Marko Vojinovic wrote: > Sorry for an off topic post, but a lot of you folks are sysadmins here or > there, and just might have a suggestion... ;-) > > I have a WinXP machine that is to be unattended for a period of 3 years (yes, > I know, it sounds ridiculous, but still...). What I need is remote access to > it to perform regular system maintenance, virus cleanups, occasional software > installations, reboots, config changes, etc. > > Of course, rdesktop would do it, or vnc server or something else. The problem > is that this machine is behind a NAT, and I cannot access it remotely from > outside (and I need access from whereever on the planet I may happen to be). > > Basically, I need to setup some type of ssh tunnelling from XP (machine A) to > my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further > to my laptop (machine C, Fedora 10) located elsewhere (possibly behind > another NAT, I can't know in advance). I have root access for all three > machines (A, B and C). Of course, all three are on different LANs. > > if this remote XP machine is behind a NAT server that you can log onto with SSH, then, from your local machine... ssh -L 3390:private-ip-of-remote-XP-machine:3389 username at ip-or-hostname-of-remote-NAT-server and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which will be forwarded over the SSH tunnel to the remote XP machine's RDP service. (Remote Desktop Protocol) or, if this remote NAT is some sort of appliance router (linksys etc), setup a port forward on said router to forward inbound TCP port XXXX to ip-of-XP-machine:3389 and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX Windows remote desktop uses a fairly secure challenge/handshake authentication protocol, so as long as all accounts on said remote XP box have reasonably strong passwords, this is more secure than some might think. Its certainly more secure than plain vanilla VNC