How to Use Remote Desktop over a Secure Connection (SSH)

1. Windows (anywhere) Introduction

First of all you need PuTTY. If you have a win.desy.de PC/Notebook, you can simply install it via NetInstall. Go to Start All Programs NetInstall Programs Installer & Uninstaller Communication SSH PuTTY and click Install. If you dont have NetInstall on your PC, please go to the PuTTY-homepage and download the putty.exe from there (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).

Windows (internal/DESY)

Configuring PuTTY
Open PuTTY. A configuration dialog will pop up. The dialog window is separated into two parts: on the left side you can see the categories and on the right side you can adjust the options for the selected category. First, select the subcategory SSH and Enable compression.

Tunneling/Port Forwarding
Now change to Tunnels. Here you have to insert the remote port you want to forward to a local port at your PC. - The source port is the port on the user machine to which you will address connections that you intend to have tunnelled. In this example the port number 1024 is selected. This port does not have a special meaning. It is chosen, because it is a port that no special application uses. You may choose any other port in between 1024 - 65535. - The destination defines a host and a port to which you want to connect. You have to write down the hostname (in this case adterm.win.desy.de) followed by a colon and the port number. Port 3389 is used for remote desktop connections.

After clicking Add, your PuTTY configuration should look like this:

You can repeat this procedure for as many hosts you want to connect to simultaneously from your PC. Make sure that you dont use the same Source Port twice (see picture above) and that you entered the correct host name in the Destination field just the remote port number always stays 3389.

Saving the Session

Return to the Session category and fill in the Host Name of the gateway at DESY you want to log in please always and only use bastion.desy.de and make sure that the protocol is SSH. Type a name in the Saved Sessions field under which you want to save this configuration. For example the name of the machine you want to connect (in this case adterm.win.desy.de). Then click Save.

Now click Open. The configuration window will close and the PuTTY terminal window will open and you should be able to log in to the aforementioned gateway. After the login procedure you can minimize PuTTY. Do not close the window until you want to exit your Remote Desktop session!

Starting the Remote Desktop Client

Open your Remote Desktop Client (Start All Programs Accessories Communications Remote Desktop Connection) and type localhost:1024 (or the Source Port you chose in PuTTY) in the Computer field (see below).

You can now click the Connect button to start the Remote Desktop session.

2. Linux

Windows (internal/DESY)

Introduction
In order to establish a secure remote desktop session from Linux to Windows you need an ssh-client (which should be part of every Linux distribution) and rdesktop. If rdesktop is not installed, please download it from http://www.rdesktop.org/ and read the instructions on how to install it properly. Tunneling/Port Forwarding Open a terminal window and type in the following command for a connection to a Windows-PC/-Server inside the DESY network:
ssh username@bastion.desy.de -L 1024:adterm.win.desy.de:3389

Where username has to be replaced with you actual username, bastion.desy.de is the computer youre logging on to connect to DESY, -L 1024 is the local port (this can be any port from 1024 to 65536), adterm.win.desy.de is the computer you want to connect to (for a list of public servers you can connect to, see the appendix) and 3389 is the remote port (the port that the remote desktop protocol uses). After the connection to bastion.desy.de is established and you have logged in, you need to type the following command to open the remote desktop session:
rdesktop -g1280x1024 localhost:1024

Where g10280x1024 is the screen resolution (1024x768 would be another common resolution) and localhost:1024 is the local port your forwarding with the aforementioned ssh command.

3. Mac OS X
Introduction

Windows (internal/DESY)

To connect from Mac OS X to Windows via remote desktop, you need the remote desktop client for Mac OS X. You can download it from Mactopia (http://www.microsoft.com/mac/downloads.mspx). Use StuffIt to expand the .bin file into a .dmg file. The .dmg should now appear on your Desktop as "Remote Desktop Connection".

Tunneling/Port Forwarding
Open a terminal window and type in the following command for a connection to a Windows-PC/-Server inside the DESY network:
ssh username@bastion.desy.de -L 1024:adterm.win.desy.de:3389 adterm.win.desy.de is the computer you want to connect to (for a list of public

servers you can connect to, see the appendix).

Starting the Remote Desktop Session

Open your Remote Desktop Connection (it should be located on your Desktop, if you followed the instructions above) and type localhost:1024 (or the Source Port you chose in your ssh command) in the Computer field and click Connect.

Appendix
Here is a list of public Windows-servers and -clusters you can connect to: - admetro.win.desy.de (will be exchanged in the future) - adterm.win.desy.de - mpy24mws1 * - mpy24mafia1 * - mpy24mafia2 *

Access to these servers is restricted. Please contact C. Kluth, M. Marx or B. Poljancewicz for further information.