Connect RDP through a SSH Tunnel

Posted on | by Ben

My desktop is behind a router I don’t have access to, but I wanted to be able to RDP into it.

After some searching I found this article about how to do just that!
https://eviatargerzi.medium.com/how-to-access-rdp-over-ssh-tunnel-c0829631ad44

I already had a instance of lightsail on AWS so I just used it.

ensure openssh-server is installed, if not:

sudo apt update
sudo apt install openssh-server

Edit the sshd_config

sudo vim /etc/ssh/sshd_config

scroll to the bottom. Type “i” for insert then add the following lines

#Allow RDP Tunneling
GatewayPorts=clientspecified

To save: esc then “:wq” (command, wright, quit)

You can check that it’s in there by running

cat /etc/ssh/sshd_config | grep Gate

response:

#GatewayPorts no
GatewayPorts=clientspecified

Configure RDP Host

Eviatar suggests using Plink(Putty Link) on your host computer

Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

After installation, you may need to set the path.

You may be able to run

set PATH='C:\Program Files\PuTTY\plink.exe'

Close and reopen command prompt. If that doesn’t work, from the start menu search bar look for “environment variables” and open “Edit the System Environmental Variables”

Click “Environment Variables…” button under the Advanced Tab

Under “User variables” select “Path” then click edit

Click new and add C:\Program Files\PuTTY\plink.exe

Click OK, then restart command prompt and type plink to see if the system found it.

plink <user>@<ip or domain> -i <c:/users/user/.ssh/private_key_from_aws> -P 22 -2 -4 -T -N -C -R 0.0.0.0:12345:127.0.0.1:3389

-i – Set key location
-P – Set port
-2 – Force protocol version
-4 – Force use of IPv4 (and not IPv6)
-T – disable putty from attempting to allocate a pseudo-terminal at the server
-N – Prevents Putty from attempting to start a shell or command on the remote server
-C – Enables compression
-R – forward remote port to local address: Here port 12345 will be forwarded to 3389

This can be simplified using OpenSSH

Follow instructions from microsoft to install:
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui

  #aws server
  Host 123.123.123.123
    User bitnami
      IdentityFile ~/.ssh/id_rsa
      IdentitiesOnly yes
      ServerAliveInterval 60
      ServerAliveCountMax 10

Adding ServerAliveInterval sets the number of seconds the client will wait before sending a packet to the server to keep connection alive

ServerAliveCountMax sets the number of times the client will try to keep connection alive.

You can also add ClientAliveInterval to etc/sshd/ssh_config on the server

ClientAliveInterval 60
ClientAliveCountMax 10 #default is 3

Be sure to open up 3389 on your server’s firewall

ssh 123.123.123.123 -2 -4 -T -N -C -R 0.0.0.0:12345:127.0.0.1:3389