From: O. O. <ols...@ya...> - 2006-01-23 12:13:25
|
Hi, I am wondering if someone has experience with rdesktop over ssh. I have looked at your mailing list and it seems to have worked for some people. I have a windows XP computer at home. Unfortunately this is behind a router, so with the exception of ssh it is inaccessible to the outside world. (I am running a cygwin sshd server on it.) I have a Linux PC outside where I work - and I sometimes need to connect to my home PC. I am wondering if I can ssh from my linux PC to my home PC and port forward - then use rdesktop to connect. I have tried using ssh -L 3390:10.1.169.25:3389 usern...@my.sshserver.hostname where 10.1.169.25 is my internal lan IP address. I then try rdesktop localhost:3390 - and this does not work. However if I locally log on to my ssh in cygwin using ssh -L 3390:10.1.169.25:3389 localhost I can use the windows remote desktop to connect to localhost:3390 I hope someone has some ideas why this is not working. Regards, O.O. ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it |
From: David S. <ds...@ds...> - 2006-01-23 19:55:34
|
Do you have a firewall or something else running on the XP system that =20= might not be allowing the packets to 3389 from external hosts? David On Jan 23, 2006, at 4:13 AM, O. Olson wrote: > Hi, > I am wondering if someone has experience with > rdesktop over ssh. I have looked at your mailing list > =96 and it seems to have worked for some people. > > I have a windows XP computer at home. Unfortunately > this is behind a router, so with the exception of ssh > it is inaccessible to the outside world. (I am running > a cygwin sshd server on it.) I have a Linux PC outside > where I work - and I sometimes need to connect to my > home PC. I am wondering if I can ssh from my linux PC > to my home PC and port forward - then use rdesktop to > connect. > > I have tried using > > ssh -L 3390:10.1.169.25:3389 > usern...@my.sshserver.hostname > > where 10.1.169.25 is my internal lan IP address. I > then try > > rdesktop localhost:3390 - and this does not work. > > However if I locally log on to my ssh in cygwin using > > ssh -L 3390:10.1.169.25:3389 localhost > > I can use the windows remote desktop to connect to > localhost:3390 > > I hope someone has some ideas why this is not working. > > Regards, > O.O. > > > > =09 > > =09 > =09 > ___________________________________ > Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB > http://mail.yahoo.it > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log = =20 > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD = SPLUNK! > http://sel.as-us.falkag.net/sel?=20 > cmd=3Dlnk&kid=3D103432&bid=3D230486&dat=3D121642 > _______________________________________________ > rdesktop-users mailing list > rde...@li... > https://lists.sourceforge.net/lists/listinfo/rdesktop-users > |
From: Scot H. <sha...@ep...> - 2006-01-23 23:38:42
|
If you are able to ssh from your Linux box at work to your XP box at home then use the following format: - connect to your home system via ssh with forwarding local 3389 to remote's localhost 3389 with compression (-C)(bit of added speed). ssh -C -L 3389:localhost:3389 us...@my...rver - rdesktop from the Linux box to localhost (your Linux box). rdesktop localhost In this scenario, from your Linux box at work, you have opened an ssh connection to your home system and forwarded 3389 on your Linux box's lo adapter (127.0.0.1, unless ssh_config has the global option on) to your Window's box localhost port 3389. From the Windows system perspective you are connecting with rdesktop from your Windows system. If you are connecting from your home system to work and want to reverse-forward, leaving that open while you run to work, you do the following: - connect from your Windows box to a system at work via ssh. The work system may be a firewall (sits on the DMZ/internet and on the LAN), or might be reached by a port-forward from a router/firewall/whatever device at work. ssh -g -C -R 3399:localhost:3389 us...@wo...m - at work, rdesktop to the inside address of the same server to which you connected via ssh from home: rdesktop work-private-address.dom:3399 In this scenario you have used a third machine as a waypoint, or, if your Linux workstation can be reached by ssh from outside, you're just using your machine at work to set up a "reverse ssh tunnel" to your home system. You point rdesktop to port 3399 at the LAN address of the work machine hosting your home system's ssh session. The ssh session takes traffic to port 3399 and sends it to your home over the ssh tunnel to your home system, and from there ssh sends the traffic to port 3389 on the home machine itself. I have done both of these options with great success. I believe the first one is the one you're asking about. There ya go. Regards, Scot Harkins On Mon, 2006-01-23 at 04:13, O. Olson wrote: > Hi,=20 > I am wondering if someone has experience with > rdesktop over ssh. I have looked at your mailing list > =96 and it seems to have worked for some people.