IMLC.ME
Search…
en-US
Powered By GitBook
Expose RDP service by SSH port forwarding
From time to time, we need to expose our local Windows to the outside of the world. So that we can access the machine from anywhere through the Internet. However we may not get a public ip from ISP. So we wanna setup a TCP tunnel between local Windows and public server.
And here is how it goes.

Step 1: Turn on GatewayPorts

Modify /etc/ssh/sshd_config , set GatewayPorts no to yes. That will allow sshd to listen on other internet interface like 0.0.0.0. If it's no, sshd will only listen to loopback which means the external requests cannot come in.

Step 2: Establish Port Forwarding

Run command in local Windows. Change [email protected] to the real server of yours.
1
# ssh -N -R 0.0.0.0:5200:<rdp-host>:3389 <user>@<internet-host>
2
ssh -N -R 0.0.0.0:5200:localhost:3389 [email protected]
Copied!

Step 3: Open port on firewalld

You will need to open port 5200 on firewalld in order to let external requests come in.
1
sudo firewall-cmd --permanent --add-port=5200/tcp
2
sudo firewall-cmd --reload
Copied!

Step 4: Managed by systemd(Optional)

If you wanna make service stable, it's a common way to manage service by systemd. It provides the features like auto-startup, auto-restart and log management.
Create /etc/systemd/system/ssh_rdp_forwarding.service
1
# /etc/systemd/system/ssh_rdp_forwarding.service
2
[Unit]
3
Description=A SSH port forwarding for exposing RDP to the Internet
4
5
[Service]
6
Type=simple
7
ExecStart=/usr/bin/ssh -N -R 0.0.0.0:5200:10.0.0.194:3389 [email protected]
8
9
[Install]
10
WantedBy=multi-user.target
Copied!
And then run systemctl enable ssh_rdp_forwarding and systemctl start ssh_rdp_forwarding to start the service.
Now things get ready. You can rdp to your local Windows by connecting to us1.example.com:5200
Last modified 1yr ago