Providing Remote Desktop Access
Through SSH on a Mac
Why me and why now?
CAE has been charged to implement the College of Engineering Network Security Policy . As part of the security measures, the College has set up a firewall, which blocks access to the College's network on certain ports.
Those wishing to access their office (or lab) computer can do so via "Windows Remote Desktop", although not directly. The method described below provides a secure (encrypted via SSH) method to gain access to a remote desktop (computer) behind the College's firewall. This procedure is called tunneling.
What you need
-
An Apple Computer running a current version of Mac OS X 10.*
-
Microsoft Remote Desktop Client for the Mac (obtain it from http://www.microsoft.com/mac/)
-
A CAE account to log into any CAE Unix computer
Setting up the SSH Tunnel
- Start the Terminal program by opening the Finder program, selecting the Applications item, and then on the right side of the window, expand the folder that is labeled Utilities . In this folder, double-click the Terminal program:
- A terminal window will now appear on your desktop that looks something like the following:
- Unlike Windows, the command to setup an SSH tunnel requires only one command line entry. In the example below, we are tunneling the remote desktop port on the local machine, through the gateway to the Remote Desktop port on the fictitious remote server “remotedesktop.engr.wisc.edu” (enter the name or IP address of your computer in place of this name). This name is resolved from the remote gateway machine, so it can be a hostname not visible to the user machine.
ssh -L 3389:remotedesktop.engr.wisc.edu:3389 username@sun-10.cae.wisc.edu
What does this command string mean? Let us break it up into its' pieces so that it makes sense:
- ssh -L The "-L" switch tells SSH that it is going to be setting up a tunnel to transport other traffic. NOTE: The case is important! If you were to use the lowercase letter "l", you would be specifying a login name, not a tunnel.
- 3389: Is the local port that we want to re-route from your local computer and put in the SSH tunnel
- remotedesktop.engr.wisc.edu:3389 Is the destination computer and port that we want to connect to on the other side of the SSH tunnel (this is where all of the traffic that is sent to port 3389 on your local computer is being sent)
- username@ Is your CAE username, or the name of your account on the unix computer that you are connecting to.
- sun-10.cae.wisc.edu Is the Unix computer that you are connecting to with SSH that will act as the gateway behind the firewall (it is the other end of the SSH tunnel). You do not have to use sun-10 as the tunnel, any CAE Unix computer will perform just as well.
- If it is your first time connecting to the computer on the other end of the SSH tunnel, you will be presented with a notice that tells you that the authenticity of the other computer cannot be established (in this case, sun-10). If you have never connected to this computer before, this is okay. Type in yes and then enter your CAE password that matches your account name.
- After successfully logging into the Unix computer, you can minimize the Terminal window (click on the yellow button). You do not need to type anything more in there, you just need to have the connection open.
- Start your Remote Desktop program as usual. Instead of typing in the name of the computer that you want to connect to, type in 127.0.0.1 and then click on Connect . This will connect you to the computer that was specified in the Terminal window between the 3389's (in this case, the fictional computer remotedesktop.engr.wisc.edu ).
- Viola! You are now connected to your Remote Desktop computer through an SSH tunnel!
- After you are done using Remote Desktop, exit from the program as normal and then you may close the Terminal window (or just type logout if you want to close the connection to the Unix computer but leave the Terminal program open).
