Services like GotoMyPc, allow you to access your computer securly from any location in the world via a web interface. But, at a price. In this case $17.95 per month. This in my opinion is a little bit costly as I have worked out how to do it for free. And guess what, I am going to be nice and share how to do it and probably get a price put on my life by the guys at GotoMyPc.
Firsty, I'll make it clear what this solution provides. It allows you to access your PC via the Internet through a secure remote connection, you will be able to interact with the PC as if you were sitting at the machine. You must have the computer running while you are accessing it
This setup requires several pieces of software all of which are free and can be downloaded.
FreeSSHD - Allows you to make a secure remote connection to a windows PC and setup SSH tunnels, allowing other services to connect to your PC securely.
Putty - Putty is a Free SSH client for windows. We need this to connect to the SSH server on the remote PC. It will also allow us to transfer files between the two PC's.
VNC - VNC allows you to make a remote desktop connection to a PC, as if you were sitting in front of it. Download the free version.
Setting Up the SSH Server
SSH is an acronym for Secure Shell. It was developed for UNIX to anble administrators to log into a server remotly from anywhere with an internet connection and control it. SSH remains today the remote connection method of choice for UNIX and Linux savys.
FreeSSHD, is an SSH server for Windows. It in effect allows you to connect to your machine via the command line similar to a telnet connection, but, securely. More importantly however and the feature we will be useing, it allows you tunnel connections through SSH to you local computer.
What is Tunneling?
As the name suggests, it is setting up a tunnel but for connections between machines. Once connected to a mahine via SSH, we can tunnel other connections throgugh the secure SSH connection to the remote PC. To the remote PC, it appears as if the connection has originted locally. To the connecting PC, it appears as if the connection is being made locally.
Why do this? Obviously a remote desktop connection is not something we want everyone to access. The standard VNC connnection is not encrypted. However, send it through an SSH tunnel and the connection is encrypted, secure and password protected.
About 10 Easy(ish) Steps
If you follow these steps you'll have your secure remote desktop connection up and running in less than an hour.
- First step is to download and install FreeSSHD. Select the full installation and choose to run as a windows service. (you can opt not to install the service, however freesshd will not start when windows starts and you must logon to the computer before running it)
- Once installed, a new icon should appear in the task bar. Double click this to bring up the configuration screen.
- Set the SSH port 443. There is a good reason for this as in many shoools, colleges and companies you must connect to the Internet via a proxy server. Connecting on port 443, the standard HTTPS port, ensures that you will always be able to access the PC.
- The next step is to create a user. Click on the users section and add a new user.
I Do not recommend using Windows authentication. Creating a separate user is not only safe, it gives you more control over the server. Ensure that the user has tunneling permissions.
- We must now enable SSH tunneling.
- The next step is to download and install VNC. Again, opt for the full installation and install it as a Windows service.
- After installation the server configuration screen will be displayed. VNC gives us the option of password protecting the connection, but as the password is sent unencrypted and we will only ever be connecting from the local machine, there is little point setting a password.
- Click on the connections tab next, take note of the VNC port 5900 and tick the box which says "Only Accept Connections from the local machine". The server also provides a Java viewer which can be used in a web browser. I tend to prefer the executable client though.
(you may be wondering why we only want to accept connections form the local machine. This is because we will use an SSH tunnel provided by FreesSSHD to forward the connection to from the remote machine to the local machine, as far as our PC is concerned the connection will be from a local entity)
- We are now ready to connect to the computer remotley. But first we need the Windows SSH client Putty. I recommend you downlaod the ZIP archive containing all the Putty tools as they include other useful utilities including an SFTP(Secure-FTP) file tansfer utility.
- Open up the putty client on the remote computer (the comptuer you want to make the connection from). In the session screen type the IP address or host name of the PC you are connecting to, select SSH and type 443 as the port.
- Now set up the tunnels for the SSH connection. To do this goto Connection->SSH->Tunnels. Remebmer I said you'd need that port number for VNC. You need two pieces of information, the port and the server your are tunneling to. In our case this is as follows:
localhost:5800 (if you want to connect via the Java client in a web browser)
The source port is the port that we will be making the connection to. In most cases these will be the same. However, if the remote PC has a VNC server, you'll need to change these.
- Now press the open button. Press Open to accept the servers public key and login using the credentials of the user you set up earlier. If all has gonde well you will see a command line prompt similar to what you see on windows.
- The final step is to make the remote dekstop connection. Now that we have setup the tunnel, you can connect to your remote PC via VNC. The connection will be secure becuase it is going through the secure shell connection which, is encrypted by default.
To connect to a VNC server, you need to open the VNC Viewer. This included in the installation you downlaoded earlier in the follwoign location:
You can safelty copy this executable to a floppy disk or USB driver for use on the go.
You can also connect via a web browser, if you enabled the Java viewer, by navigating to the following address:
That's it, you should now be able to see your desktop. No expense, secure and not too complicated. As long as both the VNC server and FreeSSHD are running, you can access your PC anywhere.
I recommend you copy the Putty tools and the VNC Viewer to a usb disk or floppy disk. You can them use your setup anywhere you please. I have put these files into a ZIP archive, along with a batch script putty.bat (this saves and restores the putty registry settings - if you wish to save your configuration from the putty window, you'll need to open Putty using putty.bat)
If you have any comments, suggestions or questions regarding this tutorial please post them here.