Forum / Remote Desktop Manager - Support

SSH tunneling - How to configure?

Dear Devolutions,

We are in the process of testing with SSH tunneling as a better solution for a Jumphost.
Since we are not familiar with this technology, i have some questions:


1. Do you have a step by step manuel how to configure a ssh server?
2. How would one configure the SSH tunneling session in RDM?
3. What RDM variable can be used to give the correct destination IPadres to the SSH tunnel?
For example, in a SSH tunnel you have to configure a destination IP. Logically this would the IP address of the server you want to RDP to.
Or you have a web session in RDM. How would one configure the SSH tunnel session and the Web session in order to setup the tunnel and connect to the webpage via the ipadres?
Thanks in advance.

Clock3 mths

Hello,

I may think that all the information's that you are looking for a present in this article
https://help.remotedesktopmanager.com/howto-setupsshtunnel.htm

If you have other specific questions, please let us know.

Best regards,



Jeff Dagenais

signaturesignature

Clock3 mths

Hi Jeff,
Thanks for the quick reply. I read the article, and it's pretty straightforward.
the article describes how to create a tunnel and configure 1 RDP session to go through the tunnel.
However, we have like 1000 RDP connections, and 50 web sessions and a dozen of ssh sessions.
Do we have to configure a SSH tunnel session for each of the sessions we have?
Or can we reuse the tunnel? How would we configure the tunnel with the remote Ipadres (see number 5 in the picture). Is there a variable we can use in the remote IP setting of the tunnel to reflect the ipaddress of the RDP session?
How would we use the parameter in conjunction with websessions, because websessions have no IP like RDP, but have an URL with an IP address in it.

Clock3 mths

Hello,

Indeed, you can reuse the SSH Tunnel session. You can also set it at the folder level and set your child sessions to be inherited.

Not sure about the variables, could you post a screenshot of where you want to use a variable exactly and where the information will be located in RDM please.

Best regards,



Jeff Dagenais

signaturesignature

Clock3 mths

hello,
See the attached screenshots below:
In the SSH tunnel session you have to specify a remote IPaddress. I assume that's the ipaddress of the remote host were you want to connect to.

image


An RDP session is configured with the ipaddress of the remote host:
image
Or with a websession:
image


How can i dynamically get the ipaddresses configured in the RDP/WEB/SSH sessions be configured as remote host in the SSH tunnel? By variable, like $HOST$?

Clock3 mths

Hi,

Base on your printscreen, using $HOST$ as variable, will not create dynamic tunnel. Doing this setup could failed, if you start multiple session at the same time because they will try to use the same local IP/Port.

If the SSH server have this feature not block, you could configure the Outgoing Tunnel Settings as Dynamic with a ephemeral port.

SSH Tunnel Dynamic

Now for the Web Browser entry, this will work for Firefox or Chrome browser.
Under the Proxy setting you have to set the Socks 5 server only.

The URL under the General tab will be the as usual one.

Proxy Web Browser

If you would like to configure the same for SSH Tunnel I also explain this at this forum topic.
https://forum.devolutions.net/topic29784-ssh-gateway.aspx#post118297

Best regards,



David Grandolfo

signaturesignature

SSH_Tunnel_Dynamic.jpg
Proxy_Web_Browser.jpg
Clock3 mths

Hi David,
Thanks for the clarification on the subject. I have tested a bit and got it working with a dynamic tunnel and SOCKS5 proxy. However the following things i can't get working:
1. SOCKS proxy with Mozilla Firefox embedded browser. It cant load the page. Looks like the traffic is not going through.
2. RDP with SSH tunneling. When i configure RDP and a local tunnel like described in this article: https://help.remotedesktopmanager.com/howto-setupsshtunnel.htm i get an error message that no console session could be made because a console session is already active. But the checkbox open as console session is unthicked in the RDP session. When configuring a dynamic tunnel, the RDP session can't reach the destination.
Also i have the following questions:
1. Why does the embedded internet explorer browser in RDP not support proxies? or in particular a SOCKS5 proxy?
2. Is it possible to authenticate the ssh tunnel with you logged in domain user account? That way our 50 users don't use the one and same user account to connect to the ssh tunnel.
Thanks in advance.
Valid Operations.

Clock8 days

Hello,

We are limited in IE embedded (as well as external) because the support provided by Microsoft on IE is very limited.
This may explain why there's no socks5 proxy in the IE web browser session.

To authenticate using your own credentials, you would need to create a credential entry inside your private vault containing your own credentials and use the User Specific Settings to authenticate using the credentials saved in your private vault. Please consult links below for more information's on these 2 features
https://help.remotedesktopmanager.com/view_navigation_privatevault.htm
https://help.remotedesktopmanager.com/edit_userspecificsettings.htm

Best regards,



Jeff Dagenais

signaturesignature

Clock6 days

Hi Jeff,
Thanks for the answers. I will look into this.


Any idea on the remaining issues i described:
1. SOCKS proxy with Mozilla Firefox embedded browser. It cant load the page. Looks like the traffic is not going through.
2. RDP with SSH tunneling. When i configure RDP and a local tunnel like described in this article: https://help.remotedesktopmanager.com/howto-setupsshtunnel.htm i get an error message that no console session could be made because a console session is already active. But the checkbox open as console session is unthicked in the RDP session. When configuring a dynamic tunnel, the RDP session can't reach the destination.
Furthermore i tested with addons to use with ssh tunneling. For example SQL management studio. i didn't get it working.
How should i configure the tunnel, and should i use SQL management studio in conjunction with non default ports?
or are addons not supose to work with ssh tunneling?

Clock6 days

Hello,

I would need to verify this with my colleague David, but he's in vacation this week. I will have a chat with him on his return and we will get back to you next week regarding this.

Sorry or the delay.

Best regards,



Jeff Dagenais

signaturesignature

Clock6 days

Hi Jeff,
No problem. Everybody needs vacation smile I'll check in next week to see whats possible.

Clock5 days

Hi,

I'm back from vacation and full of energy. smile

I would like to clarify the Dynamic Socks 5 proxy. A dynamic proxy is not a common protocol, only SSH and Web browsers natively supports it.

About Firefox issues, is both engines have the same issue? Is it working properly with Chrome in embedded mode?

If so could you send us a print screen of the Proxy tab please.

Regarding RDP connection, it's more complex. Because RDP does not natively support Socks5 proxy. We need to configure a Proxy Tunnel before, the proxy tunnel will add a static route.

Thanks to my colleague Erica, who creates this complete blog ( https://blog.devolutions.net/2018/10/how-to-setup-dynamic-port-forwarding-in-remote-desktop-manager ) could you have a look and let us know if it's working?

Best regards,



David Grandolfo

signaturesignature

Clock16 hrs