Try   HackMD

SSH Tunnel on Windows RDP

Architecture

  • User Story :
    From Client connect to Target by using ssh tunnel through Public Server
    Image Not Showing Possible Reasons
    • The image was uploaded to a note which you don't have access to
    • The note which the image was originally uploaded to has been deleted
    Learn More →

Prepare

  1. Target-Windows

    • 需要 Windows 專業版

    • 開啟遠端桌面 (https://support.microsoft.com/zh-tw/windows/如何使用遠端桌面-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)

    • Allow Firewall: Remember to do this
      Click Red -> Blue

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

    • Can use ssh to connect to Machine A

  2. Client

  3. Public Server (linux)

    • Prepare a unbind port for connecting
    • Setting ssh config
      I. Find out ssh config docs
      $service ssh status
      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

      II. Modify ssh config /etc/ssh/sshd_config
      • Remember to set AllowTcpForwarding yes, below is example of sshd_config.
      ​​​​​​​​
​​​​​​​​Protocol 2
​​​​​​​​UseDNS no
​​​​​​​​ClientAliveCountMax 3
​​​​​​​​ClientAliveInterval 15
​​​​​​​​VersionAddendum none
​​​​​​​​Ciphers +aes128-cbc
​​​​​​​​Port 22
​​​​​​​​# PermitRootLogin without-password
​​​​​​​​AllowTcpForwarding yes
​​​​​​​​Compression no
​​​​​​​​PasswordAuthentication yes
​​​​​​​​PubkeyAuthentication yes
​​​​​​​​GatewayPorts yes
​​​​​​​​AuthorizedKeysFile /etc/ssh/authorized_keys

​​​​​​​​# These are forced to be enabled with 2FA
​​​​​​​​UsePAM no
​​​​​​​​ChallengeResponseAuthentication no
​​​​​​​​PrintMotd no
​​​​​​​​SetEnv LC_ALL=C.UTF-8

​​​​​​​​# Sftp setting
​​​​​​​​Subsystem sftp internal-sftp

    III. Restart SSH service
    $service ssh restart

How to Do

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

  • Machine A : Just do nothing and wait for connect.

  • Machine B

    • Run below Script to export (B: port Z) to (A: Port X)
      ssh -R X:B_IP:Z A_username@A_ip
      ssh -R 11111:10.0.0.2:3389 root@123.4.5.6

  • Machine C (windows)

    • Run below Script to link (A: port X) with (C: port Y)
      ssh -L Y:C_ip:Z A_username@A_ip
      ssh -L 22222:127.0.0.1:11111 root@123.4.5.6
    • Connect to Target-win, and the Account&Password is your windows(Microsoft) Email&Password
      Image Not Showing Possible Reasons
      • The image was uploaded to a note which you don't have access to
      • The note which the image was originally uploaded to has been deleted
      Learn More →

  • Machine C (MacOS)

    • Open terminal and run below Script to link (A: port X) with (C: port Y)
      ssh -L Y:C_ip:Z A_username@A_ip
      ssh -L 22222:127.0.0.1:11111 root@123.4.5.6
    • Open windows app and Add PC (127.0.0.1:22222), then U can connect to Target

Additional

  • SSH useful cmd

    • -N : Do not execute remote commands, used mainly for port forwarding.
    • -f : Makes SSH run in the background.
    • Can use -fN at Machine B to run in background.
    • Can use -N at Client, just not execute remote commands.

  • Windows Startup Script to Run ssh tunnel at power up (Machine B)
    I. Set Env
    - Check current setting
    Get-ExecutionPolicy
    - Run Powershell by Admin
    Set-ExecutionPolicy Unrestricted

    Image Not Showing Possible Reasons
    • The image was uploaded to a note which you don't have access to
    • The note which the image was originally uploaded to has been deleted
    Learn More →

    II. Create Startup Script
    - Create a script.ps1 and run.bat
    - script.ps1:
    $sshCommand = "ssh -fN -R X:B_IP:Z A_username@A_ip"
    Start-Process powershell -ArgumentList "-Command", $sshCommand -NoNewWindow
    - run.bat
    Powershell.exe -executionpolicy remotesigned -File C:\Users\USER\FOLDER\script.ps1
    III. Set Startup Script
    - Type win+R key in shell:startup, it'll show a folder of startup

    Image Not Showing Possible Reasons
    • The image was uploaded to a note which you don't have access to
    • The note which the image was originally uploaded to has been deleted
    Learn More →

    - Create a Shortcut in startup folder
    Image Not Showing Possible Reasons
    • The image was uploaded to a note which you don't have access to
    • The note which the image was originally uploaded to has been deleted
    Learn More →

    - Good! Finished! This script will run at powerup

  • TODO: autossh

Reference

Last changed by 
Liuming9124
0
129

Read more

Latex for Vscode

Miktek

Oct 25, 2024
DragonFish

service netdata stop

Jun 9, 2024
送餐機器人畢業專題

https://ithelp.ithome.com.tw/articles/10242343

Mar 21, 2024
Langchain

可以記錄所有對話並傳遞至下一次對話中

Nov 3, 2023
Read more from Liuming9124
Published on HackMD