Secure remote desktop
Synopsis
Two methods to implement a secure remote desktop system with good performance are presented. A brief description explains how each works, the software used and how to configure it.
Introduction
When using a computer and it is possible to connect to a remote computer running Microsoft Windows in order to work on it. This note explains how to do so over a secure link. Lotwillow Ltd has successfully used both methods to support its bookkeeping and payroll clients.
Remote desktop
Remote Desktop client software is either included with recent versions of Microsoft's desktop operating systems or is available as a free download[1] from Microsoft's website. It allows a user to access a remote computer, displaying a window on the desktop of the local computer that shows the 'desktop' of the remote computer.
- For Windows XP Professional and Windows 7 Professional it can be run from the Start menu:
- Programs » Accessories » Remote Desktop Connection
- or:
- All Programs » Accessories » Remote Desktop Connection
Certain variants of Microsoft's operating systems include the corresponding Remote Desktop server software, notably the Professional versions, albeit in a limited form. The main restrictions are that it supports only one remote desktop session at a time and that the console user is logged out when a remote desktop session is started.
There is a slight twist to the latter point that works out usefully in practice; if the remote user uses the same credentials as the console user, (that is, the same login name and password), then the existing session is transferred away from the console user and to the remote user. This removes the risk of data loss which would otherwise be the case if the console user was forcibly logged out.
The performance of this kind of remote access is generally good compared to the commercial alternatives such as GoToMyPC, LogMeIn or any of the VNC products however there is effectively no security on the data transfers between the local and remote computers. This normally isn't a problem on an intranet but when the link is over the public internet then this is a major flaw.
Secure shell
Secure Shell (ssh) is a slightly misnamed industry-standard protocol that provides an encrypted link between two computers. It is most often used to provide a command interface on a remote computer that is safe from prying eyes but it can also carry data that otherwise would be unencrypted.
In this case it is used to encrypt data for the remote desktop link. This is called tunnelling – the remote desktop session is tunnelled over or through the ssh connection.
While this extra layer adds security it increases complexity in setting up the system and an extra step is required each time remote desktop connections are to be established. Against that, the overall performance has still been found to be better than that of GoToMyPC or LogMeIn, while also being cheap or completely free to use.
The big picture
Various scenarios can be imagined but here is one that is frequently required …
The user away from base starts a program that makes an ssh connection to a 'server' computer and enters[2] a username and password to log in. The application window may look like a command prompt window although the command prompt is for the server computer. The window can be iconised while remote desktop sessions are being used, then closed.
Once the secure connection has been established the user starts a remote desktop connection cunningly configured so that it attempts to connect to the user's own computer. The ssh connection software recognises this and passes it on to the server, adding some information to specify which computer should receive the remote desktop connection.
Directly or indirectly, the server forwards the remote desktop connection to the specified computer so that the user can log in – the user can then start work on the computer at the remote site almost as if they were sitting in front of it.
Multiple remote desktop connections may be made to different computers at the remote site, and the user is able to change between them at will.
Implementation
It's useful to have clarity over terms, so these descriptions will be from the point of view of the user accessing a remote computer. They also concentrate on describing configuration issues at the user's computer and at the remote site.
The two methods both use an intermediate computer as an endpoint for the encrypted link, the main difference being where it is located. This affects how the systems are implemented. The choices are
- using a computer inside the internal network containing the one being accessed remotely; this could be an existing PC running Microsoft Windows but if so it must be one that doesn't also need to be accessed remotely, or
- using a computer outside the internal network containing the one being accessed remotely, in which case the security risk of using this computer should be considered.