Topic: Microsoft Terminal Server over SSH

[Cyrus Bharda]

Damien,

But still that means that only the root account can do this as all other accounts get that message that was posted by Mark.

I hope there is a way of creating a user account logon that has no rights to do anything but logon, so that the port tunneling can work using PuTTY.

If not then I will be looking at port opening and forward, an undesireable position to open up my connection to allow all Windows Terminal Service clients to be able to connect to the server

Cyrus Bharda

[Damien Curtain]

Cyrus Bharda wrote:
>
> Damien,
>
> But still that means that only the root account can do this
> as all other accounts get that message that was posted by Mark.
>
> I hope there is a way of creating a user account logon that
> has no rights to do anything but logon, so that the port
> tunneling can work using PuTTY.
>
> If not then I will be looking at port opening and forward, an
> undesireable position to open up my connection to allow all
> Windows Terminal Service clients to be able to connect to the
> server

Just background the command and don't request a terminal.

In unix the flags to pass to ssh are -N -f

-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

-f      Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background.  This implies -n.  The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm.

On windows you can use the version from ssh.com's site which has similar functionality.

A little reading of the putty/plink manual and/or other ssh clients for windows should lead you to one that does exactly what you need, else why not just give them a valid shell, or chrooted shell if your paranoid.

Btw as soon as that message is displayed tunnels are active, just leave it open...
--
 Damien

[Cyrus Bharda]

Damien,

OK Cool so just get them to use thier normal logons, it will give that message and enable the forwards, cool, well thanks a lot for your help, I will have to try this out later on tonight!

Thanks for the advice!!!

Cyrus Bharda

[Mark Farey]

Damien Curtain wrote:

> For your tunnel you need to have the name of the terminal
> server as the destination.
>
> ie. say your gateway is yourgateway.yourdomain.com and your
> terminal server is running on 192.168.1.2 behind
> yourgateway.yourdomain.com, rdp is port 3389.
>
> Then in putty or whatever program the loal source port is say
> 3389, and the destination is 192.168.1.2:3389
>
> 192.168.1.2 should be reachable from the internal interface
> of yourgateway.yourdomain.com
>
> The unix command line would be ssh -L 3389:192.168.1.2:3389
> yourgateway.yourdomain.com
> --
>  Damien

Damien,

Thanks, that's exactly what I have been trying. You even got the IP address right! My Putty setting is L3389 > 192.168.1.2:3389. When I fire up the Remote Desktop Connection program and point it at localhost it hangs for about a minute waiting for a response. Then I get, "Remote Desktop Disconnected, A licensing error occurred (Licensing timed out)". I don't get this message when I use the RDC client directly. What might the difference be?

Regards,
Mark.

[Mark Farey]

I'm still unable to get RDP over SSH working.

I have set up the SSH connection using Putty and have confirmed that; a) I can connect to the web server on the e-smith box using Putty/SSH and b) I can connect to a web server on the Win 2K server running behind the e-smith box using Putty/SSH. In the latter case I have to authenticate myself on the Win 2K server before the web page comes up, which is as expected.

When I try to connect to the Win 2K server using RDP the RDP client just hangs waiting, I assume, for authentication but there is no password challenge and when I enter the username and password in the RDP client it still hangs.

Surely I'm not the first person to try this? Can anyone help please?

Secondary problem I notice is that the duplicate copy of the RDP client program that I am using will not allow me to save passwords (as is the case with the RDP client that is part of Windows XP). Why not?

Any suggestions and advice would be very welcome at this point since I am totally out of ideas!

Regards to all,
Mark
Ottawa, Canada.