SCS Computing
 Services and Solutions
  links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 » How to… 
 » Accounts & passwords 
 » AFS 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Support lifecycle 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

Tunneling Remote Desktop traffic through an SSH connection

If you are using the VPN in order to use Remote Desktop to connect to a campus machine from off-campus, you can use the following procedure as an alternative to running the Cisco VPN client.


  • Open PuTTY (if PuTTY is not installed, it can be downloaded from: \\\pc_dist\putty)
  • When PuTTY is opened, enter "" in the "Host Name" field

    PuTTY configuration

  • Expand the "SSH" heading in the column on the left, then click "Tunnels"
  • In the "Source port" field, enter ""
  • In the "Destination" field, enter the name of the machine that you would like to Remote Desktop to followed by a colon and 3389 (i.e. "HOSTNAME.CS.CMU.EDU:3389")

    PuTTY configuration

  • Click the "Add" button
  • Click the "Open" button
You should then be prompted to login to "" - enter your Kerberos username and password to login. (If you do not know your Kerberos password, you can find password reset instructions at:
  • Once you have successfully logged into, the PuTTY window can be minimized
  • Next, open Remote Desktop, then enter "" as the computer to connect to, then click the "Connect" button

    PuTTY configuration

You should then be connected to the campus computer.

This process is tunneling the RDP traffic through the SSH connection, where traffic between your host and the SCS network is sent over an encrypted channel using TCP port 22. Note that traffic is not encrypted after it reaches our network.

If you experience problems with this procedure, ensure that the Windows firewall (or any other software firewall that is running on the machine) allows outgoing TCP port 22 connections. If you need assistance configuring your Windows firewall, contact the SCS Help Desk at "" or 8-4231.