> the connection must be initiated from C's side to A. This simply cannot work > simultaneously, so I tried to make use of my public server B which can be > used as a "bridge" between A and C. So, A connects to B, C connects to B, and > then A and C communicate. Roughly speaking... > > That was my initial idea, but seems too complicated to work out, so I asked > for a possible easier alternative. :-) > Easy. John R Pierce's idea works no problem. Just do it the other way round for A. A will run ssh (or putty) and connect to B with a ssh key and do port forwarding. So instead of ssh -L as suggested by John, do the equivalent of ssh -R on A. Then your problem will become: how do I secure B:3389 against unauthorized connections. Again, ssh (or putty) on C -> B to the rescue. Back to John's suggestion. C will do ssh -L and B will firewall all access to port 3389 except from localhost. A ssh -R3389(or whateverA):localhost:3389 | | \|/ B /|\ | | C -L3389(or whateverB):localhost:3389(or whateverA) rdesktop or Remote Desktop on C connections to localhost port 3389 (or whateverB)