Port forwarding Windows RDP traffic via SSH
Following up on an earlier article about using SSH to bind and tunnel Chrome’s socks5 proxy through to a server within AWS. In this quick tutorial we’ll cover how to set-up port forwarding so that RDP traffic can be sent via SSH.
The diagram above outlines a typical AWS infrastructure, where a client machine connects to a bastion host within an infrastructure VPC. From there you want to access the Windows server within your main VPC.
As the bastion host is typically a Linux server, you can SSH into the server forwarding port 3389 on your local machine to port 3389 on the Windows server.
Below is an example command to setup the port forwarding:
ssh -L 3389:10.104.50.209:3389 3.9.008.54 -l ec2-user -N
The capital -L switch instructs SSH to perform port forwarding. 10.104.50.209 is the private IP address of the Windows server and 3.9.008.54 is the public facing IP address of the bastion server.
The small -l switch stands for login_name and tells SSH which username to log into the bastion host with, in this case ec2-user. The final command line switch -N instructs SSH not to execute a remote command on the bastion server.
Once the SSH connection is established you can configure your RDP client to connect to localhost using the Windows username and password. The traffic will be re-routed from the local port to the remote port.