# VBForums UtilityBank > UtilityBank - Tutorials >  Goto My Work PC - for FREE!!

## visualAd

You may have already read the Goto My PC for FREE tutorial. In this tutorial I explained how you make a secure remote desktop connection to a PC using the free software SSH, VNC and Putty.

In reponse to this I received a following question:



> I would like to access a PC that resides on an internal network. I do not administer this network, therefore I cannot forward connections on port 443 to the PC.


I first I said that this was not possible. Then I realised that tunneling can also work in reverse.

In this tutorial I will demonstrate how to use a reverse (remote) tunnel, to make a secure remote desktop connection to a PC which is behind a Firewall which you have no control over. This is typically the case if you are attempting to acces a PC which resides on a corparate network.

This setup requires several pieces of software, all of which are free and can be downloaded.

FreeSSHD - Allows you to make a secure remote connection to a windows PC and setup SSH tunnels, allowing other services to connect to your PC securely.

Putty - Putty is a Free SSH client for windows. We need this to connect to the SSH server on the remote PC. It will also allow us to transfer files between the two PC's.

VNC - VNC allows you to make a remote desktop connection to a PC, as if you were sitting in front of it. Download the free version.

*Setting Up the SSH Server*

SSH is an acronym for Secure Shell. It was developed for UNIX to enable administrators to log into a server remotly from anywhere with an internet connection and control it. SSH remains today the remote connection method of choice for UNIX and Linux savys.

FreeSSHD, is an SSH server for Windows. It in effect allows you to connect to your machine via the command line similar to a telnet connection, but, securely. More importantly however and the feature we will be using, it allows you tunnel connections through SSH to you local computer.

*What is Tunneling?*
As the name suggests, it is setting up a tunnel but for connections between machines. Once connected to a mahine via SSH, we can tunnel other connections through the secure SSH connection to the remote PC. To the remote PC, it appears as if the connection has originted locally. To the connecting PC, it appears as if the connection is being made locally.

Why do this? Obviously a remote desktop connection is not something we want everyone to access. The standard VNC connnection is not encrypted. However, send it through an SSH tunnel and the connection is encrypted, secure and password protected.

*What is Reverse (Remote) Tunneling?*
Reverse tunneling is exactly the same as normal tunneling. However, instead of tunneling connections from the client to the SSH sever; connections from the server are tunneled through to the client.

This means the server can access services such as VNC on any client which is connected via SSH and has remote tunneling set up.

*Definitions*
Before I start, a few definitions:
*Remote PC* - this is the computer that resides behind the firewall, prehaps on a corprate network. You want to be able to make a secure remote dekstop connection to this PC.*Server* - The server is a PC which resides on a network you have control over such as a home PC or LAN. You will be making a remote desktop connection to the remote pc from the server.

----------


## visualAd

*About 10 Easy(ish) Steps*

If you follow these steps you'll have your secure remote desktop connection up and running in less than an hour.
First step is to download and install FreeSSHD on the server. Select the full installation and choose to run as a Windows service. (you can opt not to install the service, however freesshd will not start when windows starts and you must logon to the computer before running it).
Once installed, a new icon should appear in the task bar. Double click this to bring up the configuration screen.
Set the SSH port to 443. There is a good reason for this as in many shoools, colleges and companies you must connect to the Internet via a proxy server. Connecting on port 443, the standard HTTPS port, ensures that you will always be able to access the PC.


The next step is to create a user. Click on the users section and add a new user.



I *Do not* recommend using Windows authentication. Creating a separate user is not only safe, it gives you more control over the server. Ensure that the user has *tunneling* permissions.
We must now enable SSH tunneling for both local (from the remote PC to the server) and remote (from the the server to the remote PC) connections.


The next step is to download and install VNC. 

On your server, you need just the VNC Viewer. On the remote PC which we will be be making the remote desktop connection to, you need both the viewer and the server (which should be installed as a Windows service).


After installation the server configuration screen will be displayed. VNC gives us the option of password protecting the connection, but as the password is sent unencrypted and we will only ever be connecting from the local machine, there is little point setting a password.


Click on the connections tab next, take note of the VNC port 5900 and tick the box which says "Only Accept Connections from the local machine". The server also provides a Java viewer which can be used in a web browser. I tend to prefer the executable client though.



_(you may be wondering why we only want to accept connections form the local machine. Tunnelling always forwards ports to your local machine address 127.0.0.1, if you do not tick this option, anyone from anywhere on the Internet will be able to access the server)_
We are now ready to connect to the server remotely. But first we need the Windows SSH client Putty installed on the remote PC. I recommend you download the ZIP archive containing all the Putty tools as they include other useful utilities including an SFTP(Secure-FTP) file transfer utility.

Extract the archive to a directory of your choice.
Open up the putty client on the remote PC. In the session screen type the IP address or host name of the PC you are connecting to, select SSH and type 443 as the port.


Now set up the tunnels for the SSH connection. To do this goto Connection->SSH->Tunnels. Remember I said you'd need that port number for VNC? You need two pieces of information, the port and the server your are tunneling to. In our case this is as follows:

*localhost:5900*
*localhost:5800* (if you want to connect via the Java client in a web browser)

The source port is the port that we will be making the connection to. In most cases these will be the same. However, if the server has a VNC server, you'll need to change these.



Important: to make this a reverse tunnel, you must ensure that the remote radio button is selected.
*This step is important*. Many firewalls drop connections which have been inactive for a time. As you will be tunneling through from the server it is likely that the SSH connect will remain dormant for some time before a connection is made. You therefore need to configure putty to send null packets on regular basis to keep the connection open.

Goto Connection and enter 20 in the seconds between keep alives textbox. (this should be more than enough)


At this point I recommend you save the current configuration. You can do this by going to Session, typing a name in the Saved Session box and pressing Save.


Now press the open button. Press OK to accept the servers public key and login using the credentials of the user you set up earlier. If all has gone well you will see a command line prompt similar to what you see on Windows.



The final step is to make the remote dekstop connection. Now that we have setup the tunnel on the remote PC, you can connect via VNC from the server to the remote PC. The connection will be secure becuase it is going through the secure shell connection which is encrypted by default.



To connect to a VNC server, you need to open the VNC Viewer on the server and connect to localhost. You can also connect via a web browser, if you enabled the Java viewer, by navigating to the following address:

http://localhost:5800/
That's it, you should now be able to see your desktop. No expense, secure and not too complicated. 



I recommend you copy the Putty tools and the VNC Viewer to a usb disk or floppy disk. You can them use your setup anywhere you please. I have put these files into a ZIP archive, along with a batch script putty.bat (this saves and restores the putty registry settings - if you wish to save your configuration from the putty window, you'll need to open Putty using putty.bat)

If you have any comments, suggestions or questions about this tutorial, please post them here.

----------