=20 >=20 > I have a windows XP computer at home. Unfortunately > this is behind a router, so with the exception of ssh > it is inaccessible to the outside world. (I am running > a cygwin sshd server on it.) I have a Linux PC outside > where I work - and I sometimes need to connect to my > home PC. I am wondering if I can ssh from my linux PC > to my home PC and port forward - then use rdesktop to > connect. >=20 > I have tried using=20 >=20 > ssh -L 3390:10.1.169.25:3389 > usern...@my.sshserver.hostname >=20 > where 10.1.169.25 is my internal lan IP address. I > then try=20 >=20 > rdesktop localhost:3390 - and this does not work. >=20 > However if I locally log on to my ssh in cygwin using=20 >=20 > ssh -L 3390:10.1.169.25:3389 localhost >=20 > I can use the windows remote desktop to connect to > localhost:3390 =20 >=20 > I hope someone has some ideas why this is not working. >=20 > Regards, > O.O. >=20 >=20 >=20 > =09 >=20 > =09 > =09 > ___________________________________=20 > Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB=20 > http://mail.yahoo.it >=20 >=20 > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log = files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D103432&bid=3D230486&dat= =3D121642 > _______________________________________________ > rdesktop-users mailing list > rde...@li... > https://lists.sourceforge.net/lists/listinfo/rdesktop-users -- Scot Harkins (KA5KDU) Technical Support Engineer www.epicor.com Tel: 425-672-1304 Fax: 425-670-1810 E-Mail: sha...@ep... Epicor|CRS Retail Solutions Division 3400 188th St. SW, Suite 185 Lynnwood, WA 98037-4708 ----------------------------------------------------------------------- root@linux # fortune -s It's a good thing we don't get all the government we pay for. ----------------------------------------------------------------------- |
From: O. O. <ols...@ya...> - 2006-01-24 01:26:15
|
Thank you Norbert, Scot and Dave for your responses. Though I have used port forwarding before I just learnt that I did not know enough. This is probably not a rdesktop problem rather its a port forwarding problem. I just learnt of it when I was discussing it with my friends. To restate my problem: My Windows computer is buried behind a router, but it runs a ssh server which I can connect to. (Cygwin SSHD). I was trying to ssh into my home computer from work and forward ports to the RDP 3389. I was then hoping to remote desktop into the local work Linux machine and get forwarded to my Windows home machine. So one of the things I tried (among many others was) ssh -L 3389:10.1.169.25:3389 usern...@your.sshserver.hostname rdesktop localhost or rdesktop localhost:3389 (10.1.169.25 = Win machine lan Address) This does not work (though I successfully ssh). My friend then suggested that I netstat -an| grep LISTEN On the linux machine to see if the ports really get forwarded and I realized that this was not happening. I was not seeing anywhere the port 3389. I ultimately normally ssh'd into my windows machine i.e. ssh usern...@your.sshserver.hostname I then re-ssh'd back from my windows machine to my Linux machine, this time forwarding the ports using something like ssh -R 3389:localhost:3389 usern...@lab.work.linux.machine Then from my Linux machine I rdesktop localhost This works so this means I cannot forward ports for some reason from my Linux box to the Windows but I can do it the other way around. I would be contacting my Linux network admin to know why this is so because I dont have admin priveledges on that machine. Thanks to all you guys. O.O. ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it |
From: Scot H. <sha...@ep...> - 2006-01-24 02:16:07
|
That leaves you down to checking the ssh server config on your home system, and your ssh client config on your Linux box at work. On the Windows/Cygwin system look in /etc/sshd_config for the line "AllowTcpForwarding". By default it is commented out and shows "yes", meaning sshd.exe was built with the option to allow inbound TCP forwarding. I don't always trust the "default" setting, so I recommend uncommenting AllowTcpForwarding and make sure it says "yes". On the client side (the Linux box) if /etc/ssh/ssh_config has ClearAllForwardings set to "yes" (it's "no" by default) then no outbound forwarding will be allowed. The option essentially means "any forwarding rules I have on the command-line or in a config file will be cleared as