Sometimes it becomes necessary to access Windows hosts not exposed externally and you do have a SSH server that is exposed as a \"jumphost\". Quick notes on my usage.<\/p>\n
Create the tunnel to the jumpbox.<\/p>\n
\r\n$ ssh -p 22 -L 13389:10.3.1.4:3389 -i my-ssh-key user@<public-IP>\r\nLast login: Tue Sep 19 16:49:54 2017\r\n<\/pre>\nConnect using RDP to the local host:port.<\/p>\n
\r\n$ rdesktop localhost:13389\r\nAutoselected keyboard map en-us\r\nFailed to negotiate protocol, retrying with plain RDP.\r\nWARNING: Remote desktop does not support colour depth 24; falling back to 16\r\n<\/pre>\nExample script...<\/p>\n
\r\n$ cat rdesktop_jumphost.sh \r\n#!\/bin\/bash\r\n#\r\n#: Script Name : rdesktop_jumphost.sh\r\n#: Version : 0.1.3\r\n#: Author : Riaan Rossouw\r\n#: Date Created : October 21, 2017\r\n#: Date Updated : October 22, 2017\r\n#: Description : Use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost\r\n#: Examples : rdesktop_jumphost.sh -F configfile -u user -g 1024x768\r\n\r\nusage()\r\n{\r\ncat << EOF\r\nusage: $0 options\r\n\r\nThis script use ssh config file to pull enough information to rdp to windows servers through a ssh jumphost\r\n\r\nOPTIONS:\r\n -h show this message.\r\n -F ssh config file (required).\r\n \t -s servername (HostName in ssh config) (required).\r\n -u pass username to rdesktop.\r\n\t -g desktop geometry (WxH)\r\nEOF\r\n}\r\n\r\nwhile getopts "hF:s:u:g:" OPTION\r\n do\r\n case $OPTION in\r\n h) usage; exit 1;;\r\n F) configfile=$OPTARG;;\r\n s) HostName=$OPTARG;;\r\n u) username=$OPTARG;;\r\n g) geometry=$OPTARG;;\r\n \\?) usage; exit 1;;\r\n esac\r\n done\r\n\r\nNUMARGS=$#\r\nif [ $NUMARGS -eq 0 ]; then\r\n usage\r\n exit 1\r\nfi\r\n\r\nPARAMS="-u $username"\r\nPARAMS+=" -g $geometry"\r\n\r\nlocalRdpPort=33389\r\n\r\nprivateIP=$(awk "\/^Host ${HostName}$\/{x=1}x&&\/HostName\/{print \\$2;exit}" ~\/.ssh\/$configfile)\r\njumphost=$(awk "\/^Host ${HostName}$\/{x=1}x&&\/ProxyJump\/{print \\$2;exit}" ~\/.ssh\/$configfile)\r\n\r\nif [ -z "$jumphost" ]\r\nthen\r\n rdesktop $PARAMS privateIP:3389\r\nelse\r\n jumphostIP=$(awk "\/^Host ${jumphost}$\/{x=1}x&&\/HostName\/{print \\$2;exit}" ~\/.ssh\/$configfile)\r\n jumpuser=$(awk "\/^Host ${jumphost}$\/{x=1}x&&\/User\/{print \\$2;exit}" ~\/.ssh\/$configfile)\r\n identityfile=$(awk "\/^Host ${jumphost}$\/{x=1}x&&\/IdentityFile\/{print \\$2;exit}" ~\/.ssh\/$configfile)\r\n ssh -f -N -p 22 -L $localRdpPort:$privateIP:3389 -i $identityfile $jumpuser@$jumphostIP\r\n tunnelpid=$(ps -ef | grep $localRdpPort | grep -v grep | awk '{print $2}')\r\n rdesktop $PARAMS localhost:$localRdpPort\r\n kill $tunnelpid\r\nfi\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Sometimes it becomes necessary to access Windows hosts not exposed externally and you do have a SSH server that is<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[94,86,21],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1121"}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1121"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1121\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}