Header Shadow Image


Remote Desktop Connection: SSH Tunnel through Putty and DD-WRT for RDP / RDC

Occassionally, there may be a need to setup a remote RDP connection to your remote system from outside.  However, most networks, particularly office environments block remote RDP.  However, SSH is typically not blocked as it's secure , first and foremost, and important in data transfer to / from the organization.  RDP however, is not that secure.  Here's how to securely setup a connection to your home network from a remote location.  One thing to note here is that we will do so using the DD-WRT SSH Command Line Interface.  The reader may need to flash their router with DD-WRT (At own risk) or use existing capabilities of the router to do the same.  Most routers do not offer remote SSH connectivity however.

Arguably the first thing in the process is to download the Putty SSH tool.  If you do not already have this, it can be downloaded from the link just provided.  It does not need to be installed.  It is a stand alone binary.  Once installed on your remote machine, configure it in this manner taking note of your IP and the SSH port for your remote DD-WRT router (Your IP is the external WAN IP assigned to you by your ISP.  The SSH port is the one you configure on the DD-WRT router you have in your home.  Typically this is 22 but it doesn't hurt to add a bit more security and select another port from the 32K available for any IP):

Putty SSH Tunnel Configuration One

Summary of Settings:

Host Name (Or IP Address): [ ISP / WAN Address given to your Broadband Router.  42.223.112.171 is used as a random number example ONLY. ]
Port: 7592 [ The SSH Port you will configure below on your router.  7592 is used as an example ONLY. ]
Saved Session: [ Unique name to this session.  In this case @HOME 42.223.112.171 is used as an example ONLY. ]
 

Putty SSH Tunnel Configuration Two

Summary of Settings:

Source Port: 21856 [ The port from which you'll be making the connection from the remote (this) end.  Number is used as an example ONLY. ]
Destination: 192.168.0.16:3389 [ The internal IP of the computer on the destination network behind the ISP / WAN IP.  Since we are going to RDP, port 3389 is used as that is the standard RDP port. ]

Of course, for your internal network, you'll need to substitute the ports and IP's accordingly.

Next configure the DD-WRT router on your network for these SSH Settings under Administration – Management.  For more on configuring the DD-WRT routers on your home network, please refer to this post or search using the search panel to the right of this article.

DD-WRT SSH Setup / Configuration

The items you need are for remote setup and optionally remote GUI configuration:

Web GUI Management – Enable
Use HTTPS – Checked Off
Web GUI Port – [Pick a number between 1024 - 32767]
SSH Management – Enable
SSH Remote Port - [Pick a number between 1024 - 32767.  Make this different then the web GUI.  Use 7592 from your Putty session earlier. ]
Allow Any Remote IP – Enable [Unless you know your remote IP range]
Router Username / Router Password: [ Type both in ensuring it is complex enough. ]

Save the configuration and apply the settings on the router.  Test the SSH portion by opening a Putty SSH Session to your router and logging in with the GUI username / password for your DD-WRT router (If you have not configured your username password, it's typically user root and the password can be set as in the DD-WRT image above).  When logged into the remote router, the following should be seen on your workstation (If Windows):

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\johnny>netstat -na

  TCP    127.0.0.1:21856        0.0.0.0:0              LISTENING

 And on the remote router (Assuming your router):

root@DD-WRT-INTERNET:~# netstat -na|grep ESTAB
tcp        0     52 192.168.0.1:17854          42.223.112.171:21856      ESTABLISHED
root@DD-WRT-INTERNET:~#

 

This confirms the SSH portion is working correctly as it is key to this.  Next, we'll use this open SSH connection to initiate our RDP session.  Before we do that, ensure that the internal system behind the remote router at IP 192.168.0.16 is running RDP on port 3389.  

Remote Desktop Connection through SSH Tunnels

Summary of Settings:

Computer: localhost:21856 [The string localhost corresponds to the IP 127.0.0.1 which is the current system you are on and the port is 21856 which is the port we setup in Putty earlier.]

If all goes well, you should see a login screen where you can type in your username and password that you set up in windows.  NOTE: You might need to make the users as admins on your internal Windows system that the RDP connection is made too otherwise they won't have remote access previlidges.  Otherwise, this previlidge can be set for users through the Control Panel users settings panel:

RemoteDesktopConnection-SSH-Tunnel-Login-Prompt.jpg

Have Fun and Use Wisely Without Harm to Anyone!

Cheers,
TK

Leave a Reply

 


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License