Consider the following scenario for a moment; you have a home network, hooked up to a broadband connection. You’ve done your homework and have a firewall with little or no inbound access. You’re like thousands of other people and have a Windows PC running XP Home or XP Professional. You’d like to be able to get at your Windows PC when you’re at work but you don’t want to let all of those script kiddies at your network, and besides you’ve heard bad things about letting a Windows PC loose on the internet.
Enter the swiss army knife of the network; SSH. That’s the Secure SHell, not a polite request to shut up. Here’s what to do …
Check that Remote Desktop is enabled on your XP machine at home. To do this right click on My Computer and select Properties.
Then select the Remote tab and check Allow users to connect remotely to this computer.
If you’re not an Administrator on your machine you may have to add your user account to the list of users permitted to access your machine remotely; you can do this by clicking on the Select Remote Users button.
Copy the Remote Desktop exe and dll to another directory and enable Windows 98 compatibility mode on the binary; you need to do this so that you can connect to localhost. This is normally banned on XP Pro – but the compatibility mode opens it up again. Hmm, that’s secure. The files are in your System32 directory and are mstsc.exe and mstscax.dll.
Finally, you’ll need to allow incoming SSH connections from the internet through your firewall; to do this you should open port 22.
Now on your XP machine at work, install Cygwin with SSH and fire up a bash shell and do the following:-
ssh host -C -T -N -o "UsePrivilegedPort no" -l user -L3390:ip:3389
Replacing host with the fully qualified domain name of your home network on the internet, user with your user name and ip with the private IP address of your Windows machine at home.
Fire up the Remote Desktop by double clicking on mstsc.exe on your work XP machine and connect to localhost:3390 (that’s port 3390 on localhost), wait a few seconds and voila – one home remote desktop whilst at work – fully encrypted and without exposing a single bit of Windows networking to the public net.
SSH. It’s the Swiss Army knife of the network.
Another Piece Of Bloggage By Gary
Self professed "geek with a life", geo-blogger, geo-talker and geo-tweeter, Gary works in London and Berlin as Director of Places for Nokia; he's a co-founder of WhereCamp EU, the chair of w3gconf and sits on the W3C POI Working Group and the UK Location User Group. A contributor to the Mapstraction mapping API, Gary speaks and presents at a wide range of conferences and events including Where 2.0, State of the Map, AGI GeoCommunity, Geo-Loco, Social-Loco, GeoMob, the BCS GeoSpatial SG and LocBiz. Writing as regularly as possible on location, place, maps and other facets of geography, Gary blogs at www.vicchi.org and tweets as @vicchi.
Other bloggage that may or may not be geo-related to this one:
- Windows Terminal Services Tip
On Windows, if you use this command line to start a Terminal Services session mstsc -v:<server name> -f -console you’ll end up connected to the console session on the target...
- Mounting Network Volumes With AppleScript
One of my standard lunchtime reading web sites started me off on this; The Unofficial Apple Weblog got me reading an article on PC Magazine’s site about Argh! moments. That...
- Essential Windows Apps
I’ve already written about my choice of essential apps on the Mac and so, in the spirit of cross platform-ness, I thought I’d do the same for Windows. It’s proved...
- iPod and Windows – Eventually
I recently got my hands on a 3rd generation 15 Gb iPod, thanks to my wife buying me one as a birthday present. Not having access to a Mac (at...
- Adding Windows Phone 7 Support To WordPress Blogs
Regular visitors to the uncharted backwaters of the unfashionable end of the Internet that is my blog may be aware that I use WordPress as a blogging platform. Those visitors...
A small handy script which does this for me …
#/usr/bin/bash # +++ Begin Default Configuration Values PUBLICHOST=some.host.com PRIVATEHOST=nn.nn.nn.nn LOCALPORT=3390 REMOTEPORT=3389 SSHFLAGS="-C -T -N" USER=gary # --- End Configuration Values if [[ ! -z "${1}" ]]; then PUBLICHOST="${1}" fi if [[ ! -z "${2}" ]]; then PRIVATEHOST="${2}" fi if [[ ! -z "${3}" ]]; then LOCALPORT="${3}" fi if [[ ! -z "${4}" ]]; then REMOTEPORT="${4}" fi if [[ ! -z "${5}" ]]; then SSHFLAGS="${5}" fi if [[ ! -z "${6}" ]]; then USER="${6}" fi ssh ${PUBLICHOST} ${SSHFLAGS} -l ${USER} -L${LOCALPORT}:${PRIVATEHOST}:${REMOTEPORT}