SSH Tunnel for RDP use!

by

Streamlined SSH Tunnels for RDP: Jump Hosts and One-Liner Magic

Imagine being a sysadmin ninja, crafting multi-hop SSH tunnels and punching through firewalls like a legend, all without breaking a sweat. If you’ve ever wrestled with layer-upon-layer of SSH hops to access a remote RDP session, you’re probably looking to add some real efficiency to your workflow. Well, I’ve got some good news: you can replace all those clunky, multi-step connections with a single, glorious SSH command.

Ready? Let’s explore how to set up RDP properly with SSH Tunneling using the mighty -J option for SSH. Whether you’re a seasoned pro or trying to level up your game, we’ll streamline this process with explanations, code, and even a crispy ~/.ssh/config trick for extra spice.

🛠️ The Problem: Multi-Hop RDP Access

Here’s the situation:

  • You’re on PC1 (your local desktop at work).
  • Your company network has an SSH-accessible server, Linux1, which can connect outward.
  • Behind Linux1 is another server, Linux2, which has access to your target RDP server (HomePC).

Previously, you might have manually SSH-ed into Linux1, set up a tunnel, SSH-ed into Linux2, and set up yet another tunnel. By the time you’ve done all this, you’re juggling so many terminal windows, you feel like an air traffic controller.

Enter -J: OpenSSH’s ProxyJump option wipes all of that pain away and lets you chain SSH connections with one clean shot.

🌟 The Hero: One SSH Command to Rule Them All

Here’s the single command to make it all happen:

ssh -J user@Linux1,user@Linux2 -L 9999:HomePC:3389 user@Linux2

Breakdown of the Command:

  • -J user@Linux1,user@Linux2: ProxyJump connects first to Linux1, then chains to Linux2 without you needing to manually SSH between hops.
  • -L 9999:HomePC:3389: Sets up a local listening port on PC1 (9999) and forwards traffic to HomePC’s RDP server on port 3389.
  • user@Linux2: Required as the target server, because Linux2 is where traffic is passed to HomePC.

With one command, you go from PC1 through Linux1 and Linux2, and connect RDP directly to HomePC. Now, just open your RDP client and point it to:

localhost:9999

Congratulations, you’ve just simplified your life.

☑️ Requirements for Success

Before you start toasting yourself as the office SSH wizard, make sure these few things are in place:

    1. OpenSSH Version 7.3 or Later: The -J option for ProxyJump requires OpenSSH >= 7.3. Check your version with:
ssh -V
    1. Connectivity Between Hosts: Ensure Linux1 can SSH to Linux2, and Linux2 can reach HomePC on port 3389.
    2. Port Forwarding on Linux2: Verify that it’s allowed via ssh_config. Edit /etc/ssh/sshd_config on Linux2 and confirm:
AllowTcpForwarding yes
    1. DNS or IP Resolution: From Linux2, ensure “HomePC” resolves properly to an internal IP. Test it:
ping HomePC
nc -z HomePC 3389

🥷 Pro Tip: Simplify Your Life with ~/.ssh/config

Typing out that long command every time? That’s… a no. Let’s make it even cleaner by setting an alias with your SSH configuration file.

Step 1: Edit Your SSH Config

nano ~/.ssh/config

Add the following configuration:

Host Linux1
  HostName 
  User user

Host Linux2
  HostName 
  User user
  ProxyJump Linux1

Host HomePCJump
  HostName HomePC
  User user
  ProxyJump Linux2
  LocalForward 9999 HomePC:3389

Step 2: Use the Alias

Now you can connect to HomePC by simply typing:

ssh HomePCJump

Your local forwarding and jumping will “just work,” allowing you to RDP by connecting to localhost:9999.

👏 Why This Workflow Rocks

  • Single Command: Jump through Linux1, Linux2, and RDP into HomePC without juggling multiple SSH sessions.
  • Automated Convenience: The ~/.ssh/config trick lets you encapsulate the complexity so you don’t think about it.
  • Lightweight and Efficient: No need to install software—just leverage OpenSSH’s built-in tools like a pro.

🚀 Time to Flex Your Skills

Deploy your newfound SSH skills, and watch your coworkers’ jaws drop as you jump through multiple network barriers with one seamless command.