though they were not there". If you intend to connect to the Linux box at work from yet another system then your ssh command needs -g, or /etc/ssh/ssh_config needs to have "GatewayPorts" uncommented (or added if missing) and set to yes. (Since you do not have admin access you will not be able to change this, but you can check this since users need to be able to read ssh_config when they run ssh.) By default, when you forward ports out with -L the ssh client only listens on localhost/127.0.0.1. On your Linux box, while ssh'd to your home system, if you run 'netstat -lnp | grep ssh' you might see something like this: ---begin result of 'ssh -L 3389:10.29.0.102:3389 remotesystem'--- apr777> netstat -lnp | grep ssh tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3703/sshd tcp 0 0 127.0.0.1:3389 0.0.0.0:* LISTEN 18890/ssh unix 2 [ ACC ] STREAM LISTENING 9059 5762/ssh-agent /tmp/ssh-XXcWSmA1/agent.5747 unix 2 [ ACC ] STREAM LISTENING 23319 6505/ssh-agent /tmp/ssh-XXtOXwcG/agent.6490 ---end--- ...but if I add -g: ---begin result of 'ssh -g -L 3389:10.29.0.102:3389 remotesystem'--- apr777> netstat -lnp | grep ssh tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3703/sshd tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 18917/ssh unix 2 [ ACC ] STREAM LISTENING 9059 5762/ssh-agent /tmp/ssh-XXcWSmA1/agent.5747 unix 2 [ ACC ] STREAM LISTENING 23319 6505/ssh-agent /tmp/ssh-XXtOXwcG/agent.6490 ---end--- Note the second line in both cases. The default was listening only on localhost (127.0.0.1:3389), but with -g it will listen on all adapters (0.0.0.0:3389). On the Linux box /etc/ssh/ssh_config will be readable, since users need to be able to read it when they run ssh. You should be able to view the options. Add -v to see everything that happens as you connect. When you do that you ought to see something like this when you forward 3389: ---begin sample debug on 3389 forward with -g global option--- debug1: Connections to local port 3389 forwarded to remote address 10.10.7.63:3389 socket: Address family not supported by protocol debug1: Local forwarding listening on 0.0.0.0 port 3389. ---end--- On the other hand, if your admin has port forwarding locked down for the ssh client but not for the ssh server (since your reverse works from home), there is an inconsistency. It should either be allowed for both, or denied for both. Once you figure out what /etc/ssh/ssh_config has set for AllowTcpForwarding you can ask your admin to clarify the policy and then change the settings to match. Of course, this might result in you losing even the inbound reverse forwarding. sh On Mon, 2006-01-23 at 17:25, O. Olson wrote: > Thank you Norbert, Scot and Dave for your responses. > Though I have used port forwarding before I just > learnt that I did not know enough. This is probably > not a rdesktop problem rather its a port forwarding > problem. I just learnt of it when I was discussing it > with my friends. > > To restate my problem: My Windows computer is buried > behind a router, but it runs a ssh server which I can > connect to. (Cygwin SSHD). I was trying to ssh into my > home computer from work and forward ports to the RDP > 3389. I was then hoping to remote desktop into the > local work Linux machine and get forwarded to my > Windows home machine. So one of the things I tried > (among many others was) > > ssh -L 3389:10.1.169.25:3389 > usern...@your.sshserver.hostname > rdesktop localhost or rdesktop localhost:3389 > > (10.1.169.25 = Win machine lan Address) > > This does not work (though I successfully ssh). My > friend then suggested that I > > netstat -an| grep LISTEN > > On the linux machine to see if the ports really get > forwarded and I realized that this was not > happening. I was not seeing anywhere the port 3389. > > > I ultimately normally ssh'd into my windows machine > i.e. > > ssh usern...@your.sshserver.hostname > > I then re-ssh'd back from my windows machine to my > Linux machine, this time forwarding the ports using > something like > > ssh -R 3389:localhost:3389 > usern...@lab.work.linux.machine > > Then from my Linux machine I > > rdesktop localhost > > > This works so this means I cannot forward ports for > some reason from my Linux box to the Windows but I > can do it the other way around. > I would be contacting my Linux network admin to know > why this is so because I dont have admin > priveledges on that machine. > > Thanks to all you guys. > O.O. -- Scot Harkins (KA5KDU) Technical Support Engineer www.epicor.com Tel: 425-672-1304 Fax: 425-670-1810 E-Mail: sha...@ep... Epicor|CRS Retail Solutions Division 3400 188th St. SW, Suite 185 Lynnwood, WA 98037-4708 ----------------------------------------------------------------------- root@linux # fortune -s Spreading peanut butter reminds me of opera!! I wonder why? ----------------------------------------------------------------------- |
