To Configure the Reverse Connection of the RDP (Using SSH as a Proxy)

 Basic Conditions

  1. A Windows desktop (“Windows Client” hereunder) with the RDP service enabled and Putty installed. It is location is not fixed and its users do not have the permission to configure the router it connected to.
  2. A Linux server (“Linux Server” hereunder), which can be accessed via the Internet using SSH (In this post, a Debian server with OpenSSH installed is used.).

Demand

Enable a user to connect to the the Windows Client via the Internet using Remote Desktop protocol.

Steps

1. Try if the Linux Server is accessible via SSH using the following commandplink.EXE -Path\of\Your\PrivateKey.

plink.EXE -Path\of\Your\PrivateKey.ppk username@domain.com -P 3333 -R3389:localhost:3389 -N

This command uses the public key authentication (-i) and connects to the Linux Server listening on port 3333 (-P) instead of the default port of 22. The option -R is the key to the whole configuration. It asks the plink to listen the port 3389 on the Linux Server and forward its data to the port 3389 on the Windows Client. -N means not to start a shell.

2. Modifying sshd_config is also required. Add the following lines to the end of the mentioned file:

Match User username

GatewayPorts yes

This setting allows the user “username” to listen to external ports.

3. Other issues include: to config firewalls (such as Windows Firewall, Linux firewall or the firewall from anti-virus software) correctly and to restart the SSH service to implement the new settings.

4. Check the connection: after finishing the SSH configuration, try to execute the command mentioned in the first step and then use another SSH client to login to the Linux Server. After login, execute the following command netstat -tunap and you should be able to find some lines similar to the output shown as follows

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp    0 0 0.0.0.0:3389              0.0.0.0:*               LISTEN 888/sshd: username

This indicates that the sshd is listening the specified port as set in the option -R.

5. If everything goes well, a user can access the Windows Client via RDP by using Linux Server’s IP/Domain name + port number.

6. Additional step: The above settings have a big problem. If the Windows Client loses the Internet connection accidentally, even if the connection resumes after that, the reverse connection cannot be established since the connection of plink was lost. One solution to this problem is to run plink in a loop, as follows:

:loop
plink.EXE -i Path\of\Your\PrivateKey.ppk username@domain.com -P 3333 -R 3389:localhost:3389 -N
timeout /t 300
goto loop

Save the above lines to a *.bat file. Run the batch file when RDP is needed.

 

This post makes references to the following two posts, especially the first one:

  1. http://blog.phpdr.net/ssh%E5%8F%8D%E5%90%91%E9%9A%A7%E9%81%93%E8%BF%9E%E6%8E%A5%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2.html (Chinese version only)
  2. https://blog.netspi.com/how-to-access-rdp-over-a-reverse-ssh-tunnel (English version only)

Leave a Reply

Your email address will not be published. Required fields are marked *