Rdp through ssh server
wordpress meta
title: 'RDP Through SSH Server'
date: '2017-09-19T16:52:23-05:00'
status: publish
permalink: /rdp-through-ssh-server
author: admin
excerpt: ''
type: post
id: 1121
category:
- rdesktop
- RDP
- SSH
tag: []
post_format: []
title: 'RDP Through SSH Server'
date: '2017-09-19T16:52:23-05:00'
status: publish
permalink: /rdp-through-ssh-server
author: admin
excerpt: ''
type: post
id: 1121
category:
- rdesktop
- RDP
- SSH
tag: []
post_format: []
Sometimes it becomes necessary to access Windows hosts not exposed externally and you do have a SSH server that is exposed as a "jumphost". Quick notes on my usage.
Create the tunnel to the jumpbox.
$ ssh -p 22 -L 13389:10.3.1.4:3389 -i my-ssh-key user@<public-IP>
Last login: Tue Sep 19 16:49:54 2017
Connect using RDP to the local host:port.
$ rdesktop localhost:13389
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
WARNING: Remote desktop does not support colour depth 24; falling back to 16
Example script...
$ cat rdesktop_jumphost.sh
#!/bin/bash
#
#: Script Name : rdesktop_jumphost.sh
#: Version : 0.1.3
#: Author : Riaan Rossouw
#: Date Created : October 21, 2017
#: Date Updated : October 22, 2017
#: Description : Use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost
#: Examples : rdesktop_jumphost.sh -F configfile -u user -g 1024x768
usage()
{
cat << EOF
usage: $0 options
This script use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost
OPTIONS:
-h show this message.
-F ssh config file (required).
-s servername (HostName in ssh config) (required).
-u pass username to rdesktop.
-g desktop geometry (WxH)
EOF
}
while getopts "hF:s:u:g:" OPTION
do
case $OPTION in
h) usage; exit 1;;
F) configfile=$OPTARG;;
s) HostName=$OPTARG;;
u) username=$OPTARG;;
g) geometry=$OPTARG;;
\?) usage; exit 1;;
esac
done
NUMARGS=$#
if [ $NUMARGS -eq 0 ]; then
usage
exit 1
fi
PARAMS="-u $username"
PARAMS+=" -g $geometry"
localRdpPort=33389
privateIP=$(awk "/^Host ${HostName}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
jumphost=$(awk "/^Host ${HostName}$/{x=1}x&&/ProxyJump/{print \$2;exit}" ~/.ssh/$configfile)
if [ -z "$jumphost" ]
then
rdesktop $PARAMS privateIP:3389
else
jumphostIP=$(awk "/^Host ${jumphost}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
jumpuser=$(awk "/^Host ${jumphost}$/{x=1}x&&/User/{print \$2;exit}" ~/.ssh/$configfile)
identityfile=$(awk "/^Host ${jumphost}$/{x=1}x&&/IdentityFile/{print \$2;exit}" ~/.ssh/$configfile)
ssh -f -N -p 22 -L $localRdpPort:$privateIP:3389 -i $identityfile $jumpuser@$jumphostIP
tunnelpid=$(ps -ef | grep $localRdpPort | grep -v grep | awk '{print $2}')
rdesktop $PARAMS localhost:$localRdpPort
kill $tunnelpid
fi