My work computer, a Windows 7 Enterprise PC called WORKPC, is running Remote Desktop. I have configured Windows Firewall on WORKPC to allow access to the Remote Dekstop service from only two IP addresses: IP1 and IP2.
IP1 comes from a commercial VPN service that allocates me a static IP address. When I go home and run the VPN client I can connect to WORKPC using the Remote Dekstop client with no problem.
IP2 is the address of a Linux server GATEWAY at work I can ssh into from home. In order to use IP2 to remote desktop to WORKPC I use ssh and port forwarding on IP2:
ssh -vvv -L 1234:WORKPC.example.org:3389 GATEWAY.example.org
When I attempt to remote desktop from home using this port forwarding technique, I get the following error on my ssh connection:
debug1: Connection to port 1234 forwarding to WORKPC.example.org port 3389 requested.
debug2: fd 9 setting TCP_NODELAY
debug3: fd 9 is O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: connect failed: Connection timed out
To verify that port 3389 was open on GATEWAY I did a telnet 3389 and got a connection, so I am certain that port 3389 on WORKPC is open to GATEWAY.
Here is the configuration information:
# /etc/ssh/sshd_config
# sshd running on Debian wheezy
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
LoginGraceTime 300
MaxAuthTries 5
IgnoreRhosts yes
RSAAuthentication no
PubkeyAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
PermitEmptyPasswords no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
TCPKeepAlive yes
Subsystem sftp /usr/lib/openssh/sftp-server
I would prefer to use the ssh proxying method over paying the commercial VPN service to rent a static IP address. Can anyone suggest something I can try to get this to work?
AllowTcpForwarding no
?AllowTcpForwarding
is allowed (i.e., there is no explicitAllowTcpForwarding
directive in the config file and forwarding is allowed by default). Also, other users have successfully used sshd on GATEWAY to forward other services (e.g., ssh and mysql). I will add the configuration to my question in case that helps.