Stepwise Tutorial: How to Create Remote Desktop SSH Tunnel Using PuTTY
This post mainly introduces how to create a Remote Desktop SSH tunnel using PuTTY on Windows 10 and 11. If you want a remote connection with a higher level of security, this post will be your help.
By Ellie / Updated on December 13, 2024
How to Remote Desktop through SSH?
I use RDP to get a connection to a remote server. Recently, I was told that I could remote into another computer with a higher level of security by tunneling RDP over SSH. As I always deal with sensitive and important information, I wanna give it a try. But I don’t know how to do it, can anyone tell me?"
- Question from Reddit
The risks associated with exposing Remote Desktop Protocol (RDP) to the internet are widely acknowledged. A tool intended for user convenience has become a prime target for scripted brute force attacks and various other exploits.
Fortunately, there exist numerous strategies to bolster Remote Desktop security. Enhancing the security of your remote sessions can be achieved through establishing an SSH tunnel using PuTTY, a widely-used SSH and telnet client for Windows.
Benefits of accessing RDP through SSH tunneling using PuTTY
-
Enhanced Security: SSH tunneling encrypts the RDP traffic, providing a secure communication channel between the local and remote systems. This encryption helps prevent eavesdropping and man-in-the-middle attacks, which are common risks when using RDP alone over the internet.
-
Low Cost: PuTTY is free to download and use. It requires minimal hardware resources, doesn't entail additional software licensing fees, and allows you to leverage existing infrastructure without significant investment.
-
Bypassing Firewalls and Network Restrictions: Many networks, especially corporate networks, have strict firewall rules that block incoming RDP connections. SSH tunneling allows you to bypass these restrictions by encapsulating the RDP traffic within SSH, which is typically allowed through firewalls.
Step-by-step guide to creating a Remote Desktop SSH tunnel using PuTTY
Creating an SSH tunnel for Remote Desktop (RDP) allows you to secure your remote desktop connection by encrypting the data transmitted between the client and the server. Here are the general steps to create a Remote Desktop SSH tunnel using PuTTY.
There are two prerequisites you need to know before configuring RDP over SSH:
- Ensure that you have an SSH server running on the remote machine you want to connect to. If it's a Windows machine, you may need to install an SSH server like OpenSSH for Windows.
- Download PuTTY on your devices.
Part 1. Launch PuTTY and configure the SSH connection
Step 1. Begin by launching PuTTY, which will open the PuTTY Configuration window.
Step 2. In the “Session” category, input the hostname or IP address of your SSH server in the “Host Name (or IP address)” field.
Step 3. Confirm that the port is set to SSH, typically port 22.
Step 4. Select the appropriate connection type as SSH.
Step 5. Optionally, you can save the session configuration for future use by entering a name in the “Saved Sessions” field and clicking the “Save” button.
Part 2. Configure SSH tunneling settings
Step 1. In the PuTTY Configuration window, go to the "Connection" category.
Step 2. Expand the "SSH" menu and select "Tunnels".
Step 3. Enter the Source with a port for the local machine, such as "127.0.0.1:3389". You can choose any port range from 0 to 65536.
Step 4. Enter the Destination with port "localhost:3389" since RDP typically listens on port 3389.
Step 5. Ensure the "Local" radio button is selected.
Step 6. Click the "Add" button to include the tunnel in the list.
Step 7. Verify that the added tunnel appears in the "Forwarded ports" section.
Part 3. Establish the SSH connection and configure the RDP
Step 1. Return to the “Session” category in the PuTTY Configuration window.
Step 2. Click the “Open” button to initiate the SSH connection.
Step 3. You may receive a security prompt if it’s your first time connecting to the SSH server. Verify the server’s fingerprint and proceed.
Step 4. Enter your SSH username and password when prompted.
Step 5. Once the SSH connection is established, leave the PuTTY window open.
Part 4. Connect RDP through the SSH tunnel
Step 1. Begin by launching the Remote Desktop Connection client on your local machine. You can do this by pressing the Windows key + R, then typing “mstsc” and pressing Enter.
Step 2. In the Remote Desktop Connection window, enter “localhost:9999” (or the source port you chose) in the “Computer” field.
Step 3. Click the “Connect” button to initiate an RDP session.
Step 4. If necessary, provide your remote system’s credentials to log in.
Step 5. Congratulations! You are now remotely connected to the Windows system via an SSH tunnel established with PuTTY.
Important notes:
- Ensure that your firewall settings allow the specified ports.
- Dynamic port forwarding (SOCKS proxy) allows you to tunnel other traffic as well, not just RDP. Adjust the settings accordingly.
- Always use strong, unique passwords for both your SSH and RDP connections.
AnyViewer: Secure remote access software
If you're in search of a secure way to remote access another computer instead of configuring SSH Remote Desktop on Windows 10 and 11, consider AnyViewer, a free and secure remote desktop software. Here are some key security features of AnyViewer:
- Encrypted Remote Connections: Using a robust 256-bit Elliptic Curve Cryptography (ECC) algorithm ensures the confidentiality and integrity of your remote sessions.
- Two-Factor Authentication: Enhancing security with an additional layer of verification ensures that only authorized individuals can access your remote desktop.
- Device Authentication: AnyViewer simplifies security by allowing you to lock its interface when stepping away or sharing your machine. This prevents unauthorized access and modifications, preserving your preferences and system security.
Download AnyViewer, install and launch it on both the remote computer and the local computer, and see how it works.
Step 1. Download, install, and launch AnyViewer on both computers. Go to Log in, and then click Sign up. (If you already have signed up on its official website, you can log in directly.)
Step 2. Log in to the same AnyViewer account on the two devices.
Step 3. On the local device, choose the remote device and then achieve a direct connection by clicking One-click control.
- ★Tips:
- For an even more enriching remote desktop experience, contemplate upgrading to a Professional or Enterprise plan with AnyViewer. Here's what you'll gain access to:
- Better Device Control: Easily manage multiple unattended access devices with precision.
- Effortless Multi-Tasking: Handle multiple remote sessions concurrently, simplifying multitasking.
- Fast File Transfers: Quickly move large files between devices for improved efficiency.
- Privacy Mode: Ensure discreet access to remote devices by darkening the screen and disabling the keyboard for added privacy.
- Screen walls: Create screen walls to manage and monitor multiple devices at one window.
- Create groups: Create groups for enterprise devices to manage large numbers of devices conveniently.
Conclusion
In conclusion, safeguarding your remote desktop connections is paramount, especially when dealing with sensitive data. Creating a Remote Desktop SSH tunnel using PuTTY offers a robust solution, enhancing security while bypassing firewall restrictions. By following a simple step-by-step guide, you can establish a secure connection and access remote systems with confidence.
Additionally, exploring alternatives like AnyViewer provides further security features and flexibility for remote access. Whether opting for SSH tunneling or exploring alternative remote desktop solutions, prioritizing security measures is crucial in today's digital landscape.
