Accessing remotely your Windows Desktop or Terminal Services at DESY Zeuthen via SSH tunneling using Windows or Linux/UNIX

This page shows an example about how to use SSH tunneling to connect to a computer running Windows and the Terminal Server Cluster at DESY Zeuthen from outside the DESY network.

First step

To connect to the Terminal Server Cluster it is necessary to contact the User Consulting Office in order to be authorized.

Check that the remote desktop service is enabled on your own DESY desktop: Start -> Control Panel -> System -> Remote tab . You should see that the "Remote Desktop" checkbox is checked out.

Local administrators have implicit access. As non privileged user (like for the user in the screenshot example) one has to ask the group administrator to add the account to the Remote Users.
You can also contact the User Consulting Office.

Setting up the SSH tunnel and connecting from a Linux/UNIX host

On Linux/UNIX platforms simply the ssh is used to setup the SSH tunnel to access a Windows host from remote. The common syntax is:
ssh … -L LocalPort:DestinationWindowsHost:DestinationPort RemoteHost …


>ssh -l gut -C -L
(-l gut – specifies the userID/username; -C – forces data compression)

From a separate shell/window now we may start the RDP client rdesktop. The common syntax is:
rdesktop … localhost:LocalPort


>rdesktop -a 16 -g 90% localhost:55555
(-a 16 – sets the color depth; -g 90% – defines the desktop geometry)

Setting up the SSH client and connection from a Windows host

This step must be done on the machine one want to access a DESY desktop (from outside).
The basic concept is to establish a RDP session via a tunnel through a public (Linux) login host.

On windows platforms the preferred SSH client is Putty.
In case you don't have it, you should install it after downloading. For DESY PC’s it is available via NetInstall or from the Zeuthen group share “4all\public\Shareware\SSH”.

Start Putty according to the installation path.

We recommend creating a new session only for that purpose, setting the ssh server to and selecting SSH with port 22, type a name for the session in “Saved Sessions” (“ts” in the example below), press “Save”:


A hint for user behind a fire wall (e.g. DSL router): It is necessary
to configure the TCP keepalive with a 30 or 60 seconds interval in
the "Connection" section of the configuration panel.

Enable compression for this session:

It is not necessary to enable X11 forwarding to get the RDP tunnel:


The next step is to set up the forwarding specification for our remote desktop connection – RDP session. The RDP protocol uses on the server side the port 3389. As source port, choose whatever port is free on your local machine. Destination will be the machine we want to reach, the Terminal Server Cluster or the DESY Zeuthen desktop <pc-name> (i.e.

Don't forget to press Add before opening the connection.

Go back to the "Category: Session” and save the session configuration under a nice name like “ts” in our example.

Now we may open the SSH session. Putty may ask you for permission to store the public key of the server – login to the “pub”-server.

To connect via RDP to host at DESY, open your remote desktop client (Start, Run, mstsc - on the local computer, i.e. your pc at home) typing as computer: localhost:55555, the source port we previously set.

Then please enter WIN\<username> and your password into the login window.