Tuesday, February 16, 2016

RDP Over SSH or RDP with HTTP-Proxy (Or Any Protocol over SSH)

This tutorial address the below scenarios:

1. Alternatives X11 forwaring (X11 forwaring has performance issues)

2. RDP to a remote host using Coorporate HTTP Proxy Server

3. Circumventing, native RDP’s inablity use a corporate proxy

4. Getting the remote desktop of a public server, through corporate proxy/firewall

Typically if you’re inside your corporate network, your network will be protected by a proxy server and firewall. But suppose you would like to access the remote desktop of your Linux Machine residing in internet or in public cloud (eg. Azure). By default all TCP connections to outside will be channelled through the Proxy server and firewall rules will be applied.

We can use RDP through existing SSH Tunnel with the concept called SSH Portforwarding. In our case, TCP packets to one of our local machine port (eg. 5000) will be routed to a desired port (eg. 3389 the RDP port) on the remote host through the encrypted SSH connection. All the proxy/firewall only see the SSH connection, but wont see the RDP connection, as it will be hidden inside the SSH encrypted session.

Plese note that this does not restricted to RDP alone, you can redirect any port with SSH, May it be VNC, FTP, HTTP, HTTP,... you can use SSH to forward any protocol of your choice. One obivious advantage is you get the high security and unbreakable encryption of SSH as the base for your channels.


Lets implement this in Windows/Linux Client machines in a corporate network (with a proxy server), which want to connect to a remote Ubuntu Server in the internet.

*) Install putty

*) Provide Proxy settings  (You can check your wpad URL, to view your proxy settings)


*) Enable tunneling and forward local port 5000, to RDP port 3389 on server


*) Connect the putty session as usual to the remote server port 22


*) Open mstsc and connect to server using ‘localhost:5000’


The RDP session will be now routed through SSH, and server will respond with a RDP Loging screen.


Linux Client Machines:

** If you’re using Linux Clients like Ubuntu, Open SSH from your command line shell. The command will look like;

ssh -L 5000:localhost:3389 -p 22  -X username@  -o "ProxyCommand=nc -X connect -x xyz.proxy.org:8080 %h %p"

Here LocalHost denotes the remote machine.

Then open RDP clients like Remmina, rdesktop and connect to localhost:5000


Read more here.

No comments:

Post a Comment