SSH Tunneling

SSH tunneling allows a client to access a server over an ssh connection. This technique is often used when:

  1. The server is blocked by a firewall for security reasons, or
  2. The administrator or user needs to ensure all communications between the server and the client are encrypted using ssh.

The following diagram shows an RDP client accessing over an ssh tunnel an RDP server running on a Linux host:

SSH connection

Connect over an SSH Tunnel using OpenSSH

From a Linux or modern Windows (10 or 11) client computer with OpenSSH installed:

  1. In a terminal, run the ssh -L 10000:localhost:3389 <user>@XXX.XXX.XXX.XXX command where <user> is your user name on the remote Linux server and XXX.XXX.XXX.XXX its IP address. This command opens an ssh tunnel between port 10000 on the client and port 3389 on the remote server.
    • Authenticate to the remote Linux server using either your password or ssh key. Keep the ssh tunnel open by keeping this ssh session alive.
  2. In another terminal window on the client computer, open the RDP client (e.g. remmina or gnome-connections on Linux clients) and connect to localhost:10000 (i.e. port 10000 on the client computer). The RDP client should connect to the RDP server on the remote Linux server.
  3. To disconnect from the RDP server, first log out of the RDP server using the RDP client. Terminate the ssh session.