# SSH Tunnel on Windows RDP ## Architecture - User Story : From Client connect to Target by using ssh tunnel through Public Server  ## Prepare 1. Target-Windows * 需要 Windows 專業版 * 開啟遠端桌面 (https://support.microsoft.com/zh-tw/windows/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8%E9%81%A0%E7%AB%AF%E6%A1%8C%E9%9D%A2-5fe128d5-8fb1-7a23-3b8a-41e636865e8c) * Allow Firewall: Remember to do this Click Red -> Blue       * Can use ssh to connect to **Machine A** 2. Client - Can use ssh command and connect to **Machine A** - If Macos -> Download *Windows App* (https://apps.apple.com/tw/app/windows-app-mobile/id714464092) 3. Public Server (linux) - Prepare a unbind port for connecting - Setting ssh config I. Find out ssh config docs `$service ssh status`  II. Modify ssh config `/etc/ssh/sshd_config` - Remember to set `AllowTcpForwarding yes`, below is example of sshd_config. ``` Protocol 2 UseDNS no ClientAliveCountMax 3 ClientAliveInterval 15 VersionAddendum none Ciphers +aes128-cbc Port 22 # PermitRootLogin without-password AllowTcpForwarding yes Compression no PasswordAuthentication yes PubkeyAuthentication yes GatewayPorts yes AuthorizedKeysFile /etc/ssh/authorized_keys # These are forced to be enabled with 2FA UsePAM no ChallengeResponseAuthentication no PrintMotd no SetEnv LC_ALL=C.UTF-8 # Sftp setting Subsystem sftp internal-sftp ``` III. Restart SSH service `$service ssh restart` ## How to Do  - Machine A : Just do nothing and wait for connect. - Machine B - Run below Script to export (B: port Z) to (A: Port X) `ssh -R X:B_IP:Z A_username@A_ip` `ssh -R 11111:10.0.0.2:3389 root@123.4.5.6` - Machine C (windows) - Run below Script to link (A: port X) with (C: port Y) `ssh -L Y:C_ip:Z A_username@A_ip` `ssh -L 22222:127.0.0.1:11111 root@123.4.5.6` - Connect to Target-win, and the Account&Password is your windows(Microsoft) Email&Password  - Machine C (MacOS) - Open terminal and run below Script to link (A: port X) with (C: port Y) `ssh -L Y:C_ip:Z A_username@A_ip` `ssh -L 22222:127.0.0.1:11111 root@123.4.5.6` - Open windows app and Add PC (127.0.0.1:22222), then U can connect to Target ## Additional - SSH useful cmd - `-N` : Do not execute remote commands, used mainly for port forwarding. - `-f` : Makes SSH run in the background. - Can use `-fN` at **Machine B** to run in background. - Can use `-N` at **Client**, just not execute remote commands. - Windows Startup Script to Run ssh tunnel at power up (**Machine B**) I. Set Env - Check current setting `Get-ExecutionPolicy` - Run Powershell by Admin `Set-ExecutionPolicy Unrestricted`  II. Create Startup Script - Create a `script.ps1` and `run.bat` - script.ps1: ` $sshCommand = "ssh -fN -R X:B_IP:Z A_username@A_ip" ` ` Start-Process powershell -ArgumentList "-Command", $sshCommand -NoNewWindow ` - run.bat ` Powershell.exe -executionpolicy remotesigned -File C:\Users\USER\FOLDER\script.ps1 ` III. Set Startup Script - Type `win+R` key in `shell:startup`, it'll show a folder of startup  - Create a Shortcut in startup folder  - Good! Finished! This script will run at powerup - TODO: autossh ## Reference - Microsoft Windows 遠端桌面 https://support.microsoft.com/zh-tw/windows/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8%E9%81%A0%E7%AB%AF%E6%A1%8C%E9%9D%A2-5fe128d5-8fb1-7a23-3b8a-41e636865e8c - 好用SSH tunnel教學 https://johnliu55.tw/ssh-tunnel.html - App store Windows app https://apps.apple.com/tw/app/windows-app-mobile/id714464092 - Powershell Docs https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.4