RDP thru SSH Tunnel

I use RDP to access my office server from home. Currently using the Administrator CAL on a Win 2000 Server.
I keep seeing on newgroups that many are using OpenSSH tunnels to secure this connection.
Anyone using this? Is this the thing to do?
If so could someone help me set this up?
Any help is greatly appreciated!

 

What may be easier is to turn on encryption for the RDP session.

 

What about login authenication

Scott
Thanks for your response.
My understanding is that creating a SSH Tunnel would help secure the login authenication as a 1024bit key can be establish to secure the login.
Is this necessary or RDP login secure as is?
Thanks

 

It was my understanding the credentals were encrypted also. Although it looks like I didn't paste that part.

See if this helps:
http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

 

I use cygwin/OpenSSH/xp/rdp. Here a link about how I set it up:
http://members.dslextreme.com/users/claytonmanning/remote/README.html

We had an employee (bookkeeper) go on maternity leave. She agreed to to continue working if she could do so from home. A temp would have taken too long to train and would have f**ked up our books. Theft of the data on this system could have resulted in a $10,000 fine and possible civil suit. Another issue was that lame ass Quickbooks requires that all user's have Admin rights so I couldn't even try to lock down the remote user. I blocked all but SSH w/ 2048bitRSA_key/pass authentication. The RDP encryption is redundant if used through SSH. The termserv.dll hack was necessary so that we could have someone concurrently logged in at the console, not allowed in XP/sp2 post 2055 build.

The alternative was buy Windows Server 2003, buy QB multi-user, setup VPN.
This way we didn't spend a dime
Just kept an eye on securityfocus for applicable OpenSSH vunerabilities.

The default key size in OpenSSH is now 2048bit, RSA or DSA but, you can make it 1024,4096 or whatever, with associated password or without.

For the most people I think following this guide would suffice:
http://www.mobydisk.com/techres/securing_remote_desktop.html

 

Good information!

Thanks bbbooolllooo!
Excellent info.
I actually got it to work using Copssh and tunnelier.
Seems to work good.
Do you know if there is a way to log the user login, login time and logout time for the RDP sessions?
Great information on the termserv.dll hack.
Thanks again!

 

Windows XP Security Event Viewer Log

An Audit Policy may be configured using the Group Policy editor to track logon success and failures. From the Start | Run command window type gpedit.msc. Navigate to Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy | Audit logon events. Highlight and right-click and select properties.

For me this logs both sshd logins and rdp.
NOTE: I log both success,failure your logs will fill up quickly if sshd is set up on default port 22 due all the automated bruteforcers. While i'm not worried about them gaining entry due to key, it makes it muck easier to audit if you serve to non-standard port.

 

Excellent info

Thanks again.
I indeed was having my security log fill up and I was having to clear it regularly.
You are the man!
I appreciate your help.

 

Ps

Could you give me a recommend port range?

 

Here's a list of ports and thier commonly associated services:
http://www.iana.org/assignments/port-numbers

Pick an unassigned port, or a port from a service you arent using and don't plan to use.

at command prompt:
netstat -an
shows you what ports are already in use

 

jawdoc - in addition to the very good advice in this thread, I suggest you set all of your event logs to overwrite as needed. You might also want to give them more space than the default if you have plenty of drive space and the patience to look through that many events. I use 2048Kb as the max size on all of mine and that is more than enough for my needs since it will then hold several thousand events.

 

Thanks Newt

Thanks Newt
Good advice!
Will do.
Great forum!