RDP Through SSH Server

RDP Through SSH Server

Sometimes it becomes necessary to access Windows hosts not exposed externally and you do have a SSH server that is exposed as a “jumphost”. Quick notes on my usage.

Create the tunnel to the jumpbox.

$ ssh -p 22 -L 13389:10.3.1.4:3389 -i my-ssh-key user@<public-IP>
Last login: Tue Sep 19 16:49:54 2017

Connect using RDP to the local host:port.

$ rdesktop localhost:13389
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
WARNING: Remote desktop does not support colour depth 24; falling back to 16

Example script…

$ cat rdesktop_jumphost.sh 
#!/bin/bash
#
#: Script Name  : rdesktop_jumphost.sh
#: Version      : 0.1.3
#: Author       : Riaan Rossouw
#: Date Created : October 21, 2017
#: Date Updated : October 22, 2017
#: Description  : Use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost
#: Examples     : rdesktop_jumphost.sh -F configfile -u user -g 1024x768

usage()
{
cat << EOF
usage: $0 options

This script use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost

OPTIONS:
           -h show this message.
           -F ssh config file (required).
 	   -s servername (HostName in ssh config) (required).
           -u pass username to rdesktop.
	   -g desktop geometry (WxH)
EOF
}

while getopts "hF:s:u:g:" OPTION
 do
  case $OPTION in
   h) usage; exit 1;;
   F) configfile=$OPTARG;;
   s) HostName=$OPTARG;;
   u) username=$OPTARG;;
   g) geometry=$OPTARG;;
   \?) usage; exit 1;;
  esac
 done

NUMARGS=$#
if [ $NUMARGS -eq 0 ]; then
  usage
  exit 1
fi

PARAMS="-u $username"
PARAMS+=" -g $geometry"

localRdpPort=33389

privateIP=$(awk  "/^Host ${HostName}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
jumphost=$(awk "/^Host ${HostName}$/{x=1}x&&/ProxyJump/{print \$2;exit}" ~/.ssh/$configfile)

if [ -z "$jumphost" ]
then
  rdesktop $PARAMS privateIP:3389
else
  jumphostIP=$(awk "/^Host ${jumphost}$/{x=1}x&&/HostName/{print \$2;exit}" ~/.ssh/$configfile)
  jumpuser=$(awk "/^Host ${jumphost}$/{x=1}x&&/User/{print \$2;exit}" ~/.ssh/$configfile)
  identityfile=$(awk "/^Host ${jumphost}$/{x=1}x&&/IdentityFile/{print \$2;exit}" ~/.ssh/$configfile)
  ssh -f -N -p 22 -L $localRdpPort:$privateIP:3389 -i $identityfile $jumpuser@$jumphostIP
  tunnelpid=$(ps -ef | grep $localRdpPort | grep -v grep | awk '{print $2}')
  rdesktop $PARAMS localhost:$localRdpPort
  kill $tunnelpid
fi

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.