[CentOS] [OT] Remote control of a WinXP machine from a Linux host

Sat Jan 10 22:03:30 UTC 2009
John R Pierce <pierce at hogranch.com>

Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or 
> there, and just might have a suggestion... ;-)
>
> I have a WinXP machine that is to be unattended for a period of 3 years (yes, 
> I know, it sounds ridiculous, but still...). What I need is remote access to 
> it to perform regular system maintenance, virus cleanups, occasional software 
> installations, reboots, config changes, etc.
>
> Of course, rdesktop would do it, or vnc server or something else. The problem 
> is that this machine is behind a NAT, and I cannot access it remotely from 
> outside (and I need access from whereever on the planet I may happen to be).
>
> Basically, I need to setup some type of ssh tunnelling from XP (machine A) to 
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further 
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind 
> another NAT, I can't know in advance). I have root access for all three 
> machines (A, B and C). Of course, all three are on different LANs.
>
>   


if this remote XP machine is behind a NAT server that you can log onto 
with SSH, then, from your local machine...

    ssh -L 3390:private-ip-of-remote-XP-machine:3389 
username at ip-or-hostname-of-remote-NAT-server

and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which 
will be forwarded over the SSH tunnel to the remote XP machine's RDP 
service. (Remote Desktop Protocol)



or, if this remote NAT is some sort of appliance router (linksys etc), 
setup a port forward on said router to forward inbound TCP port XXXX to 
ip-of-XP-machine:3389
and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX

Windows remote desktop uses a fairly secure challenge/handshake 
authentication protocol, so as long as all accounts on said remote XP 
box have reasonably strong passwords, this is more secure than some 
might think.   Its certainly more secure than plain vanilla VNC