No Comments

The Vastly Improved Windows 7 Update Process

Posted by Spencer in Technology on September 14th, 2009

Just a quick note today to document one of my favorite improvements in Windows 7. It’s not one that gets a lot of press or is listed on any set of features I’ve seen, but it makes a practical, day-to-day difference in the overall usability of the computer. It’s the Windows Update tool, which today installed the most recent Nvidia drivers, Office 2007 Service Pack 2, a Malicious Software Removal Tool, and several other odds and ends… and then it was done. No rebooting the computer. Just done!

, ,

1 Comment

DRM Pokes Me in the Eye and the Funnybone

Posted by Spencer in Technology on August 29th, 2009

I’ve installed Windows 7 Professional (RTM) on all of my computers now–two laptops and two desktops. Overall, it’s an excellent operating system. Memory management appears to have improved significantly, UAC prompts are sparse, and of course the UI has some nice tweaks. Oh, and most system updates don’t require a reboot.

I need to vent about one thing, though, and it may seem small but my goodness it is frustrating. Kind of like getting poked in the eye, or slammed in the funny bone, or like both happening at once. That one thing is the so-called broadcast flag, where broadcasters can flip a digital switch and prevent end users from recording content.

I have a Hauppauge WinTV-HVR 1600 TV tuner with one analog tuner and one ATSC tuner. It worked flawlessly under Windows Vista. We never once had a problem with the broadcast flag.

Now, though, when Emily tries to record an episode of “What Not To Wear” or “More to Love” (I mean, these are seriously popular shows and you can see how broadcasters would want to be REALLY careful about not letting people–oh, the horror–record their precious TV shows and possibly watch them at a later time)–it’s these shows that will record for 5 minutes then we get a little notice in the taskbar: “A recording has been cancelled” and then in Media Center, this now-dreaded popup: “Restrictions set by the broadcaster, yadda-yadda-yadda”:

recordedtv

In some cases a re-run will record just fine later that night.

I think–I hope–this is a bug somewhere, since as I understand it Vista Media Center obeyed the broadcast flag and we never saw this issue.  But, since Windows 7 is so new, and technically isn’t even publically available (my copies are perfectly legitimate), there isn’t much discussion going on and certainly not about this problem.  So, I’m not sure if it’s a driver problem, a Media Center problem, or what.

So poke my eye out, media  conglomerates, operating system, world at large.  Cheap-shot my funny bone.  I don’t care.  Mostly.

P.S. “Food Lovers Fat Loss…” just happened to be on this morning when I needed a screenshot for the blog.  I mean it.  Seriously.

, , , , ,

2 Comments