NoMachine via SSH MITM Relay Server

# NoMachine via SSH MITM Relay Server # Overview **3 Different Computers are Involved** 1. Rented VPS 2. Windows Computer you wish to remotely control 3. Your Computer you wish to control the Windows Computer From # Setup - Rented VPS 1. [https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04) 2. Create a new user for the Windows Computer 3. Create another new user for Your Computer 4. Generate and Install ssh keys on each devices associated user 5. `sudo pkill -U username` will force the clients autossh deamon to reset 6. If setup, `ssh $WINDOWS_USER@localhost -p $REMOTELY_BINDED_PORT` will login to the forwarded cygwin openssh shell # Setup - Windows Computer ### Cygwin 1. Install cygwin [https://www.cygwin.com/install.html](https://www.cygwin.com/install.html) 2. [Configure cygwin](https://github.com/ceberous/unixSettings/wiki/Cygwin-Install-Procedure-From:-https:--gist.github.com-roxlu-5038729) 3. [https://guysherman.com/2013/11/02/my-ultimate-cygwin-setup/](https://guysherman.com/2013/11/02/my-ultimate-cygwin-setup/) 4. Re-Run Cygwin installer if necessary to install autossh , nano 5. Generate an ssh keypair on the main cygwin user and install it to on the associated Rented VPS user's _authorized_hosts_ file 5. Optional: [https://github.com/transcode-open/apt-cyg](https://github.com/transcode-open/apt-cyg) 6. Misc: [https://stackoverflow.com/questions/4090301/root-user-sudo-equivalent-in-cygwin](https://stackoverflow.com/questions/4090301/root-user-sudo-equivalent-in-cygwin) 7. From Inside cygwin shell: `cygstart.exe C:/Windows/System32/calc.exe` ### NoMachine 1. Install [https://www.nomachine.com/download](https://www.nomachine.com/download) 2. Configure [https://forums.nomachine.com/topic/how-can-i-disable-system-tray-notifications](https://forums.nomachine.com/topic/how-can-i-disable-system-tray-notifications) ### Create Utility Batch Scripts and Service 1. Load the cygwin shell and create a bash script **start_remote_port_forward_to_mitm_rented_vps.sh** one the home dirctory ( I don't know why, but this always true equality check was the first way found to get autossh to run with -f flag from inside bash script ) ``` #!/usr/bin/bash b=1; c=1; if [ "$b" -eq "$c" ]; then # For Default NoMachine /usr/bin/autossh -M $SOME_EPHEMERAL_REMOTE_MONITOR_PORT -f -N -R $SOME_EPHEMERAL_REMOTE_ePORT:localhost:4000 $RENTED_VPS_WINDOWS_USER@$RENTED_VPS_IP \ -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o IdentitiesOnly=yes \ -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR \ -i /home/$CYGWIN_MAIN_USER/$SSH_PRIVATE_KEY # Optional: For Remote SSH Login /usr/bin/autossh -M $SOME_EPHEMERAL_REMOTE_MONITOR_PORT -f -N -R $SOME_EPHEMERAL_REMOTE_PORT:localhost:22 $RENTED_VPS_WINDOWS_USER@$RENTED_VPS_IP \ -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o IdentitiesOnly=yes \ -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR \ -i /home/$CYGWIN_MAIN_USER/$SSH_PRIVATE_KEY fi ``` 2. Create a Batch File `C:\cygwin64\start_remote_port_forward_to_mitm_rented_vps.bat` that will called from a windows service started at each reboot 2. Download Service Manager to C:\cygwin64\nssm.exe: [https://nssm.cc/download](https://nssm.cc/download) 3. Load Regular Administrative Command Prompt and run `nssm.exe install AutoSSH-MITM-VPS` 4. Select the C:\cygwin64\start_remote_port_forward_to_mitm_rented_vps.bat file # Setup - Your Computer 1. Make Connivence Script that Binds Locally to the same 4000-default-NoMachine-port bound to the Rented VPS MITM Server that is Remotely Bound from the Windows Computer. `sudo nano /usr/local/bin/bind_to_mitm_rented_vps_windows_nomachine_port` ``` #!/bin/bash ssh -N -f -L $SOME_EPHEMERAL_LOCAL_PORT:localhost:$SOME_EPHEMERAL_REMOTE_PORT:localhost $RENTED_MITM_VPS_USER@$RENTED_MITM_VPS_IP -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -i /Users/$YOUR_COMPUTER_USER/.ssh/$RENTED_MITM_VPS_PRIVATE_KEY ``` 2. Now you can create a new normal NoMachine Connection but use $SOME_EPHEMERAL_LOCAL_PORT 3. [https://4loc.wordpress.com/2012/11/30/local-vs-remote-port-forwarding/](https://4loc.wordpress.com/2012/11/30/local-vs-remote-port-forwarding/)