How to use RDP with 2FA

How to access your Maths office PC running Windows, from an "outside" (home or overseas) Windows machine e.g. a laptop, with SSH (with 2FA) and RDP: work as if you were sitting in front of your office PC.

You need to (once only):

Each time you want to connect to your office PC, you need to: When done, log out of the office PC to close your RDP connection; then you can log out of enna also.

Contents

Find name of your office PC

Find out the network name of your office PC: usually something like pXYZ.pc (with XYZ your room number).

Prepare for 2FA on your account

Prepare for 2FA as per the instructions in the SSH HowTo.
You need Web-OTP or TOTP or skeys; no need for X-windows or other features that SSH offers.
(No need to follow the "messy" recommendations in a nutshell.)

Set up RDP service on the office PC

The office PC needs to be set up for RDP service: set to accept connections for your login. This setup needs to be done as an administrator: with your admin login if self-managed, or ask Paul to do for you.
Reminder for Paul: log in as network admin pszwt, not as local admin.

Click the StartMenu, right-click Computer, and then click Properties.
Click Remote settings (in the left-hand menu).
Maybe un-select Allow Remote Assistance.
Under Remote Desktop, choose Allow connections ... from any version ... (less secure).
Click Select Users.
Click Add, add the usual ROMEGROUP user.
Click OK, OK.
Remove or turn off or set to never the sleep or hibernate settings in StartMenu ControlPanel SystemAndSecurity PowerOptions.

Set up SSH (putty) on the laptop

Up-to-date Windows10 has "native" ssh, and you might not need putty. But putty may be preferable since its configs can be saved and remembered, whereas with "native ssh" you would need to use "obscure" options, long and tedious to type, each time:   ssh -C -L 3390:pXYZ.pc:3389 MATHSNAME@maths.usyd.edu.au

The "standard" ssh client for Windows is putty, use latest version from
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

To use putty, with WindowsExplorer (e.g. MyComputer) find putty.exe, double-click.

Run SSH (putty) on the laptop

To test things out while in the School but as if from outside, connect your laptop to UniSydney wireless.

If wanting to use Web-OTP, remember to get a code at www.maths.usyd.edu.au/s/otp before starting putty.

Run putty: with WindowsExplorer (e.g. MyComputer) find putty.exe, double-click. Set options as above, or Load your saved session settings, and click Open.

Follow the prompts: type your enna login name to login as, then when prompted type the code or the words from your paper skey sheet for the line number shown, then your enna password. You will be logged in to enna.

The very first time you connect, you will be prompted about the as-yet unknown authenticity fingerprint: say yes.

Leave that enna window logged in, running; you may minimize/iconize its window. Keep that session running, do not allow to time out, do not allow your computer to go to sleep/hibernate e.g. as most laptops do with the lid closed.

Connect with RDP client

With putty running, logged in to enna...

Start the Remote Desktop Connection client: go to StartMenu and search for that, click it.

In the Remote Desktop Connection client:

and you will get a desktop, just as if you were sitting in front of your office PC's screen; you can also copy files between the office PC and the laptop e.g. by simple drag-and-drop. You can minimize/iconize the RDP window, or make it un-maximized.

When you connect, you may need to wait 30 seconds for the "normal" (local screen) user to be logged out; or if that other user is you, then you will see the desktop (open windows etc) as you left it.

When done, you can just disconnect; but you will still be logged on. Probably you should log out: click the StartMenu and choose LogOff. (Do not use Alt-Ctrl-Del as that does things on the laptop, not the RDP connection.)

After disconnecting your RDP session, you may close the putty window (log out the enna session): type  exit  at the enna prompt, or just close the window (click the top-right [X]).

RDP session timeout

Maybe some intervening firewall device drops idle connections, or maybe the RDP service is set with a short timeout: the RDP service will quit if left idle for a while. If this annoys you, then read below on how to avoid (and have relaxing coffee breaks).

Since Sydnet6 (implemented in 2025), the ICT firewall is (also) between Maths servers (enna) and Maths office PCs, and seems to have an idle timeout of 1 hour.

RDP timeout might not affect Win7 PCs, but probably affects most other RDP services, including to Win10 PCs. There may be settings to lengthen or remove RDP session timeout, or to set some RDP keepalive... but they may be inaccessible.

Workaround 1

Within your RDP session, with WindowsExplorer, go to L:\win\bin and double-click keepalive.

There is no visible effect of having run that command. It works in the background, clicking and un-clicking the ScrollLock key every minute, so there is some activity and no timeout.

You may want to create a shortcut to it on your remote desktop: right-click keepalive and choose shortcut.

Non-Maths users can get the codes from
  www.maths.usyd.edu.au/u/psz/pc/keepalive.bat
  www.maths.usyd.edu.au/u/psz/pc/keepalivehelper.js

Workaround 2 with YouTube

Within your RDP session, create some activity: run a browser and play some YouTube music or video, maybe with sound turned down low. Enjoy the timewasting properties of YouTube!

Blurb, comments

RDP means Remote Desktop Protocol and is the name commonly used, though the official Microsoft name changed to Remote Desktop Connection since WinXP.

Windows machines may (at some later time?) develop an error, with the RDP client showing 

  Your computer could no connect to another console session on the
  remote computer because you already have a console session in progress.
If so, use 3391 instead of 3390 in both the putty settings (add that, can leave 3390 in place), and in typing localhost:3391 to the RDP client.

The remote "laptop" machine could be Linux or Mac: there are RDP clients for Linux (xfreerdp) and Mac (Microsoft Remote Desktop 10), and of course they have SSH; but we will not describe how to use such other machines.

Similar connection could be achieved with VNC. VNC would work for any office machines not just Windows PCs, and there are many free VNC software packages available. However that would need extra software on both the office PC and the laptop, and would not provide file copy.
Apple Screen Sharing is based on VNC and is recommended for Macs.

Further reading, random references

https://en.wikipedia.org/wiki/Remote_Desktop_Protocol
https://support.microsoft.com/en-au/help/17463/windows-7-connect-to-another-computer-remote-desktop-connection:
http://haacked.com/archive/2010/05/18/remote-desktop-file-copy.aspx/
https://support.microsoft.com/en-ca/help/313292/how-to-gain-access-to-local-files-in-a-remote-desktop-session-to-a-windows-xp-based-or-to-a-windows-server-2003-based-host-computer
https://technet.microsoft.com/en-us/windowsserver/dn463762
http://www.techrepublic.com/article/pro-tip-remote-desktop-on-mac-what-you-need-to-know/
https://msdn.microsoft.com/en-us/library/aa383015(v=vs.85).aspx

Paul Szabo psz@maths.usyd.edu.au 13 Feb 26