Posts Tagged ‘CopSSH’

Awhile back, I posted a guide detailing how you can configure CopSSH on your home computer and use it to securely route your Windows Remote Desktop traffic in order to add an extra layer of security to the whole process.

Typically, once Putty was configured and used to create the SSH tunnel to the remote machine, all I would need to do is simply create a loopback RDP connection on port 3390, and I was in business.  In my testing of Windows 7, I found that when attempting to create a loopback connection on port 3390, I would receive an error that a connection was already established.  The exact error reads as follows:

Your computer could not connect to another console session on the remote computer because you already have a console session in progress.

I changed Putty’s configuration to forward on port 3391 instead of 3390, and the problem was solved.  I’m not sure why Windows 7 establishes some sort of connection on 3390, but at least the workaround is pretty painless.

I just wanted to pass along this info for anyone having issues with RDP tunneling.

Download This Guide in PDF Format

I like having the ability to remotely access my PC at home while I am away in case I want to grab an important file I have left there, or if I need to finish something I didn’t quite get around to.  For ages I simply set port forwarding on my router allowing port 3389 to be directed to my desktop PC, which let me connect to my computer using Microsoft Remote Desktop Protocol (RDP).  While this was not the most secure method of doing so, it worked, and I did not want to change how I did things.

That’s not to say that RDP is not secure – it does use 128 bit RC4 according to Microsoft.  However, with man-in-the-middle attacks being relatively easy to carry out, I thought there had to be a better (and more secure) way of connecting to my oh so precious home network.

In the end, I decided that I could route my RDP sessions through an SSH tunnel and sleep a little easier at night.  If you follow the directions below, you can too.

Going forward in this document, I will use the term “Server” to refer to the remote computer (in my case, my home PC) that we will be connecting to.  I will use the term “Client” to refer to my local computer, the computer I will be connecting from.

Installing CopSSH

1) Download CopSSH, Putty and Puttygen.

2) Execute the CopSSH installer, click Next to proceed, then click I agree to accept the license agreement.

Continue reading “Securing Windows Remote Desktop with CopSSH” »

I installed VMware on my Vista machine not too long ago, and found that I could no longer reach my machine remotely via the CopSSH daemon [Read my article on CopSSH here], nor via the Remote Desktop Client. At first I thought it might have been a problem with the port forwarding on my router, but I quickly found that I could not reach my main computer within my own LAN.

The problems started immediately after I installed VMware, so I figured that was the culprit. I dug around a bit and found nothing out of the ordinary as far as my installation was concerned, so I dug around on the web. I found the solution to my problem in the VMware user forum.

It is well known that VMware installs several virtual network adapters to use for NAT, among other things. What is not so well known is that when your Vista firewall is enabled, it views these two new adapters as interlopers, and configures the firewall as if you were on a public network without notifying you of the change. This essentially shuts down any service ports you might have had open, custom or otherwise, if you did not specify them in the firewall exemption list at some earlier point.

To remedy the problem, you can do one of two things:

1) Turn of  the Vista firewall. That’s it – you should be good to go after that.

2) Configure your virtual machines to use bridged networking, and disable the two VMware virtual adapters in the Windows Device Manager, leaving your firewall enabled.

I actually disabled both of the adapters and disabled Vista’s firewall, but that’s just me.

Hopefully this helps someone out there with the same issue.