Connecting to a Windows VM via RDP through a Linux bastion host port forwarding on Eumetsat Elasticity

If you want to increase the security of your Windows VMs while connecting to them via RDP, you might want to use the method described in this article. It involves connecting to your Windows VM not directly through RDP, but through another virtual machine running Linux known as the “bastion host”. In this case, the RDP connection gets tunneled through SSH and is not directly visible to others.

This method is especially useful if you fear that your RDP connection might be compromised or if using RDP without additional security measures is illegal. It also allows you to use a single floating IP address to connect to multiple Windows VMs.

Requirements:

  • Linux virtual machine with SSH access - bastion host

  • Windows virtual machine located in the same network as the bastion host

  • The password for the Administrator account has been changed via the OpenStack dashboard console

  • Your VMs are assigned the following security group: allow_ping_ssh_icmp_rdp

../_images/conn01.png

Step 1. Information required to establish connection with the bastion host.

Launch PuTTY and change the settings according to the instructions:

Session tab: Provide the host (bastion) floating IP address and the SSH port (default 22).

../_images/conn11b.png

Connection > Data tab: Set auto-login username as “eouser”.

../_images/conn02b.png

Connection > SSH > Auth tab: Select the private key in the .ppk format.

../_images/conn03b.png

Connection > SSH > Tunnels: Provide the source port for the localhost RDP connection and destination (in the following format: private IP address of Windows VM:RDP port - as seen on the screenshot below).

../_images/conn04b.png

Click the “Add” button to confirm the changes.

Your forwarded port should now be visible in the upper tab.

../_images/conn05b.png

Provide the name of the session and save your config to avoid repeating the whole process every time you would like to connect to your instance again.

../_images/conn10b.png

Step 2. Open connection in PuTTy

Click “Open” to establish the connection.

../_images/conn06b.png

Step 3. Start an RDP session to localhost to reach the destination server

Set localhost address:port selected in step 2 (in this case it is either 127.0.0.1:8888 or localhost:8888 - you can choose whatever you prefer).

Set the username as “Administrator”.

../_images/conn07b.png

Click “Connect” and enter your VM’s administrator password (the one you’ve set in the OpenStack console).

../_images/conn08b.png

Confirm the connection in the certificate prompt.

../_images/conn09b.png

That’s it, you’re now successfully connected to your Windows VM!

../_images/conn11.png