SSH <-Tunnel-> RDP / Using WRT54g DD-WRT v23 (SSHd)

Couple of questions:
1.
What are the advantages of using SSH to connect to a remote desktop over the net using XP's RDP (Remote Desktop) via a SSH tunnel?
vs.
Connecting directly to the remote PC via RDP (Remote Desktop) ONLY ???
---
2.
I understand RDP has encryption, so why would I need to also use SSH?
---
3.
If I use SSH do I need to setup a port forward for RDP, or does SSH already handle this?
---
I am new to SSH, and I've played with Putty a little, but any and all information you can give me on Tunneling thru SSH to connect to a remote desktop via RDP will be much appreciated.
p.s. All machines are running WinXP Pro, and I am using WRT54g with dd-wrt v23 Firmware which comes with SSHd.
THanks,
-BassKozz
basskozzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

naveedbCommented:
If you have enabled high encryption with RDP, then there is not much advantage using ssh. Someone who can break 128-bit encryption will be able to do the same with ssh.

Go for RDP high encryption, easy to setup and maintain then tunnel through ssh. ssh is more useful when you are unable to use the encryption with default protocol such as telnet of ftp etc. Since RDP come with High encryption, you don't have to use ssh.
0
basskozzAuthor Commented:
Does RDP default to "high" encryption setting ?
or is this something I need to set ?
...

Couldn't I connect to a remote computer via RDP tunneling thru SSH... WITHOUT having the port forwarded ?

Wouldn't this be more secure then leaving the Port forwards setup so someone can find them ?

-BassKozz
0
naveedbCommented:
You can make sure it does by configuring the GPO settings:

http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c08621675.mspx

Table 8-4 tells you what are the setting for RDP.

"Couldn't I connect to a remote computer via RDP tunneling thru SSH... WITHOUT having the port forwarded ?
"

Can you explain this further? you mean port forwarding on router/firewall? How will you connect to ssh without forwarding port 22 unless I did not understand your question.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

basskozzAuthor Commented:
"Can you explain this further? you mean port forwarding on router/firewall? How will you connect to ssh without forwarding port 22 unless I did not understand your question.
"
When I say port forward, I mean my Router has these ports forwarded (i.e. exposed to the internet).

What I mean is, I currently have RDP ports forwarded (i.e. 44444,44445,44446) for a few computers that I would like to connect to remotely, and I have setup each computer to listen for RDP on these ports...  But rather then leaving these ports open, can't I SSH tunnel into my router (SSHd) then connect to these computers withOUT having to leave these ports forwarded (exposed) on my router?
0
basskozzAuthor Commented:
Does this make sense?
0
naveedbCommented:
If you have multiple computers on the same subnet then it does make sense, and is more secure to have a single point of entry. You should go with sshd, tunnel into the machine and then connect via RDP.

Looking again, I see at the end of your original question have mentioned multiple machines.

The only issue (possible issue) that I can see is that you are using dd-wrt firmware, which is open source developed independtly. Although I do not see any bugs / issues, but it is less secure then having a Linux box (with major distribution like RedHat or Suse) inside your network and use it as sshd.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.