Tunnelling Remote Desktop Over SSH


The following topics are covered in this guide -

The Remote Desktop Protocol (RDP) is a proprietary Microsoft protocol used to provide a graphical interface to a remote PC. Many versions of Windows include the Client software required to connect to a Server however only certain versions of Windows include the Server software. The Remote Desktop Server feature is included in all editions of Windows XP (except the Home Edition); Windows Vista Ultimate, Enterprise and Business editions; Windows 7 Ultimate, Enterprise and Professional editions.

Although Remote Desktop does support encryption there are known security risks with using this feature. Using SSH Tunnelling is an easy and convenient way to secure Remote Desktop connections.

The SSH Server must be configured to allow Remote Desktop connections. A note of caution, allowing Remote Desktop connections can create a security risk unless a firewall is used to block connections to the Remote Desktop port (default port is 3389). On the test system this is not an issue as the router is not configured to forward port 3389.

Remote Desktop Server (Windows XP)


To allow Remote Desktop connections to a Windows XP PC -

  1. Right-click on My Computer and select Properties to open the System Properties window, then open the Remote tab and select Allow users to connect remotely to this computer, then click on the Apply button -

Remote Desktop Server (Windows 7)


To allow Remote Desktop connections to a Windows 7 PC -

  1. Open Advanced system settings by going to Control Panel > System (or right-click on Computer and select Properties) and clicking on the Advanced system settings option -

  2. In the System Properties window, open the Remote tab and select Allow connections from computers running any version of Remote Desktop..., then click on the Apply button -

SSH Client settings


To create a Secure Shell tunnel through which to encrypt the RDP stream use PuTTY (follow the instructions here)

Remote Desktop Client


To connect to Remote Desktop on the Server -

  1. Open Remote Desktop Connection by opening a run box ([Win] + [R] keys), then type mstsc.exe and click on OK -

  2. In the Computer box enter localhost:7071 (7071 was the local port forwarded earlier) and click on Connect -