This page describes how to connect to a Windows system at the institute, from your own Mac, either on the laptop or wireless network, or from outside the institute.
First, a secure tunnel has to be set up using ssh. The tunnel connects a local
port to a remote port on a specific machine. The port we want here is 3389, which is the port of the remote desktop protocol. This example logs in to
ssh.strw.leidenuniv.nl and sets up the tunnel to host
texel (the terminal server of the Sterrewacht):
ssh -L 3389:texel:3389 email@example.com
Now, you probbaly don't want to remeember this and type it all the time, so an easy solution is to add an alias in your
.profile (which contains the settings that are executed every time you open a new shell in a terminal):
alias texel='ssh -L 3389:texel:3389 firstname.lastname@example.org'
Some additional notes:
username@part can be omitted if you have the same username locally on your Mac and on the ssh server.
Another way to ease the setup of the ssh tunnel, is to use an additional application that manages these tunnels. Some choices are:
Microsoft has a rdp client for Mac, available for free through the App store. Download and install it, and then start it up. It will look like this (after you click the PC + ):
After you clicked the “+” you can add a new connection. This screen will pop up:
Give the connection a name that makes sense to you to remember. As pc name, fill in
localhost. This will make the app connect to the local rdp port, which is forwarded through the tunnel to the remote machine.
You can also fill in the username if you want (or do that on the login screen). Make sure however, to add the domain, so in this case:
Close this window when done (use the Add button).
Back in the first screen, it is time to start the connection. Click on the 'Friendly name' to start the connection.
You first have to specify your login information:
Before you get to the windows login screen, a certificate warning is presented to you as in this image:
The reason is, that you are connecting to
localhost but the certificate is valid for the actual computer name. It is safe to accept this certificate and you can check the box to accept it permanently, so you will not get the same warning the next time.
Now you should see the familiar Windows log in screen and you can go about your business.