One-click RDP over SSH tunnel with Windows machines at both ends

While you can use PuTTY for SSH tunneling and then manually launch Remote Desktop Connection, I find it more efficient to simply reuse techniques so convenient from Linux. Here is how to do one-click RDP over SSH tunnel using Windows on both ends using Cygwin.

Example:
Suppose your remote SSH server on the remote Windows PC is on port 22 at WAN address 1.2.3.4, and it has a firewall blocked (as it should be!) RDP server at Port 3389 (the standard Windows Remote Desktop port). You have a user “joe” setup on the remote PC for remote access. Then, do:

  1. In Cygwin, type nano ~/myRDP and type:
    #!/bin/bash
    ssh -f -p 22 -L 3391:localhost:3389 joe@1.2.3.4 sleep 2;
    mstsc /v:localhost:3391
  2. Exit and save, then type chmod +x ~/myRDP
  3. In Windows, create a shortcut to:
    C:\cygwin\bin\mintty.exe -e /bin/bash -l -c '$HOME/myRDP'

Double clicking that windows shortcut should launch cygwin, make the SSH connection (you’ll be prompted for SSH password, or use a public key file) and then make the RDP connection over the SSH tunnel (where you will be prompted for the Windows password).

Notes:

1) You can’t specify most Remote Desktop parameters on the MSTSC command line, but if you need to do this, you can save a .RDP profile file (here, we saved it to
c:\MyRDP\MyFirstPC.RDP
) from Remote Desktop Connection and then load that specific profile by:

mstsc "c:\MyRDP\MyFirstPC.RDP" /v:localhost:3391

Note, we used Port 3391 for the local forwarding because Windows 7 uses Port 3390 for something else.

On Windows 7, you may find you have to specify an RDP file. Here’s an RDP template you can try–save this as the MyFirstPC.RDP file, after changing the 2nd to last line JoePC\Joe to match your Domain\Username:


screen mode id:i:1
use multimon:i:0
desktopwidth:i:1024
desktopheight:i:768
session bpp:i:24
winposstr:s:0,1,0,0,1024,768
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:1
displayconnectionbar:i:1
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:localhost:3391
audiomode:i:1
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
redirectclipboard:i:1
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:0
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:1
use redirection server name:i:0
networkautodetect:i:0
bandwidthautodetect:i:1
enableworkspacereconnect:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
username:s:JoePC\Joe
drivestoredirect:s:

Thanks to Chhavi Goenka for testing this on Windows 7 on a live system.