Personal computing discussed

Moderators: renee, Dposcorp

 
Madman
Minister of Gerbil Affairs
Topic Author
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Cross platform RDC

Wed Aug 29, 2012 5:09 pm

Since Windows 8 RP is out, I've completely migrated to Mint and overall, it covers all the use cases I need perfectly.

Except one. Sometimes I need to help someone fix a Windows based PC at home, and I need to connect to that machine remotely.

Is there a way to use such system? The best scenario would be if I could ssh into a local server at home, and then use that server to connect to Windows PCs that are on that network, but not open to the whole internet. This way I would have one open port, set up safe ssh connection with some certificates probably, and then I could help to fix any of the family computers remotely without opening all of them through firewall.

Is there a way to set up my network like that? How can you RDC into a Windows PC without Windows?

Also, what do I need to do to create a secure ssh endpoint? Only open 1 port, or is there some additional configuration necessary?
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
 
Captain Ned
Global Moderator
Posts: 28704
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Cross platform RDC

Wed Aug 29, 2012 5:25 pm

Madman wrote:
How can you RDC into a Windows PC without Windows?

It's not free, but GoToMyPC has a Linux client that can connect to a Windows host PC. I've used it (all Win) for years so that I can do things at work on the home computer that might not pass muster with the office nanny-bot (mostly Flash-related as our boffins hate to upgrade Flash).
What we have today is way too much pluribus and not enough unum.
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Cross platform RDC

Wed Aug 29, 2012 5:34 pm

This question (or one very much like it) came up on Slashdot last week. One consensus was to use reverse VNC. Here's an article:
http://lifehacker.com/250794/tech-suppo ... onnections

You'll need to have the client on the remote PC already, or have a user who's apt enough to get it running. If this isn't practical, you're wanting a free license for LogMeIn or TeamViewer.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
TDIdriver
Gerbil First Class
Posts: 119
Joined: Mon Jul 11, 2011 3:49 pm
Location: Alabama

Re: Cross platform RDC

Wed Aug 29, 2012 5:39 pm

We use the RDC client in openSUSE to connect to my dad's work PC(windows) all the time. But the target PC has to have at least Windows 7 Pro.
I heard this advertised on Leo Laporte. It's not free of course. And would only be worth it if it brought in revenue.
http://www.gotoassist.com/remote_support/
Q9450|GA-EP45-UD3P|8GB G.skill PC2-8800|HD7870 Myst
120GB Vertex3|300GB Velociraptor|HX650|600T
 
Madman
Minister of Gerbil Affairs
Topic Author
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: Cross platform RDC

Wed Aug 29, 2012 5:47 pm

TDIdriver wrote:
We use the RDC client in openSUSE to connect to my dad's work PC(windows) all the time. But the target PC has to have at least Windows 7 Pro.


I will be using Mint. The Linux server with ssh port forwarded through firewall is probably going to be Ubuntu server or even Debian. The PCs at home can differ. IIRC, there is an XP PC, Win 7 (maybe home), and a Win 7 Pro version.

I will be setting up the infrastruture, Linux server, router config, wiring. But I don't want to set up each PC/Laptop with different software as of now.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
 
chuckula
Minister of Gerbil Affairs
Posts: 2109
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Re: Cross platform RDC

Wed Aug 29, 2012 5:51 pm

If you are doing this in an interactive manner (meaning there is somebody on the other computer who can do basic stuff) then the Chrome web browser has a pretty nifty remote desktop extension that is easy to use and traverses firewalls nicely too: https://chrome.google.com/webstore/deta ... ihenigjmpp

It is very cross-platform friendly (works fine on Chromium under Linux), and is free.

EDIT: Here's a video of the Chrome remote deskto in action on Linux: http://www.jupiterbroadcasting.com/1888 ... as-s21e06/ (fast forward to 1:02:30)
4770K @ 4.7 GHz; 32GB DDR3-2133; Officially RX-560... that's right AMD you shills!; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Cross platform RDC

Wed Aug 29, 2012 6:28 pm

To RDP to a Windows box, you would use rdesktop. The draw back is that Remote Assistance won't work, but aside from that, it works well. I usually use rdesktop -g 1024x768 -P0 -u username -d domain -p - 9.9.9.9 to connect to single Windows boxes.

https://wiki.archlinux.org/index.php/Rdesktop
http://linux.die.net/man/1/rdesktop
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Cross platform RDC

Wed Aug 29, 2012 6:46 pm

I do this all the time. On Ubuntu it is called "Terminal Server Client" (RDP protocol is a descendant of Windows Terminal Server protocol).

