Say you SSH to Computer 1 which is a Linux server then you want to bounce over to a Terminal Service session on Computer 2 which is Windows 2000. Is it possible to Port Forward 3389 from a SSH session from Computer 1 to Computer 2 so you can administer your server remotely? Does this make sense? I was just wondering if there was a way to remote administrate with out opening another port on the firewall? Kind of like a VPN connection home? I really want to stay with Linux and SSH it looks like the way of the future!!!

Definitely. I do it all the time every day. On your SSH connection properties in PuTTY or whatever you use, specify that you wish to for local port 3389 to forward to <INTERNAL ip address of computer2>:3389 and that should be it.

so it'd be something like L3389 forwarded to 192.168.1.5:3389

If you are running Windows XP and maybe Windows 2000 there are still some problems with MS Term Serv program and trying to Term Serv to 127.0.0.1. It won't let you term serv to localhost(127.0.0.1). So here's what you have to do. Copy mstsc.exe and mstsc.dll from your windows\system32 directory (I think that's where they are) and copy them to any other directory. Go to Properties for mstsc.exe and go to the Compatibility tab. Select to run this program in Windows 98/ME compatibility mode, then it will let you terminal service to 127.0.0.1. Just make an icon on your desktop pointing to your modified version of MS Terminal Services.

Did that make sense? Let us know if you have problems...

WOW that was a nice write up! I have been searching the net for some time on this. It's nice to see that SSH can be used like a VPN client. I found the mstsc.exe in /windows/system32 but I could not find the mstsc.dll file? I copied the mstsc.exe file to a folder on C:\ called TS and right mouse clicked on the file and said to run in Windows 98/ME compatibility mode. I opened up putty and forwared my ports like you described then I double clicked the mstsc.exe file and tried to connect to localhost or 127.0.0.1 with no luck. It said :

The client could not connect. You are already connected to the console of this computer. A new console session cannot be esatblised.

So I'm kind of lost where to go from here? I'm running Windows XP SP2 and trying to connect to a Server 2003 file server through SSH. I did enable to log on locally for SMB mapping. Any suggestions????

Thanks Again,

BiG

Well BiggDog there's a good reason you couldn't find mstsc.dll, my fingers were supposed to type mstscax.dll. Make sure that file is there in the C:\ with mstsc.exe.

Also, something to check. Make sure you have Remote Desktop access turned off on the machine you are currently working on. If you right click on My Computer and go to Properties, then click on the Remote tab, you want to make sure the Remote Desktop box is unchecked.

Also, if you open your putty window and click on the icon in the top left of the putty window, a drop down menu should come down and you should see an option that says Event Log. Look through that and make sure you see something like "Local port 3389 forwarded to <internal IP of 2003 box>:3389"

Next, make sure you can even Remote Desktop to that 2003 from your local LAN. B/c all this SSH stuff is moot if you there is something wrong with the Remote Desktop connection on the 2003 box.

Ok, think that gave you some more things to try/check. Let me know how it goes and I'll try to help more if I need to....

Well AUSanders79 you got it working It was the missing *.dll file that was killing me!! aaarrrgghh

That's awesome!! Port Forwarding rules. I shut off Remote Desktop before because the error was referencing it..... But thanks for the great feedback this has really helped alot!! It's cool because I can mount smb shares over to my desktops to retrieve files. I'm digging Linux more very day

Thanks Again,

Big

Hey guys i was wondering if i could get some help with this situation as well. Here is my situation
I use mandrake 10.1 at home. and Windows NT at school
sshd on my linux box is listening to port 443 for incoming connections.
I am able to connect to my home from school using putty over port 443. my school uses a proxy of course. it is 192.168.1.1 Port 8080. so i configured putty to use the http proxy of my school. it worked and i successfully connected to my linux box from school. i am able to give commands to my linux box. what i am wondering is how to tunnel http traffic over my secure ssh connection. how can i set up sshd to forward http traffic? i hope i gave enough information. hope to hear back from somebody

Hrm, throwing a proxy in the mix... I've never done tunneling over a proxy before. However, here's what I'm thinking...

You have established an SSH connection successfully using your school's proxy, right? So, that means you can establish tunnels successfully, b/c these tunnels are just your packets going over the SSH connection. So, here's what I do. I set up (in putty) a dynamic tunnel on port 7979 let's say. Then, I make my SSH connection through the proxy on port 443 (which you have already done successfully). Now, configure your browser to connect via a SOCKS proxy (v4 or v5 proxy, I can't remember). The IP address of the SOCKS proxy you are going to use is 127.0.0.1 on port 7979. So you see what's going on? Now, all your browser traffic including HTTP and HTTPS is going to go through your SOCKS proxy/tunnel that was defined in putty which then goes out of your local computer as SSH packets, goes through your schools proxy, then hit's your home computer, where he will forward the packets out to their respective destinations.

Did that make sense? So now another upside is that all your traffic is encrypted through the SSH tunnel and can't be monitored. Granted, your school admins will see a signifigant rise in SSH traffic from your machine to your home server, but at least they won't know where you're going. Let me know if you have any other questions or have problems with this setup....

Thanks for the help

I successfully tunnelled vnc over ssh today but it was really slow... i will try http forwarding tomorrow thanks for the help!

YAY! it worked! I have completely bypassed my school proxy server infact the whole school board... I never knew the answer would be so simple! It is actually a SOCKS 5 Proxy.

Thanks alot, AUSanders79. I really appreciate the help.

My port forwarding of TS or RDP "3389" has stopped?

The server's are still running RDP and I have not made any changes on my Cisco config so the question is what could be going wrong? I tried to forward out to 2 different servers and it does not connect? It port forwards fine to 25, 143 on a *nix box:\ Any suggestions would be much appreciated? Did Microsoft apply a hot fix to not allow port forwarding? I know it's a far shot but your never know with Mr. gates.

Thanks,

BiG

Can anyone give alittle bit of incite on my issue? Or a few trouble shooting steps?

Thanks in Advance!!

BiG

So here is what my putty.log says:

Event Log: Local port 3389 forwarding to 192.168.100.2:3389 failed: Network error: Permission denied
Outgoing packet type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST)

Now I can't even port forward from my local LAN? Is there a fix for this? Now I know MS sent out some patches like the Malicious Code patch and so forth. Is anyone else running into this same issue?

Thanks,

BiG

Sorry!!!!!!!!!!!!!!!!!!!

I migrated my laptop to a new Active Directory domain and it turned on my local RDP:\ After runnig a simple command netstat I saw 3389 was open on my local machine. What a simple problem but yet it took me a week to fix !!! So I had to change the GPO to uncheck RDP now it works fine. Maybe someone else will do the same thing and this link may help!

Thanks,

BiG