On Monday 12 January 2009 04:13, Christopher Chan wrote:
the connection must be initiated from C's side to A. This simply cannot work simultaneously, so I tried to make use of my public server B which can be used as a "bridge" between A and C. So, A connects to B, C connects to B, and then A and C communicate. Roughly speaking...
That was my initial idea, but seems too complicated to work out, so I asked for a possible easier alternative. :-)
Easy. John R Pierce's idea works no problem. Just do it the other way round for A.
A will run ssh (or putty) and connect to B with a ssh key and do port forwarding.
So instead of ssh -L as suggested by John, do the equivalent of ssh -R on A.
Then your problem will become: how do I secure B:3389 against unauthorized connections. Again, ssh (or putty) on C -> B to the rescue.
Back to John's suggestion. C will do ssh -L and B will firewall all access to port 3389 except from localhost.
A ssh -R3389(or whateverA):localhost:3389
|/
B
/|\
C -L3389(or whateverB):localhost:3389(or whateverA)
rdesktop or Remote Desktop on C connections to localhost port 3389 (or whateverB)
Hmmm, I see... Yes, this seems doable/possible, indeed. I am just not too confident in WinXP ssh capabilities. I mean, putty could do it, but it also needs to keep the connection alive through the NAT/firewall in front of A, and survive across reboots, without hickupps :-). But I guess this can also be arranged without much trouble.
Up to now I wasn't aware of -L and -R options of ssh, they are actually very powerful when used in combinations like this.
Anyway, I found that openvpn would suit all my needs, and this seems to be an equivalent alternative. Maybe I'll implement both openvpn and this, to have a backdoor if openvpn fails for whatever reason.
Thanks for help, this is very useful ! :-)
Best, :-) Marko