Installing SSH and Connecting
Next, install one of the many available versions of SSH for NT Server. I recommend SSH Communications Security's SSH Secure Shell for Windows Servers ($565) or VanDyke Software's Vshell ($249). Several freeware versions of SSH for NT Server are also available. I describe how to install one of them—sshdnt.zip—in "Hardening an IIS 4.0 Web Server."
After you have an SSH daemon running on the NT host, you need to download and install an SSH client on your client machine. Many clients are available, but I recommend SSH Secure Shell for Workstations ($99), which runs on Win2K, NT, and Win9x. For a list of clients, including freeware clients, go to http://www.ece.nwu.edu/~mack23/ssh-clients.html. After installing a client, you can establish an SSH connection and issue a command on the remote Web server. For example, if you're using SSH Secure Shell for Workstations, you can open a command prompt and type
ssh2.exe -L 5901:127.0.0.1:5900
<username>@<servername>
<command>
In this command, 5901 represents the TCP port that VNC uses (i.e., TCP port 5900) plus 01, which is the display number for a Windows client machine. The remote server's IP address is 127.0.0.1. The VNC TCP port is 5900 plus 00, which is the display number for a Windows server. Username is your username, servername is the Fully Qualified Domain Name (FQDN) or IP address of the remote server, and command is some command that you want to perform on the server. Web Figure 1 and Web Figure 2 (http://www.windowswebsolutions.com, InstantDoc ID 24839) show sample output of this command on the client and on the server, respectively, when the server is in debug mode and the command is successful. This command does a couple of things. First, it establishes an SSH connection between the client and the server. Second, it creates a dummy server on the client machine that listens on the VNC port and tunnels all connections to that port through the SSH connection.
You can now click Run VNCviewer in the VNC program group to start the VNC client. Type
localhost:1
to connect to your server, as Figure 5 shows, and click OK. If you can supply the VNC password, you can view and control the server. Your SSH tunnel will intercept all connections at the local VNC port and channel them to the remote server. The remote server will think the connection is local and allow it.
You now have remote GUI console access from your workstation to an NT Server system. And you can feel confident that the access is secure because it uses the strong authentication and encryption for which SSH is known.