Posted: Fri Aug 25, 2006 2:00 Post subject: remote desktop connection
Hi everyone, I have several questions about remoting into my router and into my computers at home
the reason for this is that I work as an onsite technology sub contractor on the side and sometimes I need to remote into my computer at home from location to get certain utilities or informatin or what ever the case
I have a linux box, a win xp box, a mac laptop and a dual boot laptop at home. I want to be able to remote into all of these if need be.
what is the best method of setting this up, so far I have dyndns running and it emails me ip changes on the fly and I am using VNC and remote desktop
is there a better method
thanx in advance for any suggestions, and thanks for taking the time to make them
Remote Desktop uses port 3389. If you have more than one, set the incoming as a different port and the outgoing to 3389 and then specify the computer. All you have to do then is remember which port number (i.e. 3390, 3391, etc.) goes to which computer.
VNC, at least for Windows, uses port 5900. Again you can change that by either doing the above method OR you can change the port VNC uses in the program settings. (You can do this for Remote Desktop but you have to dig into the registry).
As far as the Mac goes, I couldn't help you but I'm sure there is something simlair for Mac. Again, just use port forwarding.
The dual-boot will only work on the OS that loads by default. I don't know of a way to select the OS that you want to boot in (i.e. you remote in and reboot to load the other OS).
Obviously they all have to be on for this unless you configure Wake-On-LAN on your DD-WRT router. Then you would have to open up the router to the outside also.
I suggest the following save way. Tunnel all traffic over ssh. You can tunnel remote desktop, vnc and what ever you need. you only need a dd-wrt router with ssh enabled and putty!
1. Enable ssh login port 443 on your linksys router running dd-wrt (Administration -> Management -> Remote Access -> SSH Remote Port)
2. download putty
3. open putty
- type in your dyndns ip address
- chose port 443
- connection -> SSH -> Tunnels
- source Port: 3389
- Destination -> internal_ip_address_of_windows_client:3389
- press add
- open the connection to your linksys router
- if you don't have free internet access, you can use also a proxy server to connect.
- if proxy is needed: connection -> proxy
- proxy type: http & proxy ip + proxy port
4. After you have established the ssh connection to your router, you can use remote desktop
5. copy from c:\windows\system32 to another directory (ex: c:\windows\rdp)
- mstsc.exe
- mstscax.dll
6. right click on mstsc.exe -> properties -> compatibility -> run this .... in Windows 98
7. open mstsc.exe
8. type in: localhost
9. now your remote desktop at home appears!
If you need more access to your computer at home, you have to add them in putty (connection -> ssh -> tunnel)
vnc actually works in tiger OS X 10.4 by enabling vnc connections to control the desktop via control panels > sharing > internet sharing prefpane > services > apple remote desktop > select allow VNC connections to control desktop.
I have used this to control a mac from a win xp box, and it works okay, well as good as VNC gets i suppose.
Just today I did an nmap -O of my ip address from work and I only have one port open (port 80) as far as nmap could tell. I do have some filters running and some ports forwarded, so I may have to do some config there
Configuring the ports for some of this stuff is a bit new to me, so I am trying to be weary on what I allow so it is totally secure.
Joined: 07 Jun 2006 Posts: 92 Location: North Carolina, USA
Posted: Fri Aug 25, 2006 20:55 Post subject:
madman wrote:
I suggest the following save way. Tunnel all traffic over ssh. You can tunnel remote desktop, vnc and what ever you need. you only need a dd-wrt router with ssh enabled and putty!
1. Enable ssh login port 443 on your linksys router running dd-wrt (Administration -> Management -> Remote Access -> SSH Remote Port)
2. download putty
3. open putty
- type in your dyndns ip address
- chose port 443
- connection -> SSH -> Tunnels
- source Port: 3389
- Destination -> internal_ip_address_of_windows_client:3389
- press add
- open the connection to your linksys router
- if you don't have free internet access, you can use also a proxy server to connect.
- if proxy is needed: connection -> proxy
- proxy type: http & proxy ip + proxy port
4. After you have established the ssh connection to your router, you can use remote desktop
5. copy from c:\windows\system32 to another directory (ex: c:\windows\rdp)
- mstsc.exe
- mstscax.dll
6. right click on mstsc.exe -> properties -> compatibility -> run this .... in Windows 98
7. open mstsc.exe
8. type in: localhost
9. now your remote desktop at home appears!
If you need more access to your computer at home, you have to add them in putty (connection -> ssh -> tunnel)
I haven't tried an SSH tunnel, but it sounds quite a bit like VPN.
My method, I'd set up VPN in the DD-WRT router and RDP/VNC from there.
It would probably be a bit easier than setting up SSH, putty and the works, but might be more insecure. I haven't compared the two side by side yet. _________________ mmm... forbidden donut....
ssh on port 443 is for me the easiest way to get into my network.
In a company you have a lot of internet restrictions. I am working as a security expert and believe me, if your company has open ports like RDP (Port 3389) or ssh (Port 22) and so on, you should think of a network security audit.
The problem is, that almost all company's have only three ports open, to access the internet over a proxy server. (HTTP 80; HTTPS 443; FTP 21)
So you don't have a chance to implement a vpn or a direct connection via RDP to your home network. It should be dropped by the company's firewall.
If you using the trick to have a ssh server listening on port 443, you are able to get this connection over a proxy server. If you have an open ssh connection, you are able to tunnel every port to your home network ;)
Putty overs also a SOCKS proxy server. If your company restricts some web sites, you can use your home DSL connection and nobody knows, to which internet sites you are going to.... And all by using a ssh connection to your dd-wrt router.....
btw: if your company is breaking https (looking inside https traffic, I don't know the exact word in english) traffic, your ssh connection over port 443 is still working. tested with Bluecoat.
What advantage does this offer? RDP is already encrypted.
And you trust this? Who knows what problems RDP has. Just because we havent heard of a public exploit on RDP doesn't meen it doesn't exist.
In any event, you should always have as few holes as needed in your firewall setup (like ONLY having ssh and openvpn in non-standard high port numbers).
It's all about risk management and I put RDP at a higher risk than SSH and OpenVPN.
okay its just not in the root directory, but you can use ls under /mmc
I am familiar with linux, just new to ddwrt. I can ssh into my router now but I want to launch a GUI based remote desktop client and connect to my machine