Riaan's SysAdmin Blog

My tips, howtos, gotchas, snippets and stuff. Use at your own risk!

rdesktopRDPSSH

RDP Through SSH Server

admin

Sometimes it becomes necessary to access Windows hosts not exposed externally and you do have a SSH server that is exposed as a "jumphost". Quick notes on my usage.

Create the tunnel to the jumpbox.

$ ssh -p 22 -L 13389:10.3.1.4:3389 -i my-ssh-key user@<public-IP>
Last login: Tue Sep 19 16:49:54 2017

Connect using RDP to the local host:port.

$ rdesktop localhost:13389
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
WARNING: Remote desktop does not support colour depth 24; falling back to 16

Example script...

$ cat rdesktop_jumphost.sh 
#!/bin/bash
#
#: Script Name  : rdesktop_jumphost.sh
#: Version      : 0.1.3
#: Author       : Riaan Rossouw
#: Date Created : October 21, 2017
#: Date Updated : October 22, 2017
#: Description  : Use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost
#: Examples     : rdesktop_jumphost.sh -F configfile -u user -g 1024x768

usage()
{
cat << EOF
usage: $0 options

This script use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost

OPTIONS:
           -h show this message.
           -F ssh config file (required).
 	   -s servername (HostName in ssh config) (required).
           -u pass username to rdesktop.
	   -g desktop geometry (WxH)
EOF
}

while getopts "hF:s:u:g:" OPTION
 do
  case $OPTION in
   h) usage; exit 1;;
   F) configfile=$OPTARG;;
   s) HostName=$OPTARG;;
   u) username=$OPTARG;;
   g) geometry=$OPTARG;;
   \?) usage; exit 1;;
  esac
 done

NUMARGS=$#
if [ $NUMARGS -eq 0 ]; then
  usage
  exit 1
fi

PARAMS="-u $username"
PARAMS+=" -g $geometry"

localRdpPort=33389

privateIP=$(awk  "/^Host ${HostName}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
jumphost=$(awk "/^Host ${HostName}$/{x=1}x&&/ProxyJump/{print \$2;exit}" ~/.ssh/$configfile)

if [ -z "$jumphost" ]
then
  rdesktop $PARAMS privateIP:3389
else
  jumphostIP=$(awk "/^Host ${jumphost}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
  jumpuser=$(awk "/^Host ${jumphost}$/{x=1}x&&/User/{print \$2;exit}" ~/.ssh/$configfile)
  identityfile=$(awk "/^Host ${jumphost}$/{x=1}x&&/IdentityFile/{print \$2;exit}" ~/.ssh/$configfile)
  ssh -f -N -p 22 -L $localRdpPort:$privateIP:3389 -i $identityfile $jumpuser@$jumphostIP
  tunnelpid=$(ps -ef | grep $localRdpPort | grep -v grep | awk '{print $2}')
  rdesktop $PARAMS localhost:$localRdpPort
  kill $tunnelpid
fi

admin

Bio Info for Riaan