Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

Tunneling Remote Desktop traffic through an SSH connection

If you are using a version of Windows that the Cisco VPN client will not run on (incuding all 64-bit Microsoft OSes), and are using the VPN in order to "Remote Desktop" to a campus machine, you can use the following procedure as an alternative to running the Cisco VPN client.

Procedure

  • open PuTTY (if PuTTY is not installed, it can be downloaded from: \\monolith.scs.ad.cs.cmu.edu\pc_dist\putty)
  • when PuTTY is opened, enter "linux.gp.cs.cmu.edu" in the "Host Name" field

    PuTTY configuration

  • expand the "SSH" heading in the column on the left, then click "Tunnels"
  • in the "Source port" field, enter "127.0.0.2:3390"
  • in the "Destination" field, enter the name of the machine that you would like to Remote Desktop to followed by a colon and 3389 (i.e. "HOSTNAME.CS.CMU.EDU:3389")

    PuTTY configuration

  • click the "Add" button
  • click the "Open" button
You should then be prompted to login to "linux.gp.cs.cmu.edu" - enter your Kerberos username and password to login. (If you do not know your Kerberos password, you can find password reset instructions at: http://www.cs.cmu.edu/~help/accounts_passwords/forgot_password.html
  • once you have successfully logged into linux.gp.cs.cmu.edu, the PuTTY window can be minimized
  • next, open Remote Desktop, then enter "127.0.0.2:3390" as the computer to connect to, then click the "Connect" button

    PuTTY configuration

You should then be connected to the campus computer.

This process is tunneling the RDP traffic through the SSH connection, where traffic between your host and the SCS network is sent over an encrypted channel using TCP port 22. Note that traffic is not encrypted after it reaches our network.

If you experience problems with this procedure, ensure that the Windows firewall (or any other software firewall that is running on the machine) allows outgoing TCP port 22 connections. If you need assistance configuring your Windows firewall, contact the SCS Help Desk at "help@cs.cmu.edu" or 8-4231.