tunneling Win2K Terminal Services over SSH or zebedee

Posted on 2003-02-26
Medium Priority
Last Modified: 2012-05-04

I was wondering if anyone knew of tunneling Win2K Terminal Services over zebedee or SSH, or another type of high encryption protocol?

I'm looking to run Terminal Services over the internet, but I want want to tunnel it over (preferably) SSH-2, since I know that protocol.  Zebedee is a new protocol that I heard, but it's not feature complete.

Please let me know what your thoughts and experiences are.  Thanks.  


Question by:scottiesi
  • 3
  • 2

Expert Comment

ID: 8030313
On the server machine, an SSH2 server such as WinSSHD must be installed. On the client machine, an SSH2 client, such as Tunnelier, must be configured so that connections on port 3389 will be forwarded to the Remote Desktop server. One must then direct the Remote Desktop client to connect to the SSH2 client instead of directly to the server, and the connection will be forwarded over the SSH2-secured link.

Author Comment

ID: 8030780

Thanks for the input.  That sounds about right, but it's one step too many.  Is it possible to write a script, either batch or WSH script to automate that all in one step?  

Double click on the script and it will initiate the SSH connection, start up Terminal Service Client, and connect to the server.  I guess the script might have to do some monitoring perhaps.  


Expert Comment

ID: 8031791
You can script the SSH connection fairly easily with the commercial SSH client from http://www.ssh.com/ and I am sure that you could do it with SecureCRT, putty (free) and others.

Here are the 2 commands you would have to run. I dont know much about WSH but this should be trivial.

ssh2 -l username sshserver.domain.com -L 3389:ts.domain.com:3389

c:\windows\system32\mstsc.exe /v:localhost

Unless you setup certificates this will require you to enter the SSH user password each time.

This will not work with XP, it will not allow you to try to connect to localhost with TS Client. It will with 2000.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.


Accepted Solution

atreyu138 earned 200 total points
ID: 8038996
It is possible to connect to localhost with TS Client on an XP box:

1. Create a folder (For example c:\TSclient) on your XP box
2. Copy mstsc.exe and mstscax.dll from your XP's %systemroot%\system32
to this folder.
3. Right click mstsc.exe and go to the properties of it.
4. Select the Compatibility tab
5. Check "Run this program in compatibility mode for"
6. Select "Windows 98/ Windows Me"
7. Click on OK
8. Connect your SSH to the remote network or machine
9. Forward another port than 3389, for example 3390
10. Use the newly copied mstsc.exe to connect to

I know, I know, too many steps, but i fugured I'd just let ya'll know!

Author Comment

ID: 8081737
Hi everyone,

This looks good so far.  

Author Comment

ID: 8130663
Hi atreyu138,

Excellent, this looks good.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question