For whatever reason I need to access a virtual machine (Windows server 2008r2) on my home network from outside the network over the internet via remote desktop. I read that there are "concerns" with plain rdp, and that using an ssh tunnel would be a reasonable countermeasure. Okay.
I set up another vm and install ubuntu server on it. I install openssh. I in /etc/ssh/sshd_config I set "PasswordAuthentication no." I put a public key in ~/.ssh/authorized_keys, and of course have the (passworded) private key file on my computer. I set up putty as in this article:
I put a port-forward rule on my (run-of-the-mill home) router to forward port 22 traffic to the ssh server.
It works. I can remote desktop to my windows server. Yippee.
Now I think to myself: so this is supposedly a more bit more of a secure way to remote desktop. However, I feel over my head in terms of the security implications. I now have a server exposed to the internet in some way, and I am too much of a newbie to know exactly how.
What are my security concerns now? Just because I "only" port-forwarded traffic on port 22, if the firewall (iptables?) on my linux machine is set to (the defualt?):
iptables -P INPUT ALLOW
iptables -P OUTPUT ALLOW
iptables -P FORWARD ALLOW
Is this a large security concern (allowing all incoming and outbound traffic sounds bad of course...but is the inbound traffic limited to ssh?).
If it is a big concern can I use iptables to disallow everything but ssh and the associated forwarded rdp traffic?
What are my security concerns beyond this?
Is port-forwarding port 3389 directly to the server I want to remote desktop to any worse really?
Can I make this solution better than that if it isn't already?
