SSH tunnel for remote access to GSI Windows devices

How to log in to GSI from outside (e.g. in home office) on a Windows computer without a Terminal Server?

Requirements:

the user must be a member of the local group of remote users
the user must have a valid Linux account for the central Linux environment ("lx-pool.gsi.de")
the Windows device in the GSI network must be switched on and the energy saving mode must not be active (see PDF docu, point 7)

Make sure that you minimize the printing of sensitive or business-relevant data on a non-GSI device and in any case protect it from foreign eyes (do not dispose it in household waste)!

SSH connection via Putty (PuTTY is available in the Software Center, on private devices you install PuTTY from the web)

After installation, start PuTTY and configure it as follows:
(for your information:
Port 3000 is enabled for the connection on the machine outside GSI
port 3389 is the port for remote access to the machine within the GSI network)

Always expand the specification of the target device with the full domain address campus.gsi.de.

A stored configuration - in this case: 'MySessionConfig' - is loaded with the 'Load' button. Subsequently, the configuration can be opened with the 'Open' button. Alternatively, you can double-click on 'MySessionConfig'.

Then login on a Linux machine with your Linux account and corresponding password.

Note: There is no display of asterisks during password entry.

Build a remote connection to the above mentioned computer via

localhost:3000

Additional resources can also be used for the connection, e.g. several screens, locale printers / drives or camera / speakers / microphone.

You need the Smartcards option if certificates stored on the card are to be used in home office, e.g. for signing code. The card reader must be plugged in before the remote connection is established. If you use a GSI device in home office, please test it first in the GSI network, so that drivers etc. are available later.

If you want to use the device's camera, loudspeaker and microphone for video conferences, for example, you must also activate these options before.

However, the option is only available from Windows 10 version 1809. To check the currently installed version of the computer, use the command winver.

Please accept the following security warning about a certificate as an exception.

Then log on to the device with your Windows access campus\your Windows_account and the the corresponding password.

and there you are on the machine!

When you have finished your work, close the entire session:

Disconnect the session to the GSI device as shown in the screenshot
Terminate the connection to the Linux machine with the command exit