Don't forward local port 3389, various versions of Remote Desktop are too smart for their own good.

My usual steps involve forwarding local 3390 to remote 3389. Then, in MacRDC I use: localhost:3390 as the address to connect too.

I don't know if you're using anything to assist in the ssh connection setup, but from the command line, it would be something like:

ssh -L 3390:172.16.5.32:3389 jason@remote.net

Where;
- 3390 is the local forwarding port on my box.
- 172.16.5.32 is the remote windows host. and;
- 3389 is the Remote Desktop Port (obviously).

On Reusing Your Windows key.ppk File

The PPK file is a PuTTY-specific private key. It's not a portable private key that works with any ssh-based application. It just works with PuTTY. You need to convert it first. I've found some instructions for converting it to a proper public/private key pair here. You'll need to do this from your Windows machine.

That will give you a private key, key.ssh, that will work with ssh on your Mac. Put the key.ssh file in your ~/.ssh/ directory. Make sure the permissions are correct:

% chmod 400 ~/.ssh/key.ssh

And then you can use it with your ~/.ssh/config file like so:

Host domain.com
  IdentityFile ~/.ssh/key.ssh
  User username

If you no longer have access to your Windows machine you'll need to generate a fresh public/private key pair to use with your web server.

On Generating a Fresh Keypair To Use With Your Mac

Honestly, this is the best way to go here.

Password-less authentication with shared keys requires that both machines have a piece of the shared/public key pieces. Here's a complete recipe for setting up a shared key authentication scheme with two servers. It's not really OS X-specific. It's ssh-specific.

These instructions assume host1 is your Mac and host2 is your web server.

Generate a shared key on host1 (the shared key will be /Users/you/.ssh/webserver.pub and the private key will be /Users/you/.ssh/webserver):

% ssh-keygen -t rsa -b 2048 -f ~/.ssh/webserver
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in webserver.
Your public key has been saved in webserver.pub.
The key fingerprint is:
98:b7:fa:0f:0d:e7:7f:50:cc:9b:b4:57:db:8d:b4:03 ian@Ian-Chesals-iMac.local
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|             o   |
|       o    E * .|
|      o S .  = *=|
|       . *  . B.+|
|        o o  . o |
|       . . .  .  |
|      ..... ..   |
+-----------------+

Note: I didn't enter a password for the key because I don't want to have to use a password when I use the use.

Now you need to append the ~/.ssh/webserver.pub public key to the ~user/.ssh/authorized_keys file on host2, your webserver.

% ssh user@host2 'mkdir ~/.ssh;echo '`cat ~/.ssh/webserver.pub`' >> ~/.ssh/authorized_keys'

For this to work you will need password access to the remote host. If you don't have this you can give ~/.ssh/webserver.pub to someone who does have access to the box and ask them to append it to the authorized_keys file for you perhaps. Or do it from your windows machine where you still have access.

Now make sure your private key is safe on your Mac:

% chmod 400 ~/.ssh/webserver*

ssh can get complain-y if your private/public keypairs are world readable or writeable.

Finally, you can add the following to your ~/.ssh/config file to invoke the right key combination when you try to ssh in to your web server:

Host domain.com
  IdentityFile ~/.ssh/webserver
  User username

This will get you the password-less, keypair-based authentication you desire.