mercoledì 6 gennaio 2010

Remote Desktop via Openssh and Putty

I often need to remote control my Ubuntu server with a Windows client. Even if I do very simple operations via Remote Desktop, I prefer to forward my traffic through SSH Secure Shell. The steps to tunneling an insecure connection are very simple.


Install Openssh Server and ssh. Run a terminal and type:

 stefano@SERVER:~$ sudo apt-get install ssh openssh-server

Generate a pair of public and private keys executing the following commands:

 stefano@SERVER:~$ mkdir ~/.ssh
 stefano@SERVER:~$ chmod 700 ~/.ssh
 stefano@SERVER:~$ ssh-keygen -t rsa -b 2048
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 stefano@SERVER:~$ cat ~/.ssh/ >> ~/.ssh/authorized_keys
 stefano@SERVER:~$ chmod 600 ~/.ssh/authorized_keys

Edit your sshd_config:

 stefano@SERVER:~$ sudo gedit /etc/ssh/sshd_config

Usually I use these settings:

 Port 22
 PermitRootLogin no
 RSAAuthentication yes
 AuthorizedKeysFile %h/.ssh/authorized_keys
 PasswordAuthentication no
 AllowUsers names_of_allowed_users

Copy ~/.ssh/id_rsa to your Windows client.
Enable Remote Desktop clicking on System --> Preferences --> Remote Desktop:

Now let's configure the router. We need to setup port forwarding on your router. To do that, your pc has to have a static IP. For example, you could use Now redirect your browser here, choose your router, then select SSH and follow all steps. At the end you should have something like this:


Download PuTTy and PuTTYgen
PuTTYgen can import the private key generated on the server and save it in a format PuTTy-readable. Run PuTTYgen, then click Conversions --> Import Key:

Now click "Save private key"
Run PuTTy and follow next steps:

HINT: You have to enter if you're in your home/office lan. If you wanna control a remote pc outside your lan, you have to enter an internet IP address. If your remote computer has a dynamic IP, you can evaluate the possibility to create a hostname that points to your IP address.

Now go back to "Session" and save this setup, then click "Open". Log in with your username and enter the password you have chosen for your private key.

Last thing to do: you need to download a VNC viewer to controll your remote desktop. I really like TightVNC.  Download Viewer executable only and run it:

Insert as VNC Server and click "Connect"

 Enter the password you have choosen for your Remote Desktop


Voilà! You can control your remote computer. You can save the connection info not to repeat the last steps.

Click Yes, choose a path to store the informations and create a link on your desktop.

That's all!