Hosting Provided By

Re: Secure / Encrypt Terminal Services

From: Andras Vass <vass(at)virgosystems.hu>
Date: Tue Nov 26 2002 - 12:22:45 EST

SSH port forwarding should work.
For a low-cost solution you may try to install Cygwin and the OpenSSH daemon.
The exact procedure can be found at
http://tech.erdelynet.com/cygwin-sshd.html Once you get it running, you can connect to the server from the clients with your favourite ssh client.
(I would recommend putty,
http://www.chiark.greenend.org.uk/~sgtatham/putty/ ) Make a local port forwarding from (for the sake of simplicity) port 3389 to yourserverip:3389 or to localhost:3389.
Then connect with your SSH client.
This way, when you connect to localhost with Terminal Services Client you'll find yourself connected to
the remote site, with SSH encrypting your packets and watching for their integrity. :-)

ps.:
A note on XP clients.
XP Remote Desktop complains if you try to establish a connection to localhost.
You can avoid this problem if you copy the mstsc.* files to a separate directory,
enable win98 compatibility mode on them, and then run the client tool from the new location.
This way, you can connect to localhost.
(That is forwarded to your server, of course.. :^)

ps2:
Say you also have terminal services running on the client, on TCP port 3389 So you want to use another port, eg. client port 3901 should be forwarded to remote port 3389.
Apply these changes in the ssh client tool, and remove the old 3389->3389 forwarding.
Now you only have to tell TSC or RDC to use this modified port. In RDC(comes with XP, as far as I can tell): just type localhost:3901 instead of localhost. In TSC(win2000, others):
open client connection manager, make a new connection to localhost. Choose file->export.
Edit the resulting .cns file, change the line "Server Port=3389" to "Server Port=3901".
Save it, then doubleclick...That's it...

Original Message ----- From: <TSimons@Delphi-Tech.com> To: <ohnonono@hushmail.com> Cc: <focus-ms@securityfocus.com> Sent: Tuesday, November 26, 2002 4:42 AM Subject: RE: Secure / Encrypt Terminal Services

> We're looking for the same thing, I'll be watching posts, initial finds
are:
>
> Check out www.jsiinc.com
without
> inhibiting functionality, maybe something at the firewall level
Can
> it be done via IP-Sec? Basically we have a machine (tripwire manager)
that
> will have access to all our networks. Due to politics (gotta love
security
> made insecure by politics) it must be remotely managed. The CIO (god
bless
> CIO's) has decided that we will use terminal services. Is there a way to
Received on Tue Nov 26 16:04:16 2002

This message: [ Message body ]
Next message: TSimons(at)Delphi-Tech.com: "RE: Secure / Encrypt Terminal Services"
Previous message: Brian W. Spolarich: "RE: Question: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)"
In reply to: TSimons(at)Delphi-Tech.com: "RE: Secure / Encrypt Terminal Services"
In reply to TSimons(at)Delphi-Tech.com: "RE: Secure / Encrypt Terminal Services"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT