RDP via SSH tunnel
Introduction
Goal is to connect to server behind router from the external network.
If you have found this page by request
«Port forwarding in Putty»
you can go directly to
Putty Tunnel
And if on request
«How to forward ports?»
you can go here →
Port Forwarding
Setup is depicted below ↓
Connection Schema
Step by Step Guide
The task itself is quite challenging and can be separated into six smaller steps
SSH server setup | |
SSH client setup | |
Port Forwarding on Router | |
Open session with client | |
Configure RDP on Server | |
Connect to RDP from Client | |
We will need router, putty and freesshd. |
1. SSH server setup
1.01 Install and run freeSSHd. Create a key so that the server does not swear, then change it to a new key.
1.02) There are nuances here, at the moment I prefer to choose "Нет"
1.03) The freeSSHd icon appears in the tray, select Settings
1.04) Of course, you need to issue permission to the firewall.
1.05) In the Authentication section, allow only key access
1.06) Go to the Users menu
img src="/networks/img/rdp_ssh_img/rdp_ssh2.jpg" class="img40c mt3" alt="RDP Remote Desktop Connection via SSH Tunnel image from www.aredel.com">1.07) Add new user
1.08) View after adding
1.09) Run on server PuTTYgen
1.10) Generate key pair
1.11) The public key that remains on the server must be copied from the top window
1.12) Paste the public key into a text editor, check that it is on one line and starts with the word ssh-rsa
1.13) Save the key as a text file, the name should be the same as the user that was previously created (in our case - sini)
1.14) Remove extension
1.15) Agree
1.16) Show freeSSHd key path
1.17) Сsave the private key, which then will need to be transferred to the client computer As a result of previous manipulations, we have a running SSH server and a key pair.
2. Configure SSH on the client computer
2.18) On the client computer, you need to put the private key in a folder created in advance for it
2.19) On the client, start PuTTY and create a connection named sini.
In the Host Name (or IP address) field, specify the desired external ip server, because he
is behind the router, it will be the router ip.
Change the port to 443 or some other, just pick carefully the one that is not used.
2.20) In the Auth field, specify the path to the private key
2.21) Choose a key
2.22) Create a tunnel
Port
3389 is the standard port for RDP. We will use port 3391 on the client as
«entrance»into the tunnel.
The image below shows what we have aligned.
local port 3391 port 3389 on IP 192.168.0.101
2.23) Save the session. Enter SERVER IP to the Host Name field
At this stage, we have prepared an SSH connection that the server listens on port 443.
Just in case, I clarify that in this example the IP server on the local network 192.168.0.101
An external IP server is an IP router. In the picture, it is smeared, in your case it will be your external
IP, i.e. something similar to 78.47.141.187
Port forwarding on the router
3.20) Задаём на роутере привязку MAC адреса сервера к какому-нибудь ip адресу
3.21) Объясняем роутеру, что когда идёт запрос по 443 порту нужно передать его именно серверу (делаем Port Forwarding – Проброс портов)
Putty на клиенте
4.22) Открываем сессию
Настройка RDP - На сервере
5.23) Создаем пользователя sini
5.24) Обязательно создаем пароль
5.25) Разрешаем доступ по RDP
5.27) Добавляем Синего в список пользователей, которым разрешён доступ по RDP
Настройка RDP - На клиенте
6.28) Запускаем на клиенте mstsc (сперва нужно открыть SSH туннель, если он был открыт нужно проверить не закончилась ли сессия
6.29) Подключаемся к localhost:3391
Вводим пароль
6.30) Соглашаемся
Заметка для OpenBSD
Имеем компьютер в СПб (ПК_СПб), сервер на OpenBSD в МСК (СРВ_МСК) и локальный компьютер,
подключенный к серверу в МСК (ПК_МСК). Цель - подлючиться с ПК_СПб к ПК_МСК
через ssh туннель по rdp с помощью putty из-под Windows. |
Делать нужно так же как описано по ссылке, но на первой картинке отметить
Local ports accept connections from other hosts
Source port можно выбрать любым из свободных, напрмер 6789. В поле Destination указать
Локальный_ip_ПК_МСК:3389
При подключении по rdp (последняя картинка) можно указать
127.0.0.2:6789
SSH | |
PuTTY | |
Telnet | |
PSTools | |
FreeSSHD | |
Networks | |
SSH tunnel in Linux | |
Port Forwarding HowTo |