June, 2010



ctys-uc-RDP - Use-Cases for RDP - Remote Desktop Protocol



The RDP plugin supports access to remote desktops by the RDP protocol. The access could be an application, terminal server, or hypervisor supporting the RDP protocol.

Start a Local Desktop Session

This opens a local session, where the server as well as the RDP client are executed locally.

  ctys -t RDP -a create=l:tst1,RDPPORT:3389

The "localhost" is hard-coded to behave as a sub-shell call too, thus the following call is internally handled identical to the previous

  ctys -t RDP -a create=l:tst1,RDPPORT:3389  $USER@localhost

This case is called DISPLAYFORWARDING which is almost the same as the X11 display forwarding.


Start a Remote Desktop with a Local Client

In case of a "Remote Desktop with Local Client" the server is running on the given <execution-target>, whereas the client is locally started on the caller's machine. This structure is called CONNECTIONFORWARDING and requires beneath the client and server processes a third, the connecting encrypted tunnel. The tunnel is established by means of OpenSSH and used as the local peer for the Client. This whole procedure of starting the processes and the establishment of the tunnel is controlled and preformed by ctys. The user has nothing else to do than setting the option '-L CONNECTIONFORWARDING' or for short '-L CF'.


The scenario performed behind the scene by ctys varies slightly from the previous. In case of CONNECTIONFORWARDING the whole process is set up in two steps.

  1. establishment of the encrypted tunnel
  2. start and connect the client process to the tunnel

The tunnel is established in the so called one-shot mode, where the connection is opened for an inital time period and closes automatically when the life-time threshhold is reached without an actual usage, or afterwards, when the client and server are disconnected. The period of the initial timeout for is defined by the variable "SSH_ONESHOT_TIMEOUT", which is by default set to 20seconds.

The following call starts a local client for a remote server.

  ctys -t rdp -a create=l:tst -L CF lab00

The instances could be listed by the LIST action in several variants. The basic call with default selection executed on the caller workstation is:

  ctys -t rdp -a list ws2

The standard assignment to LIST call is "tab_tcp,both", which displays:

  TCP-container|TCP-guest|label |sesstype|c|user|group    
  ws2.soho     |-        |tst000|RDP     |C|acue|ldapusers
  ws2.soho     |-        |tst001|RDP     |C|acue|ldapusers
  ws2.soho     |ws2.soho.|ws2   |PM      |S|-   |-        
  ws2.soho     |-        |tst000|SSH(RDP)|T|acue|ldapusers
  ws2.soho     |-        |tst001|SSH(RDP)|T|acue|ldapusers

Here the two tunnels could be identified as "sesstype=SSH(RDP)", and "c=T". This indicates, that the tunnels are created for the subsystem RDP with the session label "tst000" and "tst001".

The following call displays the same table, but with IDs instead of LABELs.

  ctys -t rdp -a list=tab_tcp,id ws2

Which results to the display:

  TCP-cont|TCP-guest|id        |sesstype|c|user|group    
  ws2.soho|-        |3389      |RDP     |C|acue|ldapusers
  ws2.soho|-        |3390      |RDP     |C|acue|ldapusers
  ws2.soho|-        |../pm.conf|PM      |S|-   |-        
  ws2.soho|-        |5950-3389 |SSH(VNC)|T|acue|ldapusers
  ws2.soho|-        |5951-3390 |SSH(VNC)|T|acue|ldapusers

Indicating by the default ID of tunnels, that these are tunnels forwarding the ports "5950" to "3389" and "5951" to "3390".

The display could be changed as required by usage of specific free-customized tables, e.g. displaying LABEL and ID columns once.

The call with the whole set of involved machines as one call results to:

  ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01

  ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01
  TCP-contai|TCP-guest|id        |sesstype|c|user|group    
  ws2.soho  |-        |3389      |RDP     |C|acue|ldapusers
  ws2.soho  |-        |3390      |RDP     |C|acue|ldapusers
  ws2.soho  |-        |d/pm.conf |PM      |S|-   |-        
  ws2.soho  |-        |5950-3389 |SSH(RDP)|T|acue|ldapusers
  ws2.soho  |-        |5951-3390 |SSH(RDP)|T|acue|ldapusers
  lab00.soho|-        |3784      |CLI     |C|acue|ldapusers
  lab00.soho|-        |31206     |CLI     |C|acue|ldapusers
  lab00.soho|-        |1         |VNC     |S|root|root     
  lab00.soho|-        |2         |VNC     |S|acue|ldapusers
  lab00.soho|-        |          |XEN     |S|-   |-        
  lab00.soho|-        |e/xen/tst1|XEN     |S|-   |-        
  lab00.soho|-        |d/pm.conf |PM      |S|-   |-        
  lab01.soho|-        |          |XEN     |S|-   |-        
  lab01.soho|-        |d/pm.conf |PM      |S|-   |-        

Start Remote Desktop Sessions by Native-RDP

This opens a remote session by using the RDP protocol via a remote connection to a boxed application or a terminal server. In this case actually the RDP client is attached 'from-outside' to an access port. This differs from the preferred 'localhost-access', where a pre-authorisation by SSH access is performed. Thus it is an exception to the common philosopy and therefore called 'INSECURE'.

The main application is the access to appliance-boxes when these provide an RDP access only, or to MS-Windows(TM) based OS.

  ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02

Same could be applied in a relay-configuration.

  ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02 lab05


ctys(1) , ctys-plugins(1) , ctys-RDP(1)

For System Tools:
rdesktop: [ http://www.rdesktop.org ]


Written and maintained by Arno-Can Uestuensoez:

Maintenance: <<acue_sf1 (a) sourceforge net>>
Homepage: <http://www.UnifiedSessionsManager.org>
Sourceforge.net: <http://sourceforge.net/projects/ctys>
Berlios.de: <http://ctys.berlios.de>
Commercial: <http://www.i4p.com>


Copyright (C) 2008, 2009, 2010 Ingenieurbuero Arno-Can Uestuensoez

This is software and documentation from BASE package,

For additional information refer to enclosed Releasenotes and License files.