I put my SSH and RDP daemons on random high TCP ports instead of the default. If nothing else that will stop the bots.
Haven't tried running RDP though an SSH tunnel.
I've been doing it that way for years. Just forward any local port xxxxx thru the firewall at the other end to hostname:3389, and point the RDP viewer at localhost:xxxxx.
Flying Fox wrote:
RDP is pretty decent (they started out with 40-bit encryption right off the bat and upgraded to 128-bit fairly early, around early 2000s once the export control was relaxed), except for the latest security bulletin that they patched.
That's good to know. I still feel better exposing as few services to the 'net as possible though; port 80 (HTTP), 443 (if you're running HTTPS), and 22 (SSH) should be all most servers ever need on their public-facing IP. In fact, I would argue that your SSH server should be running on a non-standard port as well (as bthylafh suggests).