login about faq

How can I tunnel Windows Terminal Services using the Tectia SSH client?

asked Dec 29 '10 at 20:31

SSH%20KB's gravatar image


SSH Secure Shell can be used to securely tunnel Terminal Services connections. For this to work, you will need the following software:

Client Side

  • SSH Tectia Client
  • Terminal Services Client

Server Side

  • SSH Tectia Server (Windows)
  • Terminal Services Server

On the server side you need to ensure that TCP forwarding is allowed.

To set up tunneling using the SSH Secure Shell Windows GUI client do the following:

Open the SSH Client and go to Edit -> SSH Tectia Connections Configuration -> Connection Profiles -> (The profile you use for connecting to Terminal Services) -> Tunneling.

For tunneling Terminal Services you will only need to add one 'local' tunnel.

For Terminal Services traffic:

  1. Click on the Add button to bring up the 'Local Tunnel' dialog box.

  2. Set the type as 'TCP'.

  3. Listen Port is the port on the client side that the TCP traffic will be connecting to. Terminal Services uses by default the port 3389, so use '3389'.

  4. Destination host is the host where the TCP traffic is forwarded to (where the Terminal Services Server is located).

  5. Destination port is the port where the remote Terminal Services Server is listening. In the case of Terminal Services this is usually '3389'.

  6. Now click OK and the tunnel should appear in the Local tunnels box. Click OK to close the Settings GUI.

  7. Connect to the remote host. After you have authenticated by using SSH Tectia Client, the tunnel should be ready to use. Open the Terminal Services Client on the SSH client host and use it to connect to localhost. By default Terminal Services will connect to port 3389.

You should see that the Terminal Services traffic has been forwarded through the tunnel and you should be able to use the remote computer.

Note! Remote desktop client in Windows XP denies connections to loopback addresses both with hostname 'localhost' and IP address Workaround is copying the two relevant files to another location and configuring the Remote Desktop client to function in 98-compatibility mode. In your \WINDOWS\SYSTEM32 directory, locate the files mstsc.exe and mstscax.dll, and move them to another directory. This will enable you to run the Remote Desktop client in Windows 98 compatibility mode. You can reach the relevant settings by right-clicking on mstsc.exe in its new location, and selecting Properties > Compatibility. When the program is run in Windows 98 compatibility mode, it does not appear to protest when connecting to localhost.


answered Dec 29 '10 at 20:39

SSH%20KB's gravatar image


Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Dec 29 '10 at 20:31

Seen: 8,529 times

Last updated: Jan 27 '11 at 03:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.