In today’s interconnected world, secure remote access is crucial for efficient system administration. When accessing private resources within a secure network, a bastion host or jump server plays a key role in controlling access and enhancing security. However, ensuring that RDP connections are secure is important to protect sensitive data.
- Low Cost – Linux is an open-source operating system that is freely available for use and does not require licensing fees. On the other hand, Windows operating systems, including Windows Server, typically involve licensing costs that can add to the overall expense of deploying and maintaining a Windows bastion host.
- Enhanced Security – You establish a single entry point into your network by implementing a bastion host. All incoming remote connections must pass through the bastion host, a secure gateway. This helps protect your internal network from direct exposure to external threats.
- Access Control – A bastion host provides centralized control over remote access. It allows you to enforce strict access policies, such as authentication and authorization mechanisms, before granting access to other resources within your network. This helps prevent unauthorized access and strengthens your overall security posture.
- Improved Performance – Linux is known for its lightweight nature and efficient resource utilization. It typically requires fewer system resources than Windows, allowing more efficient CPU, memory, and disk I/O allocation. This efficiency can improve the bastion host’s performance, leading to faster response times and better overall performance during remote access sessions.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
- PuTTY – If you haven’t already, begin by downloading and installing PuTTY from this link: https://www.chiark.greenend.org.uk/~sgtatham/putty/
PuTTY is a lightweight application with a graphical interface for SSH and telnet connections.
- Linux(Bastian) and Windows machines should be on the same network.
Step 1: Launch PuTTY and configure the SSH connection
- Launch PuTTY, and you will see the PuTTY Configuration window.
- In the “Session” category, enter the hostname or IP address of your SSH server in the “Host Name (or IP address)” field.
- Ensure the port is set to SSH (usually port 22).
- Choose the appropriate connection type (SSH).
- Optionally, save the session configuration for future use by entering a name in the “Saved Sessions” field and clicking the “Save” button.
Step 2: Configure SSH tunneling settings
- In the PuTTY Configuration window, navigate to the “Connection” category.
- Expand the “SSH” menu and select “Tunnels.”
- Enter the Source with a port for the local machine “127.0.0.1:3389”. You can give any port range from 0 – 65536
- Enter the Destination with port “localhost:3389” since RDP typically listens on port 3389.
- Make sure the “Local” radio button is selected.
- Click the “Add” button to add the tunnel to the list.
- Verify that the added tunnel appears in the “Forwarded ports” section.
Step 3: Establish the SSH connection and configure RDP
- Return to the “Session” category in the PuTTY Configuration window.
- Click the “Open” button to initiate the SSH connection.
- You may receive a security prompt if it’s your first time connecting to the SSH server. Verify the server’s fingerprint and proceed.
- Enter your SSH username and password when prompted.
- Once the SSH connection is established, leave the PuTTY window open.
Step 4: Connect RDP through the SSH tunnel
- Launch the Remote Desktop Connection client on your local machine (Windows key + R, then type “mstsc” and press Enter).
- In the Remote Desktop Connection window, enter “localhost:9999” (or the source port you chose) in the “Computer” field.
- Click the “Connect” button to establish an RDP session.
- If required, provide your remote system’s credentials to log in.
- You are now remotely connected to the Windows system through an SSH tunnel established with PuTTY.
Establishing an SSH tunnel using PuTTY to connect RDP provides additional security to your remote sessions. Encrypting the RDP traffic through an SSH connection protects your data from potential threats and ensures secure remote administration. The step-by-step process outlined in this blog should help you easily connect to RDP sessions by SSH tunnel. Always follow best security practices and update your software to maintain a secure remote access environment.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
Drop a query if you have any questions regarding RDP, PuTTY, I will get back to you quickly.
1. Are there any specific network requirements for connecting to a private RDP via a Linux bastion host?
ANS: – You need network connectivity between the Linux bastion host and the private RDP server. Ensure that appropriate network rules and firewall configurations are in place to allow the necessary traffic.
2. Can I use a Windows-based Bastion host instead of a Linux Bastion host?
ANS: – Yes, it is possible to use a Windows-based bastion host. However, Linux bastion hosts are often preferred for their security, stability, and cost-effectiveness.
3. Are there any additional security considerations when connecting to a private RDP via a Linux bastion host?
ANS: – Yes, it is important to follow security best practices such as using strong passwords, configuring firewall rules, regularly updating software, and implementing access controls on the bastion host to ensure secure remote access.
WRITTEN BY Kashyap Nitinbhai Shani
Kashyap Nitinbhai Shani is a Research Associate at CloudThat. He is interested to learn advanced technologies and gain insights into new and upcoming cloud services. He likes writing tech blogs and learning new languages.