Ssh – tunneling VNC/rdesktop over ssh

firewallsshssh-tunneling

I'm having a friend behind a firewall, with a windows computer. I'm having a Linux machine at home which is not behind a firewall.

I want to have an rdesktop connection to his machine, without using any intermediate service such as LogMeIn.

My plan is:

Have him SSH to my machine (SSH is allowed by the firewall), and set the appropriate tunnel.
Activate rdesktop/vnc on my machine, on the currently ran X server.

What I don't like about it, is the hassle of running programs as his user on the currently running X server. I'd rather have him set the tunnel somehow for my user, so that I'll just be able to rdesktop localhost:1234 as long as he's connected to me.

Any smarter way?

Best Answer

I would prefer to setup a vpn (openvpn for example) with server on your machine and client on your friend's machine. When he wants you to connect, he opens the vpn (no login involved on your machine) and you open your remote desktop client to his machine's IP (at least with openvpn, you can assign a "fixed" IP to his machine so you can save it, not needing to look at it everytime).

This way you have no login to your machine and you only access his machine when he opens the VPN. On the other side, you can shutdown the server when you don't want him to connect to your machine. Anyways, if you don't give him a user on your machine (or a user with only the access you want), he won't be able to to much there.

And this way, you can do it with more friends easily if needed as they only need to install the vpn client.

Related Solutions

SFTP – How to Use SFTP Over Reverse SSH Tunnel

First, this is a prerequesite (at least for me): Remote desktop over SSH reverse tunnel to replace TeamViewer

The reverse SSH tunnel looks like this:

laptop(SFTP client)--->nat--->middleman<--nat<--desktop(SFTP server)

On laptop edit ~/.ssh/config and add this:

Host SftpToDesktop
  HostName localhost
  Port %p
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then, with an existing SSH leg from laptop to middleman established already (as per above link), do the following:

$ ssh -fNL 1234:localhost:1234 -i ~/.ssh/some_id_rsa admin@middleman.com

Finally, open Dolphin (if using KDE like me) and enter this location:

sftp://SftpToDesktop:1234

Ssh – rsync over ssh tunnel

I think the feature you're looking for is called connection sharing. Add this to your $HOME/.ssh/config file:

ControlMaster auto
ControlPath /tmp/ssh_mux_%h_%p_%r

excerpt #1 from SSH Can Do That? Productivity Tips for Working with Remote Servers

Fortunately OpenSSH has a feature which makes it much snappier to get another terminal on a server you’re already connected to: connection sharing.

excerpt #2

Shared connections aren’t just a boon with multiple terminal windows; they also make copying files to and from remote servers a breeze. If you SSH to a server and then use the scp command to copy a file to it, scp will make use of your existing SSH connection ‒ ... Connections are also shared with rsync, git, and any other command which uses SSH for connection.

References

SSH Can Do That? Productivity Tips for Working with Remote Servers

Best Answer

Related Solutions

SFTP – How to Use SFTP Over Reverse SSH Tunnel

Ssh – rsync over ssh tunnel

References

Related Question