Skip to content

Instantly share code, notes, and snippets.

Created January 9, 2017 19:18
Show Gist options
  • Save mcenirm/cbf0f6570d8022328b8057be2791008e to your computer and use it in GitHub Desktop.
Save mcenirm/cbf0f6570d8022328b8057be2791008e to your computer and use it in GitHub Desktop.
Remote desktop (RDP) via SSH tunnel (using Microsoft Remote Desktop for Mac)


Connect to remote desktop services via a bastion host using an SSH tunnel. Helpful when you have SSH access to a (eg, Linux) server with network access to the remote desktop hosts.

This works with Mac OS X, because it comes with SSH and Microsoft makes a pretty good RD client for Mac. The same overall approach should work with other SSH clients and other RD clients.

Note: This approach is not recommended for anyone. Instead, one should use a Remote Desktop Gateway (on Windows Server) or a real VPN.


Requires the following information:

  • Hostname of the bastion host
  • Hostnames of the remote desktop hosts, as viewed from the bastion host.
  1. Save ssh-config-rdp to ~/.ssh/ and edit as indicated in file.
  2. Save rdp_via_bastion.bash to preferred bin directory (eg, ~/bin or /usr/local/bin) and chmod +x.
  3. Import remote0_via_bastion.rdp into Microsoft Remote Desktop app, then edit to fix name and other settings.
  4. Repeat with remote1_via_bastion.rdp.


  1. Run rdp_via_bastion.bash to create the SSH tunnel.
  2. Connect to saved session. Note: Expect complaints about certificate mismatch.

To add a new remote address, edit ~/.ssh/ssh-config-rdp and add a new line:

  LocalForward  13392 remote2.some.address:3389

Then add a new saved session in Microsoft Remote Desktop app. Be sure to match the localhost port number.

ssh -F ${HOME}/.ssh/ssh-config-rdp bastion
full address:s:localhost:13390
full address:s:localhost:13391
Host bastion
HostName <Specify actual hostname for bastion>
LocalForward 13390 <Specify hostname for remote0>:3389
LocalForward 13391 <Specify hostname for remote1>:3389
<Other SSH settings...>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment