1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remote login from a different network

Discussion in 'Networking' started by Hectorck5, Jul 7, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. Hectorck5

    Hectorck5 Thread Starter

    Joined:
    Jul 7, 2017
    Messages:
    1
    I have my server at my shop, I'm trying to put all my files on there so I can login from home, or if I go out on the road. I know the basics on networking but this is something new to me. I believe I have to change settings on my router, as well as on my server. Just need some help. I'm running Windows Server 2012.
     
  2. 737Simpilot

    737Simpilot Temporarily Banned

    Joined:
    Jun 25, 2017
    Messages:
    317
    What you are pretty much after is RDP or Remote Desktop. I believe with RDP you have to open a port (port forward) in the router that the server connects to. That way you can get access to the server.

    For me personally, I'd just use TeamViewer and call it a day. That's what I use for all my computers and there's even an App so that I can access my computer on my smartphone or tablet. If you do decide to use TV, make sure you set up 2 fact auth with Authy for your account on your smart device.
     
  3. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    9,484
    RDP uses TCP and UDP ports 3389. Note that port scanners will report on that, and you might get a lot of unwelcomed visitors trying to guess the account and password.
     
  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,957
    I'd be more concerned about exposing the server directly to the Internet and people trying to smack the box through the RDP service port over breaching it via user account/password.
     
  5. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    9,484
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    9,484
  7. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    9,484
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,957
    I've always held to the notion for any secure remote access, never use a box that has too many features/services; ie Windows. A VPN concentrator of some sort always the best method for remote access as these devices are specific to the function they are performing. Therefore are less likely to have vulnerabilities affecting their primary function. With Windows there are so many vectors of compromise, it's hard for a layperson to stay on top of patching/fixing/configuring all the issues let alone a full IT department. I don't have as much issues with Linux boxes being directly exposed to the Internet as you can strip down the OS kernel to only the functions you want running. In fact most networking/security products are running some flavor of Linux/POSIX.
     
  9. MoonPoint

    MoonPoint

    Joined:
    Mar 5, 2014
    Messages:
    22
    There are a number of Secure Shell (SSH) server programs available for Microsoft Windows systems that you could use to remotely access files on the Windows Server 2012 system. E.g., SilverSHield will run on a Windows Server 2012 system and is free for personal use. SSH allows you to log into a system and get a command-line interface (CLI), which would be akin to what you would get if you were sitting at the server and opened a command prompt window. If you have a version of Windows on the system you will be using for remote access, you can use the free PuTTY program to log into your server from the remote system. Mac OS X/macOS systems and Linux systems will usually already have an SSH client program available on them.

    If you only need to transfer files between the server and your remote system, with the Windows Server 2012 system functioning as an SSH server, you could, instead use the free WinSCP program on the client system(s) to transfer files between the two systems using the Secure File Transfer Protocol (SFTP), if the client systems are Windows systems. Most Linux and Mac OS X/macOS systems will already have SFTP software on them. With SSH and SFTP, the data transferred between the SSH server and remote systems is encrypted.

    If you would like to have a graphical user interface (GUI), so that you would see what is displayed on the server on the screen for the remote system and control the server as if you were sitting in front of it with control of its keyboard and mouse, then you can also use the Remote Desktop Protocol (RDP) as was mentioned in other replies, but "tunnel" the RDP protocol via an SSH tunnel, so that you don't need to open the RDP port, TCP port 3389, on your router to the Internet. SSH allows you to have other types of connections, such as RDP, flow through your SSH connection. You can tunnel an RDP connection through an SSH connection using PuTTY.

    There are other SSH server programs that are available for free for personal use. Others that I've used on Windows systems, include the following.

    Bitvise SSH Server
    Copssh
    freeSSHD
    PowerShell SSH Server

    Note: for some, when you are setting up accounts to be used on the server end, you need to specifically indicate that SFTP can be used by the account for SFTP file transfers.

    Another alternative for remote access to the server, similar to RDP, is to use the Virtual Network Computing (VNC) protocol. There are free VNC server and client programs available for a variety of operating systems, including Microsoft Windows. E.g., UltraVNC. As with RDP, you could open the relevant port on the router/firewall in front of your server and port forward the relevant well-known port, assuming you use the default network port, i.e., TCP port 3389 for RDP or TCP port 5900 for VNC. If you use UltraVNC and want encryption, you can install an encryption plugin or, as with RDP, you can tunnel the relevant port, e.g. TCP port 5900, through an SSH connection, if you install SSH server software on the Windows Server 2012 system, so that it is encrypted by virtue of being tunneled through the SSH connection.

    In all cases, if your router/firewall is performing Network Address Translation (NAT), you will need to set up port forwarding on the router/firewall in front of your server, so that device can forward connections to the external port on that device to the relevant port on the server. E.g., if it is SSH using the default port it will be TCP port 22. You could change the port on the router/firewall, if you wished, to forward connections on some other port, e.g., TCP port 22022 to port 22 on the server. The ports don't have to match. Or you could also configure the SSH server software to listen on another port, instead of the default one. The advantage of that approach is that there are people scanning systems on the Internet for those listening on specific ports who, once they find a system listening on a port of interest, will then try commonly used usernames and passwords in attempts to break into systems.E.g., it's quite common for attackers to try common usernames, such as administrator, root, etc. paired with words from a dictionary as passwords - that's known as a dictionary attack. Whatever method you choose for remote access, be sure that any accounts that will be granted remote access have a strong password. The disadvantage is that you will need to configure client systems to use the non-standard port, if you select another port on the router/firewall to be forwarded to the server, but that's usually fairly easy.

    Many of the programs will automatically configure the Windows Firewall software on the server when you install them, assuming you are using that for the firewall software on the server. If you have problems connecting, check to ensure that the relevant firewall rules exist for whatever firewall software you are using on the server. If you experience problems connecting, you could try turning off the firewall temporarily to test. If needed, you can manually add Windows Firewall rules for the relevant port(s). The exact steps for configuring firewall rules will depend on what firewall software you are using on the server as will configuring any router/firewall that sits in front of the server for port forwarding depend on the manufacturer and model of that device.

    TeamViewer, which was mentioned in another reply, can be used for free for personal use. You can install it on both the server and client systems or use a web-based interface on the client system, though installing the software on the client end, also, may give you additional features. The software is available for installation on a variety of operating systems and you could even install it on a phone to use as a client system. You will need to register for a TeamViewer account to use it. When you run the software on the server, you will see a partner id and password to allow TeamViewer remote control that you will need to use when establishing connections from remote systems. TeamViewer will allow you to transfer files between the systems. If you are looking for the simplest and quickest method of achieving remote access, TeamViewer is probably the easiest to set up for someone who has never set up remote access to a system previously; you don't even need to worry about configuring a router/firewall for port forwarding.
     
    Last edited: Jul 7, 2017
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1192608

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice