Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSH tunneling problem

0 views
Skip to first unread message

Frantisek Vomacka

unread,
Jun 19, 2002, 3:57:01 AM6/19/02
to
Hi,

I want to secure my Remote Desktop Connection with SSH
tunneling. I have successfully done it with SSH server in
the middle (client with SSH and RD clients, SSH server and
target XP - SSH tunnel from client to server, raw RDC
continues from server to target XP).

Problem: It is not possible to have SSH server on the
target XP. In case of connection local session on target
XP is freezed for 2 minutes (approx.), RD is not finally
connected and (it is strange) SSH client is freezed too.
After 2 minutes local session continues (but it is
locked), SSH continues and RD fails.

Environment:
- "Client" W2k Pro SP2 SRP1, XP RD client SW, SecureCRT
3.4.0
- "Server" XP Pro, VShell 2.0.3
- "target" XP Pro

Please can somebody help me ?

Thank you

Frantisek

Bill Sanderson

unread,
Jun 19, 2002, 9:30:17 AM6/19/02
to
A fix for this has been posted here a couple of times--you might try a
google search of this group with SSH as the key.

As I recall, the fix involves running the client in compatibility mode, with
the compatibility mode stuff set to win98?


"Frantisek Vomacka" <frantise...@quick.cz> wrote in message
news:1108201c21766$e50ea340$35ef2ecf@TKMSFTNGXA11...

Bill Sanderson

unread,
Jun 19, 2002, 9:02:18 PM6/19/02
to
More time tonight, and I found the source:
-----------------------------------------------------------
From Michel Toussaint:

The limitation of Windows's XP Remote Desktop client is that it
refuses any connection from the localhost (127.0.0.1) to the localhost
with the following error message: "The client could not connect. You
are already connected to the console of this computer. A new console
session cannot be established". In order to be able to tunnel this
through SSH, this limitation must be broken. The first idea was to
hack the client executable and remove the limitation but it's simpler
than that. I noticed that if you run the executable mstsc.exe from
another operating system than XP, the limitation does not exist.
Drilling a bit into that, it is possible to run mstsc.exe on Windows
XP to the localhost by using application compatibility with older
windows 9x.

Procedure:
1. Create a folder (For example c:\TSclient) on your XP box
2. Copy mstsc.exe and mstscax.dll from your XP's %systemroot%\system32
to this folder.
3. Right click mstsc.exe and go to the properties of it.
4. Select the Compatibility tab
5. Check "Run this program in compatibility mode for"
6. Select "Windows 98/ Windows Me"
7. Click on OK
8. Connect your SSH to the remote network or machine
9. Forward another port than 3389, for example 3390
10. Use the newly copied mstsc.exe to connect to 127.0.0.1:3390

Notes:
- You can connect to Windows 2000 terminal servers as well.
- Do not forget to logoff from the remote XP. As Windows XP will allow
only one session at a time.

Obviously, Microsoft did not think one single second that there are
SSH users on earth.

Michel Toussaint, CCSE, MCSE
nets...@yahoo.com
----------------------------------------------------------------------------
-----------------------


"Frantisek Vomacka" <frantise...@quick.cz> wrote in message
news:1108201c21766$e50ea340$35ef2ecf@TKMSFTNGXA11...

Frantisek Vomacka

unread,
Jun 20, 2002, 4:37:10 AM6/20/02
to
Hi Bill,

thank you for answer. I have read it before and I think it
is not my case, I have problems on server side.

I have client running W2k Pro SP2 SRP1 with RD SW package
from XP Pro CD-ROM. I can connect directly (of course) to
XP RD server. I can open SSH session with tcp/3389 port
forwarded via SSH server DIFFERENT from XP RD server and
connect RD client to localhost:3389 through it (from
localhost to ssh_server and than port is forwarded to
target XP tcp/3389).

BUT in case I run SSH server on target XP, port forwarding
(from localhost:3389) to localhost:3389 causes target XP
freeze for 1-2 minutes. In detail first I can see and use
Logon box and after that SSH prompt, RD session and local
console are freezed, other services run unimpacted (as
fileserver). It seems to me that explorer process must be
restarted because "missing tray icons" (I am not
absolutely sure.