From: O. O. <ols...@ya...> - 2006-01-24 22:28:49
|
Dear Scott, Thanks a lot. That sounds more like a tutorial. I think I would need to talk to my admin sometime. I think its an issue with my Linux computer at work. First I tried your ssh with the v option. I see a lot of debug information but no where I can see if it has forwarded the port or not i.e. there is no mention of it. (I just see a lot of stuff regarding authenticating by the keys and nothing more.) While I was using the v and the g option in the ssh I tried the netstat -lnp | grep ssh Heres what I got (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) unix 2 [ ACC ] STREAM LISTENING 1230292 - /tmp/ssh-LIOnO13326/agent.13326 This shows that no TCP port was forwarded. I dont think its a problem with rdesktop just a ssh problem. At least now I know more of ssh. Thanks once again. O.O. --- Scot Harkins <sha...@ep...> ha scritto: > That leaves you down to checking the ssh server > config on your home > system, and your ssh client config on your Linux box > at work. > > On the Windows/Cygwin system look in > /etc/sshd_config for the line > "AllowTcpForwarding". By default it is commented > out and shows "yes", > meaning sshd.exe was built with the option to allow > inbound TCP > forwarding. I don't always trust the "default" > setting, so I recommend > uncommenting AllowTcpForwarding and make sure it > says "yes". > > On the client side (the Linux box) if > /etc/ssh/ssh_config has > ClearAllForwardings set to "yes" (it's "no" by > default) then no outbound > forwarding will be allowed. The option essentially > means "any > forwarding rules I have on the command-line or in a > config file will be > cleared as though they were not there". > > If you intend to connect to the Linux box at work > from yet another > system then your ssh command needs -g, or > /etc/ssh/ssh_config needs to > have "GatewayPorts" uncommented (or added if > missing) and set to yes. > (Since you do not have admin access you will not be > able to change this, > but you can check this since users need to be able > to read ssh_config > when they run ssh.) By default, when you forward > ports out with -L the > ssh client only listens on localhost/127.0.0.1. On > your Linux box, > while ssh'd to your home system, if you run 'netstat > -lnp | grep ssh' > you might see something like this: > > ---begin result of 'ssh -L 3389:10.29.0.102:3389 > remotesystem'--- > apr777> netstat -lnp | grep ssh > tcp 0 0 0.0.0.0:22 > 0.0.0.0:* > LISTEN 3703/sshd > tcp 0 0 127.0.0.1:3389 > 0.0.0.0:* > LISTEN 18890/ssh > unix 2 [ ACC ] STREAM LISTENING > 9059 > 5762/ssh-agent /tmp/ssh-XXcWSmA1/agent.5747 > unix 2 [ ACC ] STREAM LISTENING > 23319 > 6505/ssh-agent /tmp/ssh-XXtOXwcG/agent.6490 > ---end--- > > ...but if I add -g: > > ---begin result of 'ssh -g -L 3389:10.29.0.102:3389 > remotesystem'--- > apr777> netstat -lnp | grep ssh > tcp 0 0 0.0.0.0:22 > 0.0.0.0:* > LISTEN 3703/sshd > tcp 0 0 0.0.0.0:3389 > 0.0.0.0:* > LISTEN 18917/ssh > unix 2 [ ACC ] STREAM LISTENING > 9059 > 5762/ssh-agent /tmp/ssh-XXcWSmA1/agent.5747 > unix 2 [ ACC ] STREAM LISTENING > 23319 > 6505/ssh-agent /tmp/ssh-XXtOXwcG/agent.6490 > ---end--- > > Note the second line in both cases. The default was > listening only on > localhost (127.0.0.1:3389), but with -g it will > listen on all adapters > (0.0.0.0:3389). > > On the Linux box /etc/ssh/ssh_config will be > readable, since users need > to be able to read it when they run ssh. You should > be able to view the > options. > > Add -v to see everything that happens as you > connect. When you do that > you ought to see something like this when you > forward 3389: > > ---begin sample debug on 3389 forward with -g global > option--- > debug1: Connections to local port 3389 forwarded to > remote address > 10.10.7.63:3389 > socket: Address family not supported by protocol > debug1: Local forwarding listening on 0.0.0.0 port > 3389. > ---end--- > > On the other hand, if your admin has port forwarding > locked down for the > ssh client but not for the ssh server (since your > reverse works from > home), there is an inconsistency. It should either > be allowed for both, > or denied for both. Once you figure out what > /etc/ssh/ssh_config has > set for AllowTcpForwarding you can ask your admin to > clarify the policy > and then change the settings to match. Of course, > this might result in > you losing even the inbound reverse forwarding. > > > sh > > ___________________________________ Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive http://it.messenger.yahoo.com |