Topic: Microsoft Terminal Server over SSH

[Dan Williams]

Hi,
I am needing to have a remote location connect to us, to access a server running Microsoft Terminal Server.
The remote location will use Putty to establish the connection to the E-Smith Server which has the data file.
Then it will need to access the MS Terminal server.
Has anyone done this, or know what ports I need to establish in Putty?
Thanks

[Mark Farey]

Sorry if I misunderstand the details but can you not use RDP instead of Putty as your Windows client? Forward port 3389 to your terminal server.

Regards,
Mark.
Ottawa, Canada.

[Dan Williams]

Hi Mark,
What is RDP?
The deal is this, the "company data file" is located locally on an Mitel ESmith server. What we need is for the remote client (because the application he acesses is Client/Server) uses a Windows 2000PC, over ADSL to get to the local location through the E-Smith to then access another server (behind the e-smith) that is strictly there for the purpose of the remote Win2 Client to access the app on the 2K Server locally.

Remote Location :ADSL / Windows 2KPC W/TS CAL, and Client Server app.
Local Location: ADSL / E-SMith W/data / Win2K Server W TS and Client Server app.
I am not sure the best way to do this, what I envisioned, was in the morning, at the remote location, the user would start the PC, and start Putty, to establish the secure connection to the local. Then open the client server application, and access the application on the Win2K server behind the e-smith
Dan

[Boris]

RDP is a Remote Desktop Protocol (Terminal server client).
What Mark recommended is to skip (unnecessary) ssh element from connection and connect directly to Terminal Server by using Terminal Server Client to your SME server's public address and forward port 3389 from public address of SME to your Terminal Server private address behind firewall.

[Mark Farey]

Win2K server with TS supports Remote Desktop Protocol (RDP). In fact I think by default it is the protocol for all terminal services on your LAN.

Windows XP comes with the RDP client built in but for Win 2K you will have to download and install the client software from the MS website. Just do a search for MSRDPCLI.EXE on Google. Install that on your client machine.

You then have to open up port 3389 on your e-smith box and forward it to your Win2K server IP address.

Hope that helps.
Mark.

[Mark Farey]

BTW comparing to SSH, RDP is/can be encrypted although I think you are limited to 64-bit not 128-bit, but probably adequate for most purposes.

Mark.

[Boris]

[Dan Williams]

Hi,
Really good information, but I have a few more questions please.
My SME Server is 5.5U2.
I have Darrell's Port Opening, and Port Forwording Contribs installed, and had recently posted about not being able to get the to work. http://forums.contribs.org/index.php?topic=7329.msg26769#msg26769
A fellow from techGeeks e-mailed me and told my how to use Putty to do this, and it worked great.
So from what I can see as per the recommendations to "open up port 3389 on your e-smith box and forward it " I am thinking I will have the same type of problem. As a matter of fact I just tried now, to use the port opening contrib to open 3389, and ran nmap, and it is not open.
Dan

[Mark Farey]

Dan,

I have the same setup and it works perfectly. RDP performs very well over an ADSL connection. However I don't know about nmap and what it is telling you. Maybe it is lying! I wonder if you could give RDP a try?

Regards,
Mark.

[Damien Curtain]

Dan Williams wrote:
>
> Hi,
> I am needing to have a remote location connect to us, to
> access a server running Microsoft Terminal Server.
> The remote location will use Putty to establish the
> connection to the E-Smith Server which has the data file.
> Then it will need to access the MS Terminal server.
> Has anyone done this, or know what ports I need to establish
> in Putty?

All you need to do is tunnel port 3389 (default) via ssh.

I use rdesktop (linux client) to do the very same thing when I want to connect to terminal servers.

So in putty setup a tunnel, source port = 3389 ,  destination = :3389 , local port.

Then connect via ssh, start your tsc and connect to localhost.

If you use winxp pro it wont allow you to connect to the localhost, what you need to do is copy the files mstsc.exe, mstscax.dll, and mstsc.chm to a new folder, right click on mstsc.exe and change the compatibility mode to win95.

If you want to connect to several terminal servers over ssh just change the source port in your ssh forward, and when you connect with tsc use localhost: to pick the ts you want to connect to.

Btw I'd suggest you do not use portforwarding contribs to achieve this, but use ssh as you've suggested. You do not want a ts reachable from outside your firewall.
--
 Damien

[Dan Williams]

Damien,
Thank you very much for the information, and for also re-enforcing not opening
ports. I thought this was how it was going to have to go down.
Dan

[Cyrus Bharda]

Damien,

Yes thank you for explaining what I thought was only possible through some sort of VPN type connection. But what if I want more than just myself using this method, say 2 to 3 other people, I do not want to give them all the root password, how do I allow their logon's to get a command prompt?

Thanks,

Cyrus Bharda

[Mark Farey]

When a valid (non-root) user tries to connect do they get something like:

-------------------------
Mitel Networks SME Server
-------------------------
Standard user login services have been disabled.
Type "end" and press ENTER to terminate this connection:

If they leave that window open, can they then connect using the SSH VPN?

Mark.
Ottawa, Canada.

[Mark Farey]

I've learnt a lot from this thread... but I still can't get this working!

In particular, I followed Damien's advice which all makes perfect sense. The SSH tunnel seems to work fine because, by way of a test, I can access the web server on the e-smith box by forwarding port 80, however I can't get RDP to work the same way. The main difference is that RDP is hosted on a different box behind the firewall.

I'm using XP Pro. Did I miss something?

Mark.
Ottawa, Canada.

[Damien Curtain]

Mark Farey wrote:
>
> I've learnt a lot from this thread... but I still can't get
> this working!
>
> In particular, I followed Damien's advice which all makes
> perfect sense. The SSH tunnel seems to work fine because, by
> way of a test, I can access the web server on the e-smith box
> by forwarding port 80, however I can't get RDP to work the
> same way. The main difference is that RDP is hosted on a
> different box behind the firewall.
>
> I'm using XP Pro. Did I miss something?

For your tunnel you need to have the name of the terminal server as the destination.

ie. say your gateway is yourgateway.yourdomain.com and your terminal server is running on 192.168.1.2 behind yourgateway.yourdomain.com, rdp is port 3389.

Then in putty or whatever program the loal source port is say 3389, and the destination is 192.168.1.2:3389

192.168.1.2 should be reachable from the internal interface of yourgateway.yourdomain.com

The unix command line would be ssh -L 3389:192.168.1.2:3389 yourgateway.yourdomain.com
--
 Damien