I've seen many examples of SSH tunnels on the nets, but I'm still having no luck with this. Here's the setup:
- Windows 7 PC in a private network, sitting behind a firewall, with PowerShellInsider SSH server set up and working fine.
- Public access Linux server, which has access to the PC.
- Windows 7 laptop, at home, from which I wish to do remote desktop on the PC.
Now, here's what I've tried so far:
- SSH tunnel from my laptop to the Linux server: ssh -f my_user@LINUX_SERVER -L 6666:LINUX_SERVER_IP:6666 -N
- SSH to the Linux server where I've set up a tunnel to the PC: ssh -f 'PRIVATE_DOMAIN\my_user'@PC_NAME -L 6666:PC_IP:3389 -N
Unfortunately, I must be doing something wrong, because it doesn't seem to work. Any ideas why or, at least, any suggestions on how can I try to debug this setup? At the moment, I have access to all 3 machines (non-root on Linux), so I can test whatever I want…
Best Answer
This is what I do when I have a very similar problem (but mine is Linux via Linux and I use port 5901 for VNC):
First, we make it so that all connections to
localhost:13389
on your laptop will go to the intermediate server (on port 3389):laptop$ ssh -L 13389:localhost:3389 my_user@LINUX_SERVER_IP
Then, we make it so it that all connection to
localhost:3389
on the intermediate server are forwarded to the PC behind the firewall (on port 3389):my_user@LINUX_SERVER_IP$ ssh -L 3389:localhost:3389 'PRIVATE_DOMAIN\my_user'@PC_NAME
(note that this command is run inside the interactive shell on the intermediate server.)
Now, you should be able to connect to
localhost:13389
and access port 3389 on the remote PC.Debugging
Since it isn't working, there's a few things we can try. We'll do in a way to isolate where the issue is:
telnet localhost 3389
to ensure it's open and ready for connections? Microsoft has a nice article on ittelnet localhost 3389
on the intermediate server to check it's forwarding correctly to the remote PC?telnet localhost 13389
on your laptop, to see if it's forwarding all the way through.As soon as you hit an error stop there and please add a comment so we figure it out.