Connection to a Server with Reverse Tunnel via Tunnel-type Listener¶
This scenario describes the case when:
The listener is configured in Tunnel mode.
The target server uses an SSH reverse tunnel (the Use SSH tunnel option) through a jump host (an intermediary server) that has access to both Fudo Enterprise and the target server.
User Configuration¶
Go to > and click .
Enter a name (e.g.,
Tunnel_User) and click .Select the user authentication method:
Choose e.g. Static password from the Add authentication method dropdown.
Enter the password for the created user (e.g.,
TestPassw0rd).Click to close the dialog.
Click .
Creating a Listener¶
From the left menu, select > and click .
Enter a unique name (e.g.,
SSH_Tunnel).Go to the Settings tab and press in the Protocol field.
In the Connection mode section, select .
From the Local address list, select an IP address and port for the listener (np:
10.31.135.179i3455).Click .
Note
The Keys field displays generated SSH, TLS, and Standard RDP Security keys as well as a TLS certificate required for proper operation of a “Tunnel”-type listener.
RDP Server Configuration with Reverse Tunnel¶
From the left menu, select > and click .
Enter a name (e.g.,
RDP_Reverse_Server).In the Settings section, choose as the protocol.
Select the Use SSH tunnel option, and paste the jump host public key into the SSH tunnel key field.
Click .
After saving the server, copy the command displayed in the Command to establish SSH tunnel field.
Note
Unlike in a standard server configuration, the IP address and port are not defined in the Destination section, because the server is accessed through an SSH reverse tunnel.
Account Configuration¶
Select > , then click .
Enter a name (e.g.,
Reverse_Tunnel_Account).In the Settings tab, under Type, select REGULAR.
In the Target section, select the
RDP_Reverse_Server.In the Credentials section:
Enter the login used on the target server (e.g.,
admin).Click the button in the Replace secret section, choose e.g. Password, and enter the password used to authenticate on the target server.
Click , then .
Safe Configuration¶
Select > , then click .
Enter a name (e.g.,
Reverse_Tunnel_Safe), click .In the Users tab, click and select the
Tunnel_User.Click .
In the Accounts tab, click and select
Reverse_Tunnel_Account.Click .
Select
Reverse_Tunnel_Account, click , selectSSH_Tunnel.Click , then .
Establishing Tunnels and Initiating the Connection¶
On the jump host server, run the command generated when creating the server in Fudo Enterprise to establish the tunnel. The command contains the identifier of the created server (
8754997675608244234), which is used when establishing the tunnel and initiating the connection.
Example:
ssh -l tunnel -p 65522 -o ExitOnForwardFailure=yes -N -f -R /tunnel/8754997675608244234:<target>:<port> 10.31.135.179where you should replace:
<target>- with the IP address of the target server
<port>- with the port of the target server
On the user’s machine, from which the connection to the target server will be initiated, establish a tunnel to the listener.
ssh -N -l <fudo_username> <fudo_listener_ip> -p <listener_port_tunnel> -L <listener_port_tunnel>:/tunnel/<server_id_on_fudo>Example:
ssh -N -l 'tunnel_user' 10.31.135.179 -p 3455 -L 3455:tunnel/8754997675608244234where:
'tunnel_user'- the username in Fudo Enterprise.
10.31.135.179- the listener address.
3455- the port of the Tunnel-type listener.
8754997675608244234- the ID number of the server created in Fudo Enterprise.
Initiate the connection through the tunnel using the server name configured in Fudo Enterprise.
ssh -l '<fudo_username>#<server_username>#<name_of_server_on_fudo>' localhost -p <listener_port_tunnel>Example:
ssh -l 'tunnel_user#admin#RDP_Reverse_Server' localhost -p 3455
Depending on the protocol of the target server (in this case, RDP), launch the appropriate native client and connect to
localhost:3455.
Related topics: