{"id":288,"date":"2024-04-30T08:11:54","date_gmt":"2024-04-30T13:11:54","guid":{"rendered":"https:\/\/tech.my-netsol.com\/?p=288"},"modified":"2025-07-26T14:10:51","modified_gmt":"2025-07-26T19:10:51","slug":"ssh-tunnel-for-rdp-use","status":"publish","type":"post","link":"https:\/\/tech.my-netsol.com\/?p=288","title":{"rendered":"SSH Tunnel for RDP use!"},"content":{"rendered":"<h1>Streamlined SSH Tunnels for RDP: Jump Hosts and One-Liner Magic<\/h1>\n<p>Imagine being a sysadmin ninja, crafting multi-hop SSH tunnels and punching through firewalls like a legend, all without breaking a sweat. If you\u2019ve ever wrestled with layer-upon-layer of SSH hops to access a remote RDP session, you\u2019re probably looking to add some real efficiency to your workflow. Well, I&#8217;ve got some good news: you can replace all those clunky, multi-step connections with <strong>a single, glorious SSH command<\/strong>.<\/p>\n<p>Ready? Let\u2019s explore how to set up RDP properly with SSH Tunneling using the mighty <code>-J<\/code> option for SSH. Whether you\u2019re a seasoned pro or trying to level up your game, we\u2019ll streamline this process with explanations, code, and even a crispy <code>~\/.ssh\/config<\/code> trick for extra spice.<\/p>\n<h2>\ud83d\udee0\ufe0f The Problem: Multi-Hop RDP Access<\/h2>\n<p>Here\u2019s the situation:<\/p>\n<ul>\n<li>You\u2019re on <strong>PC1<\/strong> (your local desktop at work).<\/li>\n<li>Your company network has an SSH-accessible server, <strong>Linux1<\/strong>, which can connect outward.<\/li>\n<li>Behind <strong>Linux1<\/strong> is another server, <strong>Linux2<\/strong>, which has access to your target RDP server (<strong>HomePC<\/strong>).<\/li>\n<\/ul>\n<p>Previously, you might have manually SSH-ed into Linux1, set up a tunnel, SSH-ed into Linux2, and set up yet another tunnel. By the time you\u2019ve done all this, you\u2019re juggling so many terminal windows, you feel like an air traffic controller.<\/p>\n<p>Enter <code>-J<\/code>: OpenSSH\u2019s <strong>ProxyJump<\/strong> option wipes all of that pain away and lets you chain SSH connections with <em>one clean shot<\/em>.<\/p>\n<h2>\ud83c\udf1f The Hero: One SSH Command to Rule Them All<\/h2>\n<p>Here\u2019s the single command to make it all happen:<\/p>\n<pre><code>ssh -J user@Linux1,user@Linux2 -L 9999:HomePC:3389 user@Linux2<\/code><\/pre>\n<h3>Breakdown of the Command:<\/h3>\n<ul>\n<li><strong><code>-J user@Linux1,user@Linux2:<\/code><\/strong> ProxyJump connects first to Linux1, then chains to Linux2 without you needing to manually SSH between hops.<\/li>\n<li><strong><code>-L 9999:HomePC:3389:<\/code><\/strong> Sets up a local listening port on PC1 (<code>9999<\/code>) and forwards traffic to HomePC\u2019s RDP server on port <code>3389<\/code>.<\/li>\n<li><strong><code>user@Linux2:<\/code><\/strong> Required as the target server, because Linux2 is where traffic is passed to HomePC.<\/li>\n<\/ul>\n<p>With one command, you go from PC1 through Linux1 and Linux2, and connect RDP directly to HomePC. Now, just open your RDP client and point it to:<\/p>\n<pre><code>localhost:9999<\/code><\/pre>\n<p><em>Congratulations, you\u2019ve just simplified your life.<\/em><\/p>\n<h2>\u2611\ufe0f Requirements for Success<\/h2>\n<p>Before you start toasting yourself as the office SSH wizard, make sure these few things are in place:<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li><strong>OpenSSH Version 7.3 or Later:<\/strong> The <code>-J<\/code> option for ProxyJump requires OpenSSH &gt;= 7.3. Check your version with:<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre><code>ssh -V<\/code><\/pre>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li><strong>Connectivity Between Hosts:<\/strong> Ensure <code>Linux1<\/code> can SSH to <code>Linux2<\/code>, and <code>Linux2<\/code> can reach <code>HomePC<\/code> on port 3389.