Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or
> there, and just might have a suggestion... ;-)
>
> I have a WinXP machine that is to be unattended for a period of 3 years (yes,
> I know, it sounds ridiculous, but still...). What I need is remote access to
> it to perform regular system maintenance, virus cleanups, occasional software
> installations, reboots, config changes, etc.
>
> Of course, rdesktop would do it, or vnc server or something else. The problem
> is that this machine is behind a NAT, and I cannot access it remotely from
> outside (and I need access from whereever on the planet I may happen to be).
>
> Basically, I need to setup some type of ssh tunnelling from XP (machine A) to
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind
> another NAT, I can't know in advance). I have root access for all three
> machines (A, B and C). Of course, all three are on different LANs.
>
>
if this remote XP machine is behind a NAT server that you can log onto
with SSH, then, from your local machine...
ssh -L 3390:private-ip-of-remote-XP-machine:3389
username at ip-or-hostname-of-remote-NAT-server
and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which
will be forwarded over the SSH tunnel to the remote XP machine's RDP
service. (Remote Desktop Protocol)
or, if this remote NAT is some sort of appliance router (linksys etc),
setup a port forward on said router to forward inbound TCP port XXXX to
ip-of-XP-machine:3389
and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX
Windows remote desktop uses a fairly secure challenge/handshake
authentication protocol, so as long as all accounts on said remote XP
box have reasonably strong passwords, this is more secure than some
might think. Its certainly more secure than plain vanilla VNC