You just need to have a way of SSHing into the remote network. Use the -L option on the SSH client to forward any local port above 1024 to port 3389 on the target Windows PC, and tell the Terminal Server Client to connect to localhost:port#.

Alternatively, you can install VNC clients on the Windows PCs, and do a similar thing using a VNC client on your end.

For added security, set up the SSH server to listen on a non-standard high-numbered port and/or configure it to require key-based authentication.
Nostalgia isn't what it used to be.
 
JohnC
Gerbil Jedi
Posts: 1924
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: Cross platform RDC

Wed Aug 29, 2012 6:47 pm

Both GoToMyPc and TeamViewer have variations of Linux client. They should be easier to use than unnecessary complicated "custom" solutions. TeamViewer is completely free for "personal use" and has clients for almost every major OS, including Android and iOS clients.
Gifter of Nvidia Titans and countless Twitch donation extraordinaire, nothing makes me more happy in life than randomly helping random people
 
Madman
Minister of Gerbil Affairs
Topic Author
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: Cross platform RDC

Wed Aug 29, 2012 7:21 pm

Flatland_Spider wrote:
To RDP to a Windows box, you would use rdesktop. The draw back is that Remote Assistance won't work, but aside from that, it works well. I usually use rdesktop -g 1024x768 -P0 -u username -d domain -p - 9.9.9.9 to connect to single Windows boxes.

https://wiki.archlinux.org/index.php/Rdesktop
http://linux.die.net/man/1/rdesktop


just brew it! wrote:
You just need to have a way of SSHing into the remote network. Use the -L option on the SSH client to forward any local port above 1024 to port 3389 on the target Windows PC, and tell the Terminal Server Client to connect to localhost:port#.

For added security, set up the SSH server to listen on a non-standard high-numbered port and/or configure it to require key-based authentication.


Ok, this sounds very neat.

So the infrastructure would go like this:

My PC (Mint with private key file) -> Router (some fixed random port) -> Debian server (port 22 openssh server via generated private/public key files) -> rdesktop@Debian console to any of the internal subnet Windows PCs, or is it on Mint? I don't quite understand the port forwarding and where GUI is rendered.

It would go like:

username@mint$ ssh -i ~/.ssh/id_rsa_debianserver -L ??? username@debianserverip
username@debianserverip$ rdesktop -g 1024x768 -u username -d domain -p - internalpcip

The actual Debian server can be some ultra-low power box?
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Cross platform RDC

Wed Aug 29, 2012 7:58 pm

Teamviewer uses Wine, so it's not a native port.

There also is the Remmina GUI which is a connection manager for lots of things including RDP.

You can also add a password to the certs when doing key-based authentication for extra protection. Most people don't because key-based authentication is more of a convenience thing for them, but I would, and do.

Another interesting project related to the issue are Guacamole (http://guac-dev.org/). Guacamole is a web based RDP/VNC client. You would install it on a webserver and use the webpage to access the remote boxes. There are a couple of videos demonstrating how it works on the website.

Something else you might consider is running an VPN server either on the router or via a server. DD-WRT has the ability to run OpenVPN or it can run an IPSec VPN, and if you're setting up a custom server, it can run whatever you want as long as you can figure out the configs. NeoRouter (http://www.neorouter.com/products.html) is an interesting VPN software that can be run on a custom server. It's feature set is a little bit more fleshed out then OpenVPN, but more people know about OpenVPN.

Running a VPN server, of course, assumes you can install software on your computer, and it might also need a reverse DNS entry. For maximum portability, ssh and/or Guacamole would be better.

The upside of a VPN is it's criminally easy to connect to stuff once it's running correctly. You don't have to mess with port forwarding, just DNS and IPs.
 
Madman
Minister of Gerbil Affairs
Topic Author
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: Cross platform RDC

Wed Aug 29, 2012 8:29 pm

Ok, I did some research, commands I wrote were wrong as I understand.

