I work with a client that migrated their infrastructure to Microsoft. In order to connect to their Linux Server, I now have to Remote Desktop to their Azure Virtual Desktop thing. I’m not pleased but it’s out of my control.

I tried remmina freerdp but doesn’t seem to support that Azure thing, there doesn’t seem to be an option to add the workspace.

Any recommendations or do I have to setup a virtual machine just for this? :/ Cheers

  • cizra@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    4 months ago
    1. Log into the Windows machine via the webclient avaliable at https://windows365.microsoft.com/
    2. Use PuTTY to set up a reverse tunnel. You’ll need to create a restricted tunnel-only user in your machine. Make sure to use key auth.
    3. From your local machine, connect to localhost:portnumber.

    As an alternative, you might be able to set up OpenSSH in Windows (yes it’s possible), then use the ProxyJump setting in your local ~/.ssh/config to connect via a tunnel to the final box.

    Here’s how you configure the server to not let the user wreak too much havoc:

    Match User restricted
            PermitOpen 127.0.0.1:3389 [::1]:3389
            X11Forwarding no
            AllowAgentForwarding no
            ForceCommand /bin/sh -c 'while sleep 999; do true; done'
            ClientAliveInterval 1
            ClientAliveCountMax 2
    
    • cizra@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      4 months ago

      Fun fact: mentioning etc ssh sshd_config triggers some CloudFlare security warning that prevents me from posting it under the right name.

    • pathief@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      I wasn’t able to set up a reverse tunnel, because I’m also under a corporate VPN :( I was able to get xfreerdp to work, though! Maybe I can add some port-forward + tunnels and be free :P

      • cizra@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        If your local machine is not reachable from the internet, you could set up the cheapest VPS - you can get a free one for 12 months at https://azure.microsoft.com/en-us/free/#all-free-services Connect from your destination machine (the firewalled one) to the VPS, and set up a reverse tunnel. For example, drop this into your ~/.ssh/config on the destination machine:

        Host rtun
                Hostname something
                RemoteForward 1234 localhost:22
        

        tmux new-ses 'while sleep 1; do ssh rtun; done'

        Then configure your local machine to connect to destination via the jumpbox:

        Host vps
                Hostname something
        
        Host destination
                Hostname localhost
                Port 1234
                ProxyJump vps
        

        ssh destination should work now. Make sure to use SSH key auth, not passwords, and never transport secret keys off-machine. It’s easier to wipe and recreate a VPS than to explain to Security folks how you were the donkey that enabled the breach.