Comments on: Secure Remote Desktop Access Over SSH http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/ Wed, 07 Jan 2009 08:53:06 +0000 http://wordpress.org/?v=2.6.1 By: David http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-441 David Sun, 10 Aug 2008 06:10:25 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-441 Thanks so much for putting up the screen shots. They're priceless! I was a little unsure about SSH with DD-WRT, and the text only explanations from the DD-WRT forums were *ok*, but a picture or screen shot in this case, is worth so much more... Thanks again! Thanks so much for putting up the screen shots. They’re priceless! I was a little unsure about SSH with DD-WRT, and the text only explanations from the DD-WRT forums were *ok*, but a picture or screen shot in this case, is worth so much more…

Thanks again!

]]> By: Cliff http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-422 Cliff Sat, 03 May 2008 04:40:06 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-422 Funny thing, I set this up on my home PC and everything works fine. But, when I did exactly the same thing at a clients office it won't work. I can RDP to the "hostname:port" without using Putty and it works fine. I can connect using Putty and build the tunnel with no problem, but when I try to RDP using "localhost:port" it seems to try for a few seconds then fails with the error "Remote Desktop Disconnected: The client could not establish a connection to the remoet computer. The most likely causes for this error are:... " and then names 3 things that aren't the problem. I can exit Putty and try RDP again using the full Internet "hostname:port" and it works fine that way. It's been driving me nuts all day. I've compared every setting I can think of but can't find anything different about the way these 2 host PC's are setup. One works with SSH, the other one just will not. Funny thing, I set this up on my home PC and everything works fine. But, when I did exactly the same thing at a clients office it won’t work. I can RDP to the “hostname:port” without using Putty and it works fine. I can connect using Putty and build the tunnel with no problem, but when I try to RDP using “localhost:port” it seems to try for a few seconds then fails with the error “Remote Desktop Disconnected: The client could not establish a connection to the remoet computer. The most likely causes for this error are:… ” and then names 3 things that aren’t the problem. I can exit Putty and try RDP again using the full Internet “hostname:port” and it works fine that way. It’s been driving me nuts all day. I’ve compared every setting I can think of but can’t find anything different about the way these 2 host PC’s are setup. One works with SSH, the other one just will not.

]]> By: Rodrigo d'Avila http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-396 Rodrigo d'Avila Fri, 04 Apr 2008 14:35:41 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-396 Hi, I did everything that you describe here, (port 22 to 443, 3390 to 3391 with Vista) but when i go to de RDC and point to 192.168.1.10:3391 (My server) apeears a message saying that can't find the computer... What could be wrong?? My RDC inside the Lan works just fine, the problem is when i'm outside the lan. Thank you! Hi, I did everything that you describe here, (port 22 to 443, 3390 to 3391 with Vista) but when i go to de RDC and point to 192.168.1.10:3391 (My server) apeears a message saying that can’t find the computer… What could be wrong?? My RDC inside the Lan works just fine, the problem is when i’m outside the lan.

Thank you!

]]> By: Joe http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-358 Joe Wed, 12 Mar 2008 12:38:35 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-358 Hi Jon, dependng on where you are connecting from, port 22 might be blocked by a corporate firewall or some other type of filter. I suggest setting up your DD-WRT router to listen on port 443 (Secure HTTP) as many firewalls leave this port open for secure web browsing access. Then, you must change the port in the SSH server info in the Putty client to port 443 as well and try to connect. All other settings should remain the same. Give it a try! Joe Hi Jon, dependng on where you are connecting from, port 22 might be blocked by a corporate firewall or some other type of filter. I suggest setting up your DD-WRT router to listen on port 443 (Secure HTTP) as many firewalls leave this port open for secure web browsing access.

Then, you must change the port in the SSH server info in the Putty client to port 443 as well and try to connect. All other settings should remain the same. Give it a try!

Joe

]]> By: Jon http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-355 Jon Wed, 12 Mar 2008 06:26:29 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-355 Hi Chris, I wonder if you would mind giving me a hand? I have followed your tutorial--for which, many thanks--but I am so far still unable to get SSH access to my router from outside my LAN. I have done both your Step 1) ("Enable the remote access SSH service under Administration->Management in the DD-WRT configuration") and Step 2) ("You must also enable the Secure Shell service under Administration->Services"). Do you think I need to open a port somewhere else within the DD-WRT web UI? Would the SPI Firewall be preventing the SSH connection? Many thanks for your time! Jon Hi Chris, I wonder if you would mind giving me a hand? I have followed your tutorial–for which, many thanks–but I am so far still unable to get SSH access to my router from outside my LAN.

