Connecting to a Windows VM via RDP through a Linux bastion host port forwarding on CREODIAS
If you want to increase the security of your Windows VMs while connecting to them via RDP, you might want to use the method described in this article. It involves connecting to your Windows VM not directly through RDP, but through another virtual machine running Linux known as the “bastion host”. In this case, the RDP connection gets tunneled through SSH and is not directly visible to others.
This method is especially useful if you fear that your RDP connection might be compromised or if using RDP without additional security measures is illegal. It also allows you to use a single floating IP address to connect to multiple Windows VMs.
Requirements:
Linux virtual machine with SSH access - bastion host
Windows virtual machine located in the same network as the bastion host
The private key downloaded from OpenStack dashboard converted from .pem to .ppk format (using “PuTTYgen”) - for information on how to do this please see How to access a VM from Windows PuTTY on CREODIAS
The password for the Administrator account has been changed via the OpenStack dashboard console
Your VMs are assigned the following security group: allow_ping_ssh_icmp_rdp
Step 1. Information required to establish connection with the bastion host.
Launch PuTTY and change the settings according to the instructions:
Session tab: Provide the host (bastion) floating IP address and the SSH port (default 22).
Connection > Data tab: Set auto-login username as “eouser”.
Connection > SSH > Auth tab: Select the private key in the .ppk format.
Connection > SSH > Tunnels: Provide the source port for the localhost RDP connection and destination (in the following format: private IP address of Windows VM:RDP port - as seen on the screenshot below).
Click the “Add” button to confirm the changes.
Your forwarded port should now be visible in the upper tab.
Provide the name of the session and save your config to avoid repeating the whole process every time you would like to connect to your instance again.
Step 2. Open connection in PuTTy
Click “Open” to establish the connection.
Step 3. Start an RDP session to localhost to reach the destination server
Set localhost address:port selected in step 2 (in this case it is either 127.0.0.1:8888 or localhost:8888 - you can choose whatever you prefer).
Set the username as “Administrator”.
Click “Connect” and enter your VM’s administrator password (the one you’ve set in the OpenStack console).
Confirm the connection in the certificate prompt.
That’s it, you’re now successfully connected to your Windows VM!