A colleague of mine recently showed me how to get Windows Remote Desktop working over an SSH tunnel. The instructions below assume that you have a target machine set up to accept remote desktop connections and a working SSH tunnel such as stunnel.

1. On the client Windows XP machine, copy mstsc.exe and mstcax.dll from the WINDOWS\system32 directory to a new directory (like c:\rdp-ssh).
2. Right-click the new copy of mstc.exe and chose Properties from the context menu. Click the Compatibility tab and check the Compatibility mode checkbox. Choose Windows 98/Windows Me from the Compatibility mode dropdown.
3. Add port 3389 to your SSH tunnel, mapped to the remote desktop host on the destination side. (Re)start your SSH tunnel.
4. Start c:\rdp-ssh\mstsc.exe and enter localhost as the hostname.

Windows requires the compatibility-mode change because the remote desktop client normally objects to connecting to localhost, thinking that there’s already a desktop session there.