<\/li>\n<li><strong>Port Forwarding on Linux2:<\/strong> Verify that it\u2019s allowed via <code>ssh_config<\/code>. Edit <code>\/etc\/ssh\/sshd_config<\/code> on Linux2 and confirm:<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre><code>AllowTcpForwarding yes<\/code><\/pre>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li><strong>DNS or IP Resolution:<\/strong> From Linux2, ensure \u201c<code>HomePC<\/code>\u201d resolves properly to an internal IP. Test it:<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre><code>ping HomePC\nnc -z HomePC 3389<\/code><\/pre>\n<h2>\ud83e\udd77 Pro Tip: Simplify Your Life with <code>~\/.ssh\/config<\/code><\/h2>\n<p>Typing out that long command every time? That\u2019s&#8230; a no. Let\u2019s make it even cleaner by setting an alias with your SSH configuration file.<\/p>\n<h3>Step 1: Edit Your SSH Config<\/h3>\n<pre><code>nano ~\/.ssh\/config<\/code><\/pre>\n<p>Add the following configuration:<\/p>\n<pre><code>Host Linux1\n  HostName \n  User user\n\nHost Linux2\n  HostName \n  User user\n  ProxyJump Linux1\n\nHost HomePCJump\n  HostName HomePC\n  User user\n  ProxyJump Linux2\n  LocalForward 9999 HomePC:3389<\/code><\/pre>\n<h3>Step 2: Use the Alias<\/h3>\n<p>Now you can connect to HomePC by simply typing:<\/p>\n<pre><code>ssh HomePCJump<\/code><\/pre>\n<p>Your local forwarding and jumping will \u201cjust work,\u201d allowing you to RDP by connecting to <code>localhost:9999<\/code>.<\/p>\n<h2>\ud83d\udc4f Why This Workflow Rocks<\/h2>\n<ul>\n<li><strong>Single Command:<\/strong> Jump through Linux1, Linux2, and RDP into HomePC without juggling multiple SSH sessions.<\/li>\n<li><strong>Automated Convenience:<\/strong> The <code>~\/.ssh\/config<\/code> trick lets you encapsulate the complexity so you don\u2019t think about it.<\/li>\n<li><strong>Lightweight and Efficient:<\/strong> No need to install software\u2014just leverage OpenSSH\u2019s built-in tools like a pro.<\/li>\n<\/ul>\n<h2>\ud83d\ude80 Time to Flex Your Skills<\/h2>\n<p>Deploy your newfound SSH skills, and watch your coworkers\u2019 jaws drop as you jump through multiple network barriers with one seamless command.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Streamlined SSH Tunnels for RDP: Jump Hosts and One-Liner Magic Imagine being a sysadmin ninja, crafting multi-hop SSH tunnels and punching through firewalls like a legend, all without breaking a sweat. If you\u2019ve ever wrestled with layer-upon-layer of SSH hops to access a remote RDP session, you\u2019re probably looking to add some real efficiency to &#8230; <a title=\"SSH Tunnel for RDP use!\" class=\"read-more\" href=\"https:\/\/tech.my-netsol.com\/?p=288\" aria-label=\"Read more about SSH Tunnel for RDP use!\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[10,11,13],"tags":[],"class_list":["post-288","post","type-post","status-publish","format-standard","hentry","category-gen-net","category-linux","category-msos"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts\/288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=288"}],"version-history":[{"count":4,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts\/288\/revisions"}],"predecessor-version":[{"id":307,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts\/288\/revisions\/307"}],"wp:attachment":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}