Connect to remote desktop services via a bastion host using an SSH tunnel. Helpful when you have SSH access to a (eg, Linux) server with network access to the remote desktop hosts.
This works with Mac OS X, because it comes with SSH and Microsoft makes a pretty good RD client for Mac. The same overall approach should work with other SSH clients and other RD clients.
Note: This approach is not recommended for anyone. Instead, one should use a Remote Desktop Gateway (on Windows Server) or a real VPN.
Requires the following information:
- Hostname of the bastion host
- Hostnames of the remote desktop hosts, as viewed from the bastion host.
- Save
ssh-config-rdpto~/.ssh/and edit as indicated in file. - Save
rdp_via_bastion.bashto preferred bin directory (eg,~/binor/usr/local/bin) andchmod +x. - Import
remote0_via_bastion.rdpinto Microsoft Remote Desktop app, then edit to fix name and other settings. - Repeat with
remote1_via_bastion.rdp.
- Run
rdp_via_bastion.bashto create the SSH tunnel. - Connect to saved session. Note: Expect complaints about certificate mismatch.
To add a new remote address, edit ~/.ssh/ssh-config-rdp and add a new line:
LocalForward 13392 remote2.some.address:3389
Then add a new saved session in Microsoft Remote Desktop app. Be sure to match the localhost port number.