This is the correct sequence, yes?
myuser@mint$ ssh -i ~/.ssh/id_rsa_debianserver -L 3389:internalpcip:3389 username@debianserverip
#previous command will run in background or something, so I can use & or fresh terminal and then:
myuser@mint$ rdesktop -g 1024x768 -u username -d domain -p - localhost


So first command creates a ssh tunnel, and says to forward every packet arriving at localhost at port 3389 through tunnel to internalpcip:3389 (where 3389 is used by RDC)
And the second command connects to localhost, or mint box at default 3389 port, but since it's redirected over ssh, packets are sent to debianserver through encrypted ssh, which forwards them automatically to internalpcip:3389.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Cross platform RDC

Thu Aug 30, 2012 9:23 am

Madman wrote:
Ok, I did some research, commands I wrote were wrong as I understand.

This is the correct sequence, yes?
myuser@mint$ ssh -i ~/.ssh/id_rsa_debianserver -L 3389:internalpcip:3389 username@debianserverip
#previous command will run in background or something, so I can use & or fresh terminal and then:
myuser@mint$ rdesktop -g 1024x768 -u username -d domain -p - localhost


So first command creates a ssh tunnel, and says to forward every packet arriving at localhost at port 3389 through tunnel to internalpcip:3389 (where 3389 is used by RDC)
And the second command connects to localhost, or mint box at default 3389 port, but since it's redirected over ssh, packets are sent to debianserver through encrypted ssh, which forwards them automatically to internalpcip:3389.

Yeah, that's basically correct.

The only thing I would maybe change would be to use something other than port 3389 on localhost. That way you can set up a single tunnel that forwards ports to all the systems you want to manage, with a unique local port for each one. E.g. if you have 4 remote PCs you need to access, set up one tunnel that forwards ports 12001 thru 12004 to those PCs:
myuser@mint$ ssh -i ~/.ssh/id_rsa_debianserver -L 12001:internalpcip1:3389 -L 12002:internalpcip2:3389 -L 12003:internalpcip3:3389 -L 12004:internalpcip4:3389 username@debianserverip
#previous command will run in background or something, so I can use & or fresh terminal and then:
myuser@mint$ rdesktop -g 1024x768 -u username -d domain -p - localhost:1200x # where x is the PC number
Nostalgia isn't what it used to be.
 
Flatland_Spider
Graphmaster Gerbil
Posts: 1324
Joined: Mon Sep 13, 2004 8:33 pm

Re: Cross platform RDC

Thu Aug 30, 2012 11:28 am

To make this easier, you could setup an entry in your ~/.ssh/config file, so you would only have to issue "ssh home" to start a connection with everything setup.

Host home
HostName 9.9.9.9
Port 6500
User username
IdentityFile ~/.ssh/id_rsa_debianserver
ServerAliveInterval 90
ServerAliveCountMax 3
LocalForward 12001 internalpcip1:3389
LocalForward 12002 internalpcip2:3389
LocalForward 12003 internalpcip3:3389

The HostName can be either an IP adress or a domain name, and ServerAliveInterval and ServerAliveCountMax are to keep the connection from timing out.

http://linux.die.net/man/5/ssh_config
http://www.techrepublic.com/article/ope ... ks/6155832
https://georgelenzer.wordpress.com/2008 ... ssentials/
https://georgelenzer.wordpress.com/2008 ... ssentials/
http://www.debianadmin.com/howto-use-ss ... rding.html

Two other programs you might want to get acquainted with are ssh-agent and ssh-add. ssh-agent stores the ssh keys, and ssh-add adds keys to the authentication agent.

http://linux.die.net/man/1/ssh-agent
http://linux.die.net/man/1/ssh-add
http://www.cyberciti.biz/faq/unix-linux ... -lifetime/

Madman wrote:
My PC (Mint with private key file) -> Router (some fixed random port) -> Debian server (port 22 openssh server via generated private/public key files) -> rdesktop@Debian console to any of the internal subnet Windows PCs, or is it on Mint? I don't quite understand the port forwarding and where GUI is rendered.

The actual Debian server can be some ultra-low power box?


rdesktop will be run on the local PC, and the GUI will be rendered on the PC that started rdesktop, the Mint PC. The Mint PC and the Windows desktop are the only two things that are doing anything with the RDP connection; everything else is just passing packets around.

Yes, ssh doesn't take a lot of power, so the jump server could be ultra-low power. However, the throughput for a VPN solution is proc bound.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On