Tunelling RDP using SSH

Note:  Instructions for installing on Macintosh OSX computers can be found at http://www.maths.ox.ac.uk/help/faqs/connection/tunnelling-rdp/mac

What is an tunnel?

A tunnel is a way of forwarding many channels of information through a single channel. 

One analogy is the Channel Tunnel.  In Calais, cars, vans and lorries are all destined for the UK. They all drive on to the train, although they do not know what route the train takes.  At the other end of the tunnel in Folkestone, they disembark and continue on their journey.

Applying it to network traffic, network data is collected at one point, transferred through the tunnel and then redistributed at another.

A useful application of tunnelling network traffic is to use protocols that are normally blocked by a firewall.  Using SSH for this is a common method as many firewalls allow these connections that are both encrypted and authenticated.

Configuring SSH

The following instructions show how a tunnel can be set up using SSH to enable you to use RDP to connect to an Institute terminal server.

1. Start the commercial version of SSH and click "Add Profile".


2.  Call the profile "RDP Tunnel to Maths"


3. When you have created the profile, click Edit Profiles.


4.  Highlight "RDP Tunnel to Maths" from the left hand side and click the "Tunneling" tab, then click the "Add" button.


5.  In the box provided, call the Tunnel RDP, type TCP, listening on port 3390 and ensure the "Allow Local Connections Only" box is checked.  The destination host can be any Windows terminal server in the Institute, e.g. wts.  The destination port should read 3389.  Click OK and then select the profile from the drop down list from the main window as in section 3.


6.  You will need to connect to gate.maths.ox.ac.uk, so after you have clicked OK, select and click the profile "RDP to tunnel to maths". 


7.  You will be presented with the following dialog.  Choose "gate.maths.ox.ac.uk" as the host name and type in your username.


8.  You may be prompted to accept a key if you have not connected before.  Choose yes.


9.  At this point, type in your password and hit OK.


10.  If you get a standard UNIX shell prompt your tunnel is set up.  Next up, start the Remote Desktop Client, i.e. click Start->All Programs->Accessories->Communications->Remote Desktop Connection.  In the window that appears, use "Localhost:3390" as the computer you are connecting to.


11.  Use the normal credentials that you normally use to log into Windows with.  You may need to prefix the username with MATHS\, e.g. if your username is anybody, use MATHS\anybody.


12.  If this worked OK, you should have a new window pop up that should be the the connection to the terminal server.