Using a SSH connection as Jump Box for other connections in a group
Using a SSH connection as Jump Box for other connections in a group
Hi Guys.
I'm in a bit of a pickle.
We are migrating from another Session manager solution called Royal TS.
We had a customer to whom we connect not via VPN but rather through something called a "Secure Gateway" which is in essence an SSH connection to a machine that then servers as sort of a jump box to the rest of the network.
I tried several ways to configure RDM to wok in the same way but for some reason the solution eludes me.
I found the RDM supports something that's called a jump box which seems to be exactly what I need BUT it seems to only support RDP sessions as jump boxes for other sessions when I try to use an SSH Session, the option of "Jump Host" is not available on the left hand menu but I can use another SSH GateWay for the same SSH Shell:
How Can I use a SSH Session As a jump host for all the rest?
I'm using RDM Version 13.5.0.0
Thanks in advance.
All Comments (8)
Hello,
If it exposes a single port per remote machine, indeed you can.
How does that secure gateway identify which machine you are trying to reach?
best regards,
Maurice
It doesn't.
The existing solution does something very simple it keeps the connection open constantly and everything that's configured to use that SGW gets redirected directly to that session and that's it it's not a simgle port per host, they are mixed - some sessions are 3389 ( Microsoft RDP), some are 22. some are even 443.
Hello,
ok, but how? is there a different URL or its more like a dynamic SSH tunnel (SOCKS5)
best regards,
Maurice
Hi Maurice, Please forgive the delay.
I'm not entirely certain as to how exactly it works in the background, The guys at RoyalTS are playing the cards close to their chest.
As far as I understand it, the remote site has a simple Linux Machine (I have root access to it, if you need anything from it) with a single NIC which is internal only.
We connect to the Firewall's external IP over a specific port which ten translates it into the internal address over normal SSH.
That's the connection - AFAIK it's always up.
Then all the connection we need to do in that specific folder are then forwarded through that tunnel.
That's all I know I'm afraid.
Hello,
it doesn't sound like its this: https://blog.royalapplications.com/2015/04/21/new-feature-secure-gateway-ssh-tunnels/, that blog doesn't mention an extra linux machine.
If we go back at the root of your request, its achievable by using a SSH Tunnel, the only concern is that our current implementation gives you all the flexibility in the world, but it does require manual configuration. For instance, you would need a second RDP entry that specifies to use to localhost loopback in addition to the one using the real IP/hostname.
Please consult https://help.remotedesktopmanager.com/howto-setupsshtunnel.htm
To be on-par with what you had, I could imagine a "simple" improvement to hide all of the complexity. I will need to discuss this with David. If you submit a feature request it will add even more weight and allow the community to participate. Please visit https://forum.devolutions.net/forum17-remote-desktop-manager--feature-request.aspx
best regards
Maurice
Hi Maurice.
I'm afraid I've followed every step in the link you provided
I've made a tunnel to the SSH server and instructed to to transfer port 3390 from 127.0.0.1 to port 3389 on the server's internal address.
I've then created a RDP Session to 127.0.0.1 over port 3390 (The only difference from the guide is that IO've used a credential from our repo rather then saving it on hte session directly)
But when I try to start the session, I get an internal error:
Any update on the matter? Anyone?
Hello
we can do a remote session to see the issue, just contact us at support@devolutions.net with your time zone and availabilities
best regards
Maurice