I have done both your Step 1) (”Enable the remote access SSH service under Administration->Management in the DD-WRT configuration”) and Step 2) (”You must also enable the Secure Shell service under Administration->Services”).

Do you think I need to open a port somewhere else within the DD-WRT web UI? Would the SPI Firewall be preventing the SSH connection?

Many thanks for your time!

Jon

]]> By: Chris http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-299 Chris Mon, 18 Feb 2008 23:31:22 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-299 Images restored. Sorry, never heard of Supportsmith. Images restored. Sorry, never heard of Supportsmith.

]]> By: Fred http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-297 Fred Mon, 18 Feb 2008 19:05:13 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-297 The pictures are gone. Have you heard about an RD tool called Supportsmith? I would appreciate any comment about it. thefwd@gmail.com The pictures are gone.
Have you heard about an RD tool called Supportsmith?
I would appreciate any comment about it.
thefwd@gmail.com

]]> By: Phil http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-66 Phil Fri, 23 Feb 2007 20:13:14 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-66 All I get is "The client could not connect. You are already connected to the console of this computer. A new console session could not be established." Does not matter what source port I choose (I've tried about 10 different ones). The port shows up listening locally and I can even telnet to it. Windoze :( All I get is “The client could not connect. You are already connected to the console of this computer. A new console session could not be established.” Does not matter what source port I choose (I’ve tried about 10 different ones). The port shows up listening locally and I can even telnet to it.

Windoze :(

]]> By: michael http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-65 michael Sat, 27 Jan 2007 08:25:15 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-65 Thanks for the 3391 tip.. I was banging my head trying to figure out a workaround. I wonder if there is a registry key that will force Vista to bind TS to specific adapters which would solve the port usage problem for loopback adapters.. On aside, you can also use the Microsoft Loopback Ethernet Adapter if you are out and about. This approach works the same except that your IP address should be setup in the 10.x.x.x range to avoid confusion with private networks. Just setup your SSH tunnels such as: L:10.4.5.6:3391 192.168.1.42:3389 Thanks for the 3391 tip.. I was banging my head trying to figure out a workaround. I wonder if there is a registry key that will force Vista to bind TS to specific adapters which would solve the port usage problem for loopback adapters..

On aside, you can also use the Microsoft Loopback Ethernet Adapter if you are out and about. This approach works the same except that your IP address should be setup in the 10.x.x.x range to avoid confusion with private networks. Just setup your SSH tunnels such as:

L:10.4.5.6:3391 192.168.1.42:3389

]]> By: Rik http://weblog.bbzzdd.com/2006/07/09/secure-remote-desktop-access-over-ssh/#comment-64 Rik Thu, 07 Sep 2006 09:04:17 +0000 http://www.bbzzdd.com/wordpress/?p=51#comment-64 Was just trying to do this using Vista RC1 (build 5600) as the local system [XP SP2 was the remote, FWIW] and it wouldn't work with these settings. Kept getting the error: "The client could not connect. You are already connected to the console of this computer. A new console session could not be established." Then I eventually tried another Source port(3391)and it worked! I guess they have changed something in Vista so you can't use port 3390 as the local anymore. In summary: To configure PuTTY: Source port: 3391 Destination port: 192.168.1.100:3389 To run ssh from a command line: ssh -L 3391:192.168.1.100:3389 To run using ssh2_config file add the entry: LocalForward 3391 192.168.1.100:3389 HTH Was just trying to do this using Vista RC1 (build 5600) as the local system [XP SP2 was the remote, FWIW] and it wouldn’t work with these settings.

Kept getting the error:
“The client could not connect. You are already connected to the console of this computer. A new console session could not be established.”

Then I eventually tried another Source port(3391)and it worked!

I guess they have changed something in Vista so you can’t use port 3390 as the local anymore.

In summary:

To configure PuTTY:
Source port: 3391
Destination port: 192.168.1.100:3389

To run ssh from a command line:
ssh -L 3391:192.168.1.100:3389

To run using ssh2_config file add the entry:
LocalForward 3391 192.168.1.100:3389

HTH

]]>