You are absolutely right in case my client will be XP too.
But there is also problem on server side.

I hope it can be fixed somehow and it will not be
solved "because of design".

Do you have some ideas ?

Thank you and best regards

Frantisek

>.
>

Bill Sanderson

unread,
Jun 20, 2002, 1:29:00 PM6/20/02
to
I'm sorry--I don't have ideas--I know absolutely nothing about SSH except
it's name--there are others reading here who do, though, so I hope they may
be able to give your details a useful glance and make suggestions.

Actually - I do have a thought.

As I understand SSH, it's purpose is encryption, correct?

I'm wondering why you see the need for an additional encryption layer on a
connection between two XP Pro machines--this conversation should be
encrypted at 128 bits RC4 already? If you need another layer, you could
make a VPN connection and do RD through that tunnel.


"Frantisek Vomacka" <frantise...@quick.cz> wrote in message

news:105f501c21835$ab4c1aa0$9be62ecf@tkmsftngxa03...

Frantisek Vomacka

unread,
Jun 20, 2002, 1:57:31 PM6/20/02
to
Hi Bill,

VPN is not possibility for me because our corporate
restrictions of client protocols. SSH helps me to connect
via tcp/80 (SSH server uses this port) and to forward
multiple ports to local services (IMAP etc.).

Regards

Frantisek

>> >8. ConnÍ{ wÀ D M·püþ" $[Ä
> ìµ ect your SSH to the remote network or machine

>.
>

Bill Sanderson

unread,
Jun 20, 2002, 5:30:51 PM6/20/02
to
Ah--that makes sense to me--I can see why that would be valuable--thanks for
the clarification.

"Frantisek Vomacka" <frantise...@quick.cz> wrote in message

news:108fd01c21883$f2b2ed30$9be62ecf@tkmsftngxa03...
Hi Bill,

Regards

Frantisek

>> >8. Connヘ{掫タ D Mキp�" $[ト
> �オ ect your SSH to the remote network or machine

Michel Toussaint

unread,
Jun 21, 2002, 6:39:43 PM6/21/02
to
"Bill Sanderson" <bill_NoSpa...@msn.com> wrote in message news:<#kv9nGKGCHA.2904@tkmsftngp12>...
> >> >8. ConnÍ{ťwŔ D M·püţ" $[Ä
> ěµ ect your SSH to the remote network or machine

Very strange, this worked for me. Maybe you should lower the MTU.
I'll try this again and let you know.

Michel

Michel Toussaint

unread,
Jun 22, 2002, 12:02:37 AM6/22/02
to
Frantisek is right, the scenario as proposed is not working at all...
arrrrrhhhh.

Let's find out where is the limitation....
------------------------------------------
1. ssh and rdp server on different machine, we know this is working.
2. ssh and rdp server on the same machine is not working (ssh)
3. Let's try with rinetd instead of ssh: here's the \etc\rinetd.conf
file:

0.0.0.0 13389 127.0.0.1 3389

and we connect rdp to rdpserver:13389

for rinetd: http://www.boutell.com/rinetd/

Bingo ! This is working and the connection is still coming from the
localhost!(do a netstat)

So, our problem is with the SSH or the tunnel,

there is NO limitation on the RDP server of XP.
-----------------------------------------------
Just for fun, a ssh followed by a rinetd: It freezes again.

Let's try to lower the MTU on both machines:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Tcpip\Parameters] (MTU as DWORD)
from 1500 to 1000
Reboot both computers...
Try again: same behavior! Forget about this !

The funny thing is that the Vshell is actually crashed !
as it really crashes, I now would like to try another ssh2 server:
there is a nice Openssh here:
http://www.networksimplicity.com/openssh/

Wow ! This is working fine... Looks like you'd better use OpenSSH from
now on.

Cheers,

Michel Toussaint
nets...@yahoo.com

0 new messages