How To Securely Access Your Windows Home Computer–pt2

In part one I showed you how to setup Bitvise to allow you to make a secure connection to a computer over SSH. That is a great start but now you need to be able to access that machine from anywhere. You could use the IP address of the computer if it was directly connected to your cable/DSL modem, but the chances are that you have everything sitting behind a router and so there is a little extra configuration that you need to do.

 

Configuring your router to forward port requests

The process will differ for various routers but the same process needs to be performed whatever the model. You will need to setup port forwarding to the computer on your home network that Bitvise is configured and listening on.

I’m using a Cisco router and that’s what I will use in this example.

  • Firstly, grab the IP address of your computer by running ipconfig. Keep this handy.
  • Now login to your router and look for a setting for port forwarding. On my router that is under Applications & Gaming.
  • Add a new external port on 22 and an internal port 22 and set the IP address to the one you grabbed before
  • Enable the port and save the settings

Below you can see how I have Bitvise on port 22 forwarded to the internal IP 192.168.1.127

image

Hint: if you have multiple home machines that you would like to connect to you could setup different external ports that point to port 22 on different internal IP addresses

 

While you have the router options open go to the status page and note your Internet IP Address. This is the IP that you will use for connecting over the internet (it is possible, for a small cost, to use a dynamic dns service to manage this for you, that’s an optional step I will cover later).

 

Testing your Bitvise connection over the internet

As in part 1, open up your Bitvise client on another machine. This time use the Internet IP Address you captured earlier as the Host entry.

Your connection should work just as before. If it does not work double check the Internet IP Address and ensure that you enabled the port on your router.

 

Using Remote Desktop over SSH

Now that everything is setup with Bitvise and you can make a SSH connection over the internet it is time to get Remote Desktop up and running.

Open up Control Panel – System and Security – System – Advanced system settings and set your computer to allow Remote Desktop connections. By default administrators will be allowed access, if you want to grant access to another user just hit the Select Users… button and add them.

image

 

By default Remote Desktop will listen on port 3389, unless you are comfortable messing around with this stuff I do not recommend changing it.

Now open up your Bitvise client and go over to the C2S tab to enable Client to Server Port Forwarding. Here you will add a local port for listening and the remote port that you home computer is listening on.

Note: your listening port cannot be 3389 if you already have your client computer setup for Remote Desktop connections

Here I like to use port 13389 for the listener port and we set the destination port to be 3389 for the Remote Desktop on the remote computer side.

image

 

Now connect again and once the connection is made open up Remote Desktop and use 127.0.0.1:13389

image

 

Now your connection should be made and you are good to go. Remote access to a home Windows machine from anywhere.

 

Shortcut – Opening Remote Desktop

If you don’t want to go through the hassle of opening Remote Desktop every time why not let Bitvise take care of that for you? On the Options screen under On Login you can check the box for Open Remote Desktop (and uncheck the ones for Open SFTP and Open Terminal) so that whenever you connect it will start up that Remote Desktop session for you and connect.

image

 

Shortcut – Keeping track of your external IP address

Knowing your external (Internet) IP address is one thing, but what happens if your provider goes and changes that IP on you when you are out of town? Well you are out of luck.

If you get concerned that this might happen to you I highly recommend going out to DynDns.org and signing up for their $20 a year DynDNS Pro service. This fantastic service integrates with most routers. You enter your DynDns credentials on the router and it updates the DynDNS service with your current IP address. They provide you with a standard domain name that you can use. That makes life a great deal easier and can be used to set your mind at ease. Even if your router does not support this they also have a client side option that you can load on to the computer which will communicate your external IP back to them. Not bad for $20, and it’s the only thing in this solution that costs you anything.

 

Quick summary

  • Download and install Bitvise SSH Server on your home computer
    • Add the required users to Bitvise
    • Enable Remote Desktop access
    • Add port forwarding to your router
    • Capture your external IP address
    • Get a DynDNS account so you can connect using a hostname (optional)
  • Download and install Bitvise Client on your laptop
    • Add a C2S entry so a local port gets mapped to a different remote port
    • Enter the host and login
    • Open up Remote Desktop and enjoy a secure working connection to home

There really are just a few simple steps to completing this process. It seems daunting at first but Bitvise really makes things easy.

I suspect that any good SSH client like Putty will allow you to do the self same things the Bitvise client does, I have just not tested that yet.

 

Give this a try yourself. It will make a good weekend project. Let me know how it works out for you.

I have also created a downloadable PDF document so you can have the information in one place.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s