seezar
Premium
join:2001-07-01
Rochester, NY
 ·ViaTalk
| reply to Flaubert
Re: The most secure way to use Windows Remote Desk
said by Flaubert  :I was just looking at the link posted above about Windows remote connections and it looks like there's a way of encrypting the traffic between the client. What gives? Windows remote desktop in itself does encrypt the traffic on its own. SSH just provides an additional layer of security. |
|
Flaubert
join:2004-12-06
Los Angeles, CA | reply to Flaubert
I was just looking at the link posted above about Windows remote connections and it looks like there's a way of encrypting the traffic between the client.
What gives? |
|
Flaubert
join:2004-12-06
Los Angeles, CA | reply to seezar
I think I'm all set I'll try all this this sunday and keep you posted.
I'm still a little bit worried about those private keys, it doesn't look too simple.
thanks anyway for all this help ..... |
|
seezar
Premium
join:2001-07-01
Rochester, NY
·ViaTalk
| reply to SoonerAl
This thread has been a tremendous help, thank you SoonerAl for your contribution. The FAQ on this site talks about remote desktop, »Windows Based Remote Connections but is a bit lacking in some of the specifics.
Flaubert, I'd do as SonnerAl suggested and just get it setup with password authentication first. Once you grasp that you can then try setting it up with a public key. That is my next step. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit |  reply to Flaubert
said by Flaubert :So you're saying: a- Install CopSsh on the server. b-Install Tunnelier on the client. c -Forward only port 22 to my private IP ?? Sorry if I seem a little slow but there are a couple of things I need explained: The parameters you've entered in Tunnelier under "Host" and "Port" On the "Login" tab: I am not on a Domain, so should I just enter my Wan ip on there if I connect from outside my Llan? On the Options tab: Do I have to enter the same parameters as yours? And also, could you be a little more specific on how to create those 2048 bit public/private keys? I tried reading your openbsd link but I didn't understand it. Thanks anyway for your help so far. I know a lot more than when I started this thread.... This page has general help with ssh-keygen. Look at the page up to the part about changing permissions. The rest does NOT pertain to CopSSH/Tunnelier.
»theillustratednetwork.mvps.org/R···Key.html
The page was created for OpenSSH for Windows and PuTTY, so the rest really does not pertain to CopSSH and Tunnelier. If you do use PuTTY, which is a very good option IMHO, as seezar did, then most still pertains, ie. the part about converting the key file to a format PuTTY understands. Note the file paths are different than shown for CopSSH as are the location of the key files. Also note the default key generated by ssh-keygen is now a 2048-bit RSA key.
If you do use CopSSH also note that the change I made in the sshd_config file for use with OpenSSH for Windows, ie. the StrictModes option, should be left as the default value yes.
I suggest you get the SSH link up using a password first. Once you have the basic tunnel setup and RDP working through the tunnel you can look at configuring and using a private/public key pair. Use a strong password.
As far as server host addressing is concerned, I use a free service from No-IP.com (»www.no-ip.com) to map a fully qualified domain name to my ISP DHCP assigned IP address. That works very well for me.
Note the default initial authentication method is for a password versus the key as I have mine configured for.
The options page is the default except for the fact that I point to a customized .RDP file for the initial Remote Desktop connection to my PC Ashtabula, ie. the entry in the Parameters window.
I can't speak to how to configure NIS 2006 other than to say it must pass TCP Port 22 (or whatever port you have CopSSH listening on).
--
"When all else fails, read the instructions..." |
|
Flaubert
join:2004-12-06
Los Angeles, CA
| reply to seezar
On the server I have software and hardware firewall.
The hardware part I can take care of by forwarding port 22 to my private ip
Now, will the connection get past Norton Internet Security 2006?
I guess if I enter CopSsh as a legitimate app in the list of trusted apps in NIS 2006 I should be Ok ?!!!
On the client side I will have only software firewall. I guess I will do the same thing for PuTTy.
Now How do I set up those public/private keys....? |
|
seezar
Premium
join:2001-07-01
Rochester, NY
·ViaTalk
3 edits | reply to Flaubert
said by Flaubert :So you're saying: a- Install CopSsh on the server. b-Install Tunnelier on the client. c -Forward only port 22 to my private IP ?? Sorry if I seem a little slow but there are a couple of things I need explained: The parameters you've entered in Tunnelier under "Host" and "Port" On the "Login" tab: I am not on a Domain, so should I just enter my Wan ip on there if I connect from outside my Llan? On the Options tab: Do I have to enter the same parameters as yours? And also, could you be a little more specific on how to create those 2048 bit public/private keys? I tried reading your openbsd link but I didn't understand it. Thanks anyway for your help so far. I know a lot more than when I started this thread.... OK, I just set this up and it appears to work very well.
I installed CopSSH on my windows server. CopSSH is pretty cool, its basically OpenSSH with kind of a front end to make it easier to administer. After installing CopSSH I had to go in and 'activate' one of the accounts on the windows server. Once that account is activated I can now SSH to that windows server using that account.
I used PuTTY as a client. I put in the IP of the windows server to connect to. In the tunnel section of PuTTY I put i n a source port of 3390 and a destination of the IP address of the windows server and a destination port of 3389.
So now when I SSH to the windows server, I login with the account I activated. Then I run the remote desktop client. in the connect to box I put in localhost:3390 (3390 was the port I specific as the source). Then I am able to login to the windows server.
So basically, from the outside all you need to do is forward port 22 (or whatever port you are going to SSH to)to the IP of the windows server.
With it setup this way you can go into windows firewall on the server and remove access to remote desktop on port 3389 and make sure you allow access to port 22. |
|
Flaubert
join:2004-12-06
Los Angeles, CA
| reply to Flaubert
So you're saying:
a- Install CopSsh on the server.
b-Install Tunnelier on the client.
c -Forward only port 22 to my private IP ??
Sorry if I seem a little slow but there are a couple of things I need explained:
The parameters you've entered in Tunnelier
under "Host" and "Port"
On the "Login" tab:
I am not on a Domain, so should I just enter my Wan ip on there if I connect from outside my Llan?
On the Options tab:
Do I have to enter the same parameters as yours?
And also, could you be a little more specific on how to create those 2048 bit public/private keys?
I tried reading your openbsd link but I didn't understand it.
Thanks anyway for your help so far. I know a lot more than when I started this thread.... |
|
