Windows Remote Desktop over ssh

Source: http://www.bitvise.com/remote-desktop.html

Follow these steps if you wish to get quickly up and started with Remote Desktop over SSH. It is advised that you try to understand what is being done by each one of the steps presented. The difference between understanding and not understanding is frequently the difference between a security measure which works and one that only appears to.

1. Install WinSSHD on the server (the machine you wish to access with Remote Desktop).
2. No changes to the default WinSSHD configuration are required to use Remote Desktop over SSH. You may wish to make changes to the default WinSSHD configuration later on, to restrict what WinSSHD features are accessible to remote users. However, for the time being, keep your WinSSHD settings at default until your Remote Desktop over SSH is up and running.
3. Apart from installing WinSSHD, the only thing you need to do on the server is ensure that there is a Windows account which you can use to log on locally. This will normally be a Windows account which already exists and which you plan to be using to log into with Remote Desktop.
4. Start the WinSSHD service from the WinSSHD Control Panel.
5. Install Tunnelier on the client (the machine from which you wish to be accessing the server machine).
6. Configure the following settings on the Login tab in Tunnelier. Click also the 'Help' link on the Login tab for help with any of these settings.
   1. Host: The IP address or DNS name of the server that you are accessing.
   2. Port: You will normally use the default value, 22. This must match the port that WinSSHD is listening on. If you have made no changes to the default WinSSHD configuration to change the port it is listening on, use 22.
   3. Username: The Windows account name with which to log into the server. This must be a valid Windows account name with local logon permissions on the side of the server.
   4. Password: The password with which to log into the server, belonging to the account name specified by Username.
   5. Store encrypted password in profile: You may optionally wish to enable this setting so that you will not be asked to reenter the password each time when logging in after Tunnelier has been restarted.
7. In the C2S Forwarding tab in Tunnelier, add a new entry and configure the following settings for this entry. Click also the 'Help' link on the C2S Forwarding tab for help with any of these settings.
   1. Status: This will be 'enabled' by default, leave it that way.
   2. Listen interface: The default value is 127.0.0.1. If the client machine is running Windows XP prior to Service Pack 2, change this to 127.0.0.2. If you are running Windows XP SP2, or if you are running Windows 2000 or earlier, leave this at the default value.
   3. List. Port: This is the local (client-side) port on which Tunnelier will be listening for a connection from your Remote Desktop client. Set this to 3389 if running Windows 2000 or earlier. Otherwise, if using Windows XP, set this to 3390 or an arbitrary port number. The chosen port number needs to be reflected in your instructions to the Remote Desktop client (below). You can also execute 'netstat -an' from a command prompt and examine the output to ensure that your chosen port is not yet occupied. It is fine if there is not already a line like '0.0.0.0:(yourPortNr) ... LISTENING'.
   4. Destination Host: specifying localhost will work, assuming the Remote Desktop server is listening on all interfaces, which is normally the case. If it is listening on a particular interface, you can determine the interface by executing 'netstat -an' on the server and examining the output for a line like 'xxxxxx:3389 ... LISTENING'. If xxxxxx is 0.0.0.0, the Remote Desktop server is listening on all interfaces and 'localhost' will work here. Otherwise, the xxxxxx is the IP address that you need to enter in this field. Using 'localhost' will normally work though.
   5. Dest. Port: 3389.
8. Click the Login button in Tunnelier and observe the log area for any errors. If the session is established without errors, the SSH setup is running, now you just need to connect through it with the Remote Desktop client.
9. Run the Remote Desktop client. In Windows XP, you can find it through Start : All Programs : Accessories : Communications : Remote Desktop Connection. Alternately you can run it from a Windows command prompt (execute 'mstsc') or through Start : Run : 'mstsc'.
10. In the Computer field, enter 127.0.0.1 if you configured the 'List. Port' setting in your C2S rule as 3389 (on Windows 2000 or earlier). On Windows XP prior to SP2, enter 127.0.0.2:xxxx, where xxxx is the port number you chose for the 'List. Port' field in your C2S rule. On Windows XP SP2 or higher, enter 127.0.0.1:xxxx, where xxxx is that same port number.
11. Click Connect. The SSH session in Tunnelier needs to be established with the C2S port forwarding rule active when you do this. If all is well, you should have a secure Remote Desktop connection to the server machine shortly.
12. You can make sure that your Remote Desktop connection is going through Tunnelier by checking the Tunnelier log area for a message saying 'Accepted client-to-server connection from ... to localhost:3389' corresponding to each connection attempt you make. Likewise, when your Remote Desktop session closes, Tunnelier should output a log message stating 'Closing client-to-server forwarding channel from ... to localhost:3389'.