Sep 21

VPN on the cheap… Using PUTTY to tunnel VNC through SSH (Part 3)

Tag: Infrastructure,Other — September 21, 2009 @ 8:10 am
Author:

Jason Cooper

I’ve been a C/D/H consultant for seven years. I have the dual distinction of being both C/D/H’s first Southeast Michigan consultant AND our first VMware Certified Professional.

Specializing in desktop management and virtualization, projects involving MetaFrame or System Center or VMware expose me to almost every corner of the enterprise, from messaging to networking to collaboration.

Technology is what I work at. Family and music are what I work for. In my copious spare time I enjoy gardening, camping, and cycling. I play guitar and a little harmonica, sometimes simultaneously. It occurs to me that I could duct tape a tambourine to my knee, but that would just be too weird.

More about Jason
Articles by Jason Cooper

 

By now, you have connected to an SSH host using PUTTY.  PUTTY is configured to tunnel port 5900 to a VNC host on the same network as the machine running SSH.

 

You can verify (using NETSTAT) that the machine running PUTTY is listening on port 5900 on the LOOPBACK address 127.0.0.1.  Any request to port 5900 using LOOPBACK will be tunneled to the SSH host.  Launch the VNC Viewer and enter LOCALHOST for the server name. 

  

putty 3, pic 1 

 

 

 

 

 

 

 

 

You’ll get prompted for the VNC password, and away you go!

 

To use PUTTY to tunnel RDP (TCP 3389) through SSH, the client has to be running Windows XP.  If you try to connect to LOCALHOST using RDP on Windows XP with Terminal Services enabled you get an error message that “The client could not connect” because “You are already connected”.   You have to either disable Remote Desktop (and reboot) or change the Source port in the PUTTY Tunnel configuration (since 3389 is in use already PUTTY can’t “Listen” on that port).  In this case, I’m setting the Source port to “3390”. 

 

 

putty 3, pic 2 

 

 

 

 

 

 

Saved, it looks like this:

 

putty 3, pic 3 

 

 

 

 

 

 

 

 

 

 

The RDP client session needs to connect to LOCALHOST:3390

 

putty 3, pic 4 

 

 

 

 

 

 

 

 

 

There’s a new “feature” in Vista/Windows 7 that breaks using RDP through a PUTTY/SSH tunnel.  So far, I haven’t found ANY WAY to use RDP through an SSH tunnel from a Windows 7 client.  The newer operating systems have a built-in protection against using LOOPBACK for RDP.

 

 

putty 3, pic 5 

 

 

 

 

 

 

 

 

The “Local ports accept connections from other hosts” can be used so that I can proxy other clients on the same network as the machine running PUTTY.  This provides a workaround to the Vista/Windows 7 issue with RDP, but requires at least two machines (or a virtual machine).

 

It’s OK to enable multiple internal hosts simultaneously, multiple protocols as well.  Using the following config, you could connect to SSH sessions on three separate servers using LOCALHOST:122 (HOST1), LOCALHOST:222 (HOST2), and LOCALHOST:322 (HOST3), as well as the VNC session.

 

 

putty 3, pic 6 

 

 

 

 

 

 

 

 

 

 

This isn’t a robust, high-speed VPN.  For targeted use by a small number of users, PUTTY provides relatively secure, relatively reliable, and affordable remote access with very little fuss.  This only scratches the surface of the hidden features in SSH and PUTTY.

 

Leave a Reply