Network SecuritySSH Tunneling

David FunkMatt McLaughlin

Systems AdministratorsComputer Systems Support

COE, University of Iowa

Using SSH Tunneling SMB Mount Remote Desktop

Direct Connect

Shareclient

SMB file serverPort 139

Tunnel

SMB file server

Share client

SSH client

SSH server

Port 22

encrypted

Port 139

sshd

Port 139

Download ToolsSetup lmhosts

rpccfg.exe http://download.microsoft.com Search for rpccfg

C:\windows\system32\drivers\etc\lmhosts 127.0.0.1 smb00

Set TCP Port 135

Listen only on interfaces specified by Bind value

HKLM\System\CurrentControlSet\Services\RpcSs Add ListenOnInternet REG_SZ N

Reboot

Configure RPC Configure host not to listen on 0.0.0.0:135

rpccfg –l Select interface number of non-loopback interface

rpccfg -a 65539 Reboot

Setup SecureCRT(or Favorite SSH Program)

SecureCRT Tunnel Ports

Z:"Port Forward Table V2"=00000002 port135|127.0.0.1,135|1|128.255.17.40|135|| port139|127.0.0.1,139|1|128.255.17.40|139||

Setup “Port Forward Filter” =allow,127.0.0.0/255.0.0.0,0

allow,128.255.20.23/255.255.255.255 deny,0.0.0.0/0.0.0.0,0

Remote Desktop TunnelBasic Setup

Make sure remote assistance and remote desktop are turned off under Start | Control Panel | System | Remote

Setup SSH with local port 3389 forwarded to remote port 3389 on target Windows computer

Setup Modified mstsc.exe

Allow connections to 127.0.0.1

Copy c:\windows\systems32\mstsc.exe and mstscax.dll to another folder

Set mstsc.exe in new location to run in Windows 98 compatible mode.

Connect viaRemote Desktop

Connect SSH session

Start modified mstsc.exe

Connect to 127.0.0.1

Login as usual