23

I have two physical servers in my home network, linux (192.168.8.x) and windows server 2008 (192.168.8.y).

The linux server ist accessible from outside by ssh on a non-standard port (say 23008). How do I establish a permanent RDP tunnel through ssh on the linux box? I know that I can use putty on the outside machine, but I don't know how to set up sshd on the linux box correctly. Thanks for any hints!

Rahil Wazir
  • 105
  • 4
elsni
  • 335
  • 1
  • 2
  • 7

3 Answers3

24

Assuming your linux box is accessible from the internet at 1.2.3.4 on port 23008, on an external system I would do:

external% ssh -p 23008 -L 13389:192.168.8.y:3389 username@1.2.3.4

I'd then connect to the port-forwarded RDP system with

external% rdesktop localhost:13389

If your external box isn't a linux box, there will be equivalent commands for the tools you have; the idea is still the same: to forward external's port 13389 to 192.168.8.y's port 3389, then use external's RDP client to connect to localhost:13389.

You refer to setting up the linux box's sshd correctly, but unless you've reconfigured it, the standard sshd setup is likely to support this just fine.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • You're right, I thought I have to configure sshd to tunnel specific ports. But this is all done with the client command. (ssh or putty on windows). I – elsni Dec 01 '10 at 16:19
  • Excellent. In Microsoft Remote Desktop on my Mac, it worked just fine with the `Connections/Edit PC/PC Name:` as `localhost:13389` – Dave X Jan 02 '21 at 20:44
  • Then is there a way for RDP to use the ssh credential that was established and not prompt for username and password in RDP? – Prab Apr 26 '21 at 19:21
17
ssh -L 3389:<ip of windows server>:3389 <ip of ssh server> -l <ssh user> -N

Assuming 3389 is the port your RDP is running on AND the ssh server has access to said port, you can then connect to 127.0.0.1:3389 as if it were the remote server.

Oneiroi
  • 2,008
  • 1
  • 15
  • 28
  • is the ip of ssh server the internal or the external one? The external changes daily, but the server is accessible vie dyndns from outside – elsni Nov 29 '10 at 11:13
  • IN which case: `ssh -L 3389::3389 -l -N` hostnames can be used in place of ip's assuming of course you have port 22 forwarding onto the ssh server, which on a side note can be bad, if using a different port and forwarding that on i.e. 1212 use the -p 1212 flag. – Oneiroi Nov 29 '10 at 12:25
  • is rdp port on internal windows server is port of public ssh linux server (nonstandard in my case) is the port for the tunnel is internal ip adress of windows server. I did a ssh -L:: myserver.gotdns.com -l myusername -N -p correct? – elsni Nov 30 '10 at 15:47
4

One can use internal ssh tunneling from Remmina remote desktop client too.

If you can ssh to some linux server using ssh keys and that server have open 3389 (RDP) port for packets coming from your machine you can use following setup to RDP over ssh tunnel.

In profile editor setup the Basic tab as for direct connection. Go to SSH Tunnel tab and setup the tunelling like this:

[x] Enable SSH tunnel

(o) Custom [ip/hostname of ssh/linux server]

SSH Authentication:

User name: [username on the ssh/linux server]

(o) Public key (automatic)

Using those options Remmina opens

ssh -L 3389:[target windows server]:3389 [linux server] -N

and then connects the RDP session throug that ssh channel.

If you logon to the linux server using username/password or if you are using different identity file you have to change the SSH Authentication section of profile setup.

andrej
  • 463
  • 4
  • 12
  • 1
    Brilliant. Was already using Remmina, did it the `ssh -L` way, then saw your answer, and now it's all baked in to one config in Remmina. – CivFan Jul 06 '22 at 22:44