spacer spacer spacer

How to Use Windows XP: Accessing Windows Terminal Server Through Department Firewall by SSH tunnnel

Preparation

This instruction show you how to connect the remote desktop service running in your office machine through ECE Department firewall by ssh tunnel. Your Unix/email username and password are required so that you can ssh to your research group SSh servers.

If you want to connect to other services (VNC or License service for example) running in your office machine from home through ECE department firewall. The setup is the same, just change the rdesktop port 3389 to the port for the services.

In order to access remote desktop service running in your office machine from home or anywhere outside the department, first of all you must turn on Remote Desktop in your office machine. For the sake of ECE network security, a departmentl firewall is setup, which will block all connections from outside to any services, including the remote desktop service, to any internal machines by default.

There are three methods to bypass the department firewall blocking:

1. Open the service port for your machine in Department firewall. This is not available from ecehelp any more because of security consideration.

2. Connect your home machine to ECE VPN server and then run the remote desktop application. (This method works well but it is a little bit slow)

3. Run the remote desktop applicaton through SSH Tunnel. (This instruction)

PUTTY is used as client side application to run the ssh tunnel. If you don't have PUTTY installed in your home machine, please download and install it by yourself

 

Step by step, how to access Windows Terminal Server Through Department Firewall by SSH tunnnel :

 

1. Run putty program, in the left pannel of putty window select "SSH" and tick "enable compression" in the right pannel Click Next
   

 

2. Click the "+" sign beside SSH in left pannel and then select Tunnels; In the Source Port field in the right pannel input 9999 or other avialble port in your home machine; In the Destination Filed input the hostname of your desktop machine and port 3389 (for example: yourdesktop.comm.utoronto.ca:3389) and then Click Add button Click Next
   

 

3. In the top of left pannel, Select "Session", and then in the right pannel, input the hostname of research group SSH server as "Host Name" and input "office desktop" or whatever name you like as the name of "Saved sessions", at last Click "Save" button to save the session.

  • Communication group SSH server is alpha.comm.utoronto.ca
  • Waves group SSH server is emserver.waves.utoronto.ca
  • Control group SSH server is alfheim.control.utoronto.ca
  • energy group SSH server is energy.ele.utoronto.ca
  • Photonics group SSH server is photonics.light.utoronto.ca
  • EECG group SSH servers are picton.eecg.toronto.edu, anubis.eecg, bastet.eecg, halfdome.eecg, isis.eecg, ra.eecg, seth.eecg, and zeep.eecg

 

 Click Next
   

 

4. Any time when you need the ssh tunnel, Double Click "office desktop" (the saved session) and then you will be asked to input your Unix username and password. When you login successfully, the tunnel is setup. Click Next
   

 

5. Start the remote desktop service, in the computer field, input "localhost:9999". Don't input the hostname of your office desktop machine here. Click Next
   
spacer