Remote Desktop via SSH Gateway and SSH tunnel
How to connect to your Windows Desktop from outside using our SSH Gateway and Jumphost.
The following instructions are for the following setup: a member of the PANDA group wants to connect from outside to one of the Windows computer inside the HIM network using the Putty SSH client. This usecase might be of interest also for other workgroups.
The HIM Firewall permits direct access from the outside via remote desktop or anything similar. Contrary a connection via SSH is possible by using the him gateway. This can be used with a university account registered for one of the HIM groups and the required configuration is summarized on the HIM webpage. This requires a pair of RSA keys and the same keys are further required.
- The public keys need to be put on the "jump host". A small computer (eg. a BeagleBoneBlack FQDN: pandahypbbb1 in the PANDA case) is configured for this. Tell the admin of this PC (in the PANDA case via email: m.steinen (at) him.uni-mainz.de) to create an accout with the same name as your HIM accout on this jump host and upload your private key to this account.
- Your private key is required on your PC at home. Use the Pageant tool of Putty to create a key readable by Putty (*.ppk file)
In addition to that two scripts (*.bat) are required on your home PC.
- The first one opens the SSH tunnel and some variables in the first lines need to adapted to your needs:
set username=<YourUsername> set destination=<YourOfficePCNameOrIP> set localport=1234 set plinkpath="C:\Program Files (x86)\PuTTY\plink.exe" set jumphostname=pandahypBBB1.specf.him.uni-mainz.de :: open SSHTunnel passing him gateway, run pageant manually first! %plinkpath% -v -A -agent %email@example.com -nc %jumphostname%:22 -L %localport%:%destination%:3389
- The second one starts and connects the remote desktop client
set localport=1234 ::start and connect RDP mstsc /v:localhost:%localport%
After everything is configured only 3 clicks are required to connect to the office PC:
- Run the *.ppk file and enter your passphrase.
- Start the first script. Do not close the console while connected via RDP!
- Run the second script and the remote desktop client should connect to your office PC.
If you have any questions, please first ask the local network responsible of the PANDA / SPECF group.