Allow Remote Desktop through Putty ssh connection

-1

There are several questions on SuperUser about how to allow a Remote Desktop connection from a Windows Computer to another Windows Computer through an ssh tunnel like this:

ssh: local Windows -> putty -> ssh server
Remote Desktop: local Windows -> ssh tunnel -> ssh server -> remote Windows

I have done this before and it works fine.

What I want to do now is slightly different:

I want to connect to a remote Windows computer through an ssh connection initiated by that remote computer.

ssh: remote Windows -> putty -> ssh server
Remote Desktop: Local Windows -> ssh server -> ssh tunnel -> remote Windows

Unfortunately I cannot figure out what exactly I need to configure to get an ssh tunnel that I can use this way.

dummzeuch

Posted 2019-08-24T08:54:39.957

Reputation: 464

It's not clear to me exactly what you want. Are you saying you want to somehow have the remote computer SSH into your local computer and set up a tunnel so that you can then RDP from the local computer to the remote computer via that tunnel? – kicken – 2019-08-24T19:13:39.563

I want the remote computer ssh into a linux ssh server in my LAN. It should set up a tunnel that I can then use to connect to it via Remote Desktop from my local computer. – dummzeuch – 2019-08-25T10:24:18.880

Does your local computer run SSH server? – Martin Prikryl – 2019-08-25T10:27:33.480

No, it's not even always the same computer. I might want to connect to the remote computer from any Windows computer on the LAN. That's why I want to use an (existing) ssh server running on a Linux computer as intermediary. – dummzeuch – 2019-08-25T11:18:28.353

Ok, see my updated answer. – Martin Prikryl – 2019-08-25T12:47:29.080

You could setup a script on the remote server to establish the tunnel, but you'd need a way to trigger the script still. – kicken – 2019-08-25T17:03:17.873

@kicken Yes, exactly. You need an agent there to open the tunnel. – Martin Prikryl – 2019-08-26T06:38:00.090

Answers

You cannot open a tunnel from a remote machine on an arbitrary other machine.

That would be a terrible security hole.

Martin Prikryl

Posted 2019-08-24T08:54:39.957

Reputation: 13 764

Actually that is what the first example does: It opens a tunnel to the ssh server which then forwards an RD-connection to an arbitrary machine on the LAN. And it works. – dummzeuch – 2019-08-25T17:25:10.483

What I want to do is basically create a tunnel that can be connected to in the other direction. I'm sure that this is possible too. – dummzeuch – 2019-08-25T17:26:12.307

No it's not. If you are referring to: "ssh: local Windows -> putty -> ssh server" --- It opens an outgoing tunnel from the local machine (where you run the SSH client) to the SSH machine, where SSH servers runs to which you are authenticated, which further connects to the third (arbitrary) machine. The first two machines run a software which you control. The third machine has no active participation of the tunnel, it only accept an incoming connection, as any other connection (without even knowing it comes from a tunnel). – Martin Prikryl – 2019-08-26T07:55:27.520

While what you want is for the the third (arbitrary) machine to open the outgoing tunnel. That's not possible, you have no control over that machine. – Martin Prikryl – 2019-08-26T07:55:34.090

But I have: I am sitting right in front of it. – dummzeuch – 2019-08-26T08:39:31.370

And before you ask: Somebody else is sitting in front of the remote machine and creates the tunnel using Putty. – dummzeuch – 2019-08-26T08:40:46.533

What I mean is that the remote computer (that you want to initiate the tunnel - for reasons you didn't explain) does not have a control over the local machine. – Martin Prikryl – 2019-08-26T09:13:17.660