For setting up Remote Desktop to server from monitoring server via SSH tunnel + public key authentication. What you need is:-
- monitoring-server-IP (consult tech server)
- username & password (consult tech server for the particular server you wish to tunnel and remote into)
- tunnel-port-number (check for available port numbers in monitoring server, e.g. via lsof -i -P -n | grep -i listen)
- tunnel-monitoring-port-number (same as #3, only choose a different port. See tech server for examples from other servers)
Once you have all the information above, you can start setting up and initiating the tunnel at the server you want to remote into, as follows:-
- Download Cygwin (http://www.cygwin.com/)
- Install Cygwin, selecting the autossh package.
- Start the Cygwin shell (Start -> Programs -> Cygwin).
- Generate a public/private key pair.
- At the command line, run: ssh-keygen
- Accept the default file locations
- Use an empty passphrase
- Copy your newly-created public key to the SSH server.
- scp -vrpP 22222 .ssh/id_rsa.pub username@monitoring-server-IP:.
- Add your public key to your list of authorized keys on the monitoring server.
- Login to monitoring-server-IP via SSH using username and password.
- cat id_rsa.pub >> .ssh/authorized_keys2
- Test your key at the Windows server.
- From the Windows server, open a cygwin terminal (Start -> Programs -> Cygwin) and SSH to monitoring server: # ssh -p 22222 -l username monitoring-server-ip .
- This time, your key will be used for authentication and you won't be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
- Exit of the Cygwin shell.
- Install autossh as a Windows service.
- In the Windows server, open a new command Window (Start -> Run -> cmd).
- cd C:\cygwin\bin
- cygrunsrv -I ModernSupport -p /usr/bin/autossh -a "-M tunnel-monitoring-port-number -R tunnel-port-number:127.0.0.2:3389 username@monitoring-server-ip -p 22222 -g2CN" -e AUTOSSH_NTSERVICE=yes
- (for example: c:\cygwin\bin\cygrunsrv -I ModernSupport -p /usr/bin/autossh -a "-M 23043 -R 13043:127.0.0.2:3389 user@22.0.22.122 -p 22222 -g2CN" -e AUTOSSH_SERVICE=yes )
- Tweak Windows service settings.
- Open the Services management console (Administrative Tools -> Services).
- Edit the properties of the AutoSSH service.
- In the "Log On" tab, select the "This account" radio button and set the service to run as your current logged in user (typically an administrator-type account).
- Start the service.
- Test your tunnels.
- Consider making a scheduled task to start the service every hour or so, in case autossh goes boom.
Modifed from Reference: http://blog.dhampir.no/content/creating-persistent-ssh-tunnels-in-windows-using-autossh