FQDN not Resolving
-
That would make DoS attacks super easy on your users, though.
-
@scottalanmiller said:
That would make DoS attacks super easy on your users, though.
can something like nginx (SP) sit in front for a fail2ban type server?
-
@Dashrender said:
@scottalanmiller said:
That would make DoS attacks super easy on your users, though.
can something like nginx (SP) sit in front for a fail2ban type server?
Not sure what you mean. NGinx would still use fail2ban to automate the firewall.
-
Here is a Windows product that works like fail2ban..
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
That would make DoS attacks super easy on your users, though.
can something like nginx (SP) sit in front for a fail2ban type server?
Not sure what you mean. NGinx would still use fail2ban to automate the firewall.
Can you think of a solution to provide fail2ban like service infront of RDS?
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
That would make DoS attacks super easy on your users, though.
can something like nginx (SP) sit in front for a fail2ban type server?
Not sure what you mean. NGinx would still use fail2ban to automate the firewall.
Can you think of a solution to provide fail2ban like service infront of RDS?
IPBan does exactly that, and is open source.
-
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
-
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
-
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
Which problem are you solving with this? attaching the RDS box?
What would you start the SSH tunnel with? and the VM would have to forward your traffic through itself to the RDS server, just like an RDS Gateway.I suppose you're mentioning using an SSH box because then you could use Fail2Ban?
-
@Dashrender said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
Which problem are you solving with this? attaching the RDS box?
What would you start the SSH tunnel with? and the VM would have to forward your traffic through itself to the RDS server, just like an RDS Gateway.I suppose you're mentioning using an SSH box because then you could use Fail2Ban?
You could use whatever you want to initiate the connection. That was one reason I mentioned it (fail2ban) but it has some other uses too. I have a jump box that has 2FA and pubkey only, so I just initiate the connection, type in the code, and just open the RDP session.
-
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
-
@johnhooks said:
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
I guess I've never heard of using SSH as a VPN for other things.
-
@Dashrender said:
@johnhooks said:
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
I guess I've never heard of using SSH as a VPN for other things.
Ya you can do
ssh -L 8080:<rdphost>:3389 user@hostand it will tunnel 3389 on the remote host to 8080 on your localhost. Plus it's fully encrypted this way.One good random use for it is if you're behind a proxy and you need to get to a site, you can do the same thing.
ssh -L 8080:sitename:80 user@hostand then visit localhost:8080 and you'll be at the site. -
@johnhooks I already set it up where I don't use SSH.
-
@johnhooks said:
@Dashrender said:
@johnhooks said:
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
I guess I've never heard of using SSH as a VPN for other things.
Ya you can do
ssh -L 8080:<rdphost>:3389 user@hostand it will tunnel 3389 on the remote host to 8080 on your localhost. Plus it's fully encrypted this way.One good random use for it is if you're behind a proxy and you need to get to a site, you can do the same thing.
ssh -L 8080:sitename:80 user@hostand then visit localhost:8080 and you'll be at the site.Does that work on Windows?
I fully understand how this works on Linux (though I don't see the need to use RDS on a Linux GUI - if you have Linux on your desktop - aren't you more likely to be using PowerShell or other shell access solutions for your Windows boxes?
So I'm trying to understand the use case.
-
@Dashrender said:
@johnhooks said:
@Dashrender said:
@johnhooks said:
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
I guess I've never heard of using SSH as a VPN for other things.
Ya you can do
ssh -L 8080:<rdphost>:3389 user@hostand it will tunnel 3389 on the remote host to 8080 on your localhost. Plus it's fully encrypted this way.One good random use for it is if you're behind a proxy and you need to get to a site, you can do the same thing.
ssh -L 8080:sitename:80 user@hostand then visit localhost:8080 and you'll be at the site.Does that work on Windows?
I fully understand how this works on Linux (though I don't see the need to use RDS on a Linux GUI - if you have Linux on your desktop - aren't you more likely to be using PowerShell or other shell access solutions for your Windows boxes?
So I'm trying to understand the use case.
Yes, with PuTTY. But even if you are on a Linux desktop or laptop, wouldn't you want RDP access from that? Maybe I'm misunderstanding you. This is just so you can access RDP remotely inside your network.
-
@Dashrender said:
@johnhooks said:
@Dashrender said:
@johnhooks said:
@JaredBusch said:
@johnhooks said:
You could also put an SSH tunnel in front. SSH into a VM and tunnel 3389. I do the same thing for my container VDI, just port 22 instead of 3389.
That is not useful for an RDS deployment. RDS deployments are meant to be either public to the LAN or public to the WAN. that is really the point of using RDS.
How is that any different than using RD Gateway or a VPN?
I guess I've never heard of using SSH as a VPN for other things.
Ya you can do
ssh -L 8080:<rdphost>:3389 user@hostand it will tunnel 3389 on the remote host to 8080 on your localhost. Plus it's fully encrypted this way.One good random use for it is if you're behind a proxy and you need to get to a site, you can do the same thing.
ssh -L 8080:sitename:80 user@hostand then visit localhost:8080 and you'll be at the site.Does that work on Windows?
I fully understand how this works on Linux (though I don't see the need to use RDS on a Linux GUI - if you have Linux on your desktop - aren't you more likely to be using PowerShell or other shell access solutions for your Windows boxes?
So I'm trying to understand the use case.
SSH is just another way of setting up an SSL VPN. It's extremely common. Not OpenVPN common, but very common.
-
@johnhooks said:
Yes, with PuTTY. But even if you are on a Linux desktop or laptop, wouldn't you want RDP access from that? Maybe I'm misunderstanding you. This is just so you can access RDP remotely inside your network.
How does PuTTY give you this on a Windows machine? When I'm running PuTTY on my windows machine, I'm connecting to another server, not my local host. There's nothing local about it.
The 'ssh -L 8080:<rdphost>:3389 user@host' command would be executed on the remote host I'm connected to, not the local Windows machine I'm on. So how would Windows know to do the redirection you're talking about?
-
@Dashrender said:
@johnhooks said:
Yes, with PuTTY. But even if you are on a Linux desktop or laptop, wouldn't you want RDP access from that? Maybe I'm misunderstanding you. This is just so you can access RDP remotely inside your network.
How does PuTTY give you this on a Windows machine? When I'm running PuTTY on my windows machine, I'm connecting to another server, not my local host. There's nothing local about it.
The 'ssh -L 8080:<rdphost>:3389 user@host' command would be executed on the remote host I'm connected to, not the local Windows machine I'm on. So how would Windows know to do the redirection you're talking about?
There is a tunnel section in PuTTY to set the tunnel up. Once the tunnel is set, you RDP to localhost:8080 which tunnels you through the SSH server to the RDS server at port 3389.
-
@Dashrender said:
How does PuTTY give you this on a Windows machine? When I'm running PuTTY on my windows machine, I'm connecting to another server, not my local host. There's nothing local about it.
Putty on MY Windows desktop will set up a VPN link, yours will too. In fact, it ALWAYS does that. You just are not used to thinking about it that way.
