[CentOS] [OT] Remote control of a WinXP machine from a Linux host

Tue Jan 13 17:20:22 UTC 2009
Marko Vojinovic <vvmarko at panet.co.yu>

On Monday 12 January 2009 04:13, Christopher Chan wrote:
> > the connection must be initiated from C's side to A. This simply cannot
> > work simultaneously, so I tried to make use of my public server B which
> > can be used as a "bridge" between A and C. So, A connects to B, C
> > connects to B, and then A and C communicate. Roughly speaking...
> >
> > That was my initial idea, but seems too complicated to work out, so I
> > asked for a possible easier alternative. :-)
> Easy. John R Pierce's idea works no problem. Just do it the other way
> round for A.
> A will run ssh (or putty) and connect to B with a ssh key and do port
> forwarding.
> So instead of ssh -L as suggested by John, do the equivalent of ssh -R on
> A.
> Then your problem will become: how do I secure B:3389 against
> unauthorized connections. Again, ssh (or putty) on C -> B to the rescue.
> Back to John's suggestion. C will do ssh -L and B will firewall all
> access to port 3389 except from localhost.
>   A ssh -R3389(or whateverA):localhost:3389
> \|/
>   B
> /|\
>   C -L3389(or whateverB):localhost:3389(or whateverA)
> rdesktop or Remote Desktop on C connections to localhost port 3389 (or
> whateverB)

Hmmm, I see... Yes, this seems doable/possible, indeed. I am just not too 
confident in WinXP ssh capabilities. I mean, putty could do it, but it also 
needs to keep the connection alive through the NAT/firewall in front of A, 
and survive across reboots, without hickupps :-). But I guess this can also 
be arranged without much trouble.

Up to now I wasn't aware of -L and -R options of ssh, they are actually very 
powerful when used in combinations like this.

Anyway, I found that openvpn would suit all my needs, and this seems to be an 
equivalent alternative. Maybe I'll implement both openvpn and this, to have a 
backdoor if openvpn fails for whatever reason.

Thanks for help, this is very useful ! :-)

Best, :-)