How do I create an SSH tunnel on a VPS for RDP to Windows host behind restrictive ISP

1

2

I have spent several session trying to figure this out, and tried to follow many other posts. But for some reason this is confusing to me and none of the other situations "seem" to apply.

What I want to do:

NOTE: NONE of these machines are on the same LAN.

Workstation A - A linux machine somewhere/anywhere on internet

Server - Linux Virtual Private Server out on the Internet Internet IP address 1.2.3.4

Workstation B - My Home Windows machine running RDP Internet IP address 5.6.7.8 NAT IP Address 192.168.10.51

I want the Linux Server to act as an SSH "Gateway" so I can can RDP From Workstation A to Workstation B

Workstation B, is on a restrictive ISP it can't run a sshd but can connect to Server using SSH Client like Putty.

Here is my lastest effort:

So from Workstation B:

Using Putty:  Host Name ( Ip Address ) 1.2.3.4
              Port                     22

              SSH Tunnel Source Port   3389
                         Local Port    localhost:3389

(updated) Checked on "Local ports accept connections from other hosts" Not Checked "Remote hosts do the same" Selected "Local" and "Auto" under destination

Then on Server:

ssh -p 33890 -L 9833:192.168.10.51:3389 rdpuser@5.6.7.8

Then on Workstation A:

rdesktop 1.2.3.4:33890

I have tried a bunch of variations on this but I am not even certain I have a correct understanding of the whole ssh tunnel.

Also, I have a specific need for an SSH tunnel and cannot install sshd on Worstation B. I actually know how to set up PPTPD, IPsec and others but that wont work here. So if you have a different solution it is not applicable. I am only looking as to wether or not my scenario can be accomplished ( cause I am confused ) and what I might be doing wrong.

Sorry if this is long, trying to not be vague.

I looked at this post: [how-to-tunnel-windows-remote-desktop-through-ssh-using-a-linux-box][1] It was VERY close to my situation but the linux box is not on my local network.

Paul

Posted 2014-01-16T17:39:28.447

Reputation:

You skipped some details about your putty configuration. What mode did you use when setting up the tunnel? – Zoredache – 2014-01-16T18:11:26.220

Hmm not sure what mode means, "Local ports accepts accept connections from other hosts" was checked. "Remote Ports do the same" is unchecked. Local and Auto selected under destination in tunnel on putty. – None – 2014-01-16T18:21:14.607

Based on your comment, your conf is backwards. See: http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter4.html#config-ssh-portfwd-localhost

– Zoredache – 2014-01-16T18:29:31.097

Answers

1

On A, you can run e.g.

ssh -L 33890:192.168.10.51:3389 1.2.3.4

This connects to 1.2.3.4 by ssh, and opens a tunnel from port 33890 on A to 3389 on B. So on A you can then run

rdesktop localhost:33890

to connect to RDP on B.

The connection is encrypted between A and the server, but not between the server and B (within your LAN). If you want to encrypt that piece as well, then have B connect to the server and forward a port from the server to the RDP port on B. On B, run:

ssh -R 33891:localhost:3389 1.2.3.4

and then on A:

ssh -L 33890:localhost:33891 1.2.3.4

(You can replace 33891 by any available port on the server.) Then on A you'd connect to rdesktop localhost:33890 as before.

The disadvantage of this approach is that it relies on the connection from B to server staying up, but those will usually time out after a while. You can try to adjust that by setting ServerAliveInterval in the connection from B to server, or by using autossh to automatically restart the tunnel whenever it goes down.

Andrew Schulman

Posted 2014-01-16T17:39:28.447

Reputation: 2 696

I think the **-R switch ** may be the piece I was missing, trying it out ... – None – 2014-01-16T19:49:18.320

Asked: 2014-01-16T17:39:28.447

Viewed: 1 613 times

Active: 2014-01-25T03:02:46.213