this post was submitted on 01 Aug 2024
28 points (96.7% liked)

Linux

48185 readers
1261 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I work with a client that migrated their infrastructure to Microsoft. In order to connect to their Linux Server, I now have to Remote Desktop to their Azure Virtual Desktop thing. I'm not pleased but it's out of my control.

I tried remmina freerdp but doesn't seem to support that Azure thing, there doesn't seem to be an option to add the workspace.

Any recommendations or do I have to setup a virtual machine just for this? :/ Cheers

top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 3 months ago

I specialize in Azure admin.

Sounds like this might be by design to ensure secure connections.

Using AVD as a bastion replacement.

Only option with similar security would be VPN into the vnet and just ssh normally.

  1. AVD as a jumpbox
  2. Bastion (costly solution)
  3. VPN then SSH/RDP
[–] [email protected] 8 points 3 months ago* (last edited 3 months ago) (2 children)
  1. Log into the Windows machine via the webclient avaliable at https://windows365.microsoft.com/
  2. Use PuTTY to set up a reverse tunnel. You'll need to create a restricted tunnel-only user in your machine. Make sure to use key auth.
  3. From your local machine, connect to localhost:portnumber.

As an alternative, you might be able to set up OpenSSH in Windows (yes it's possible), then use the ProxyJump setting in your local ~/.ssh/config to connect via a tunnel to the final box.

Here's how you configure the server to not let the user wreak too much havoc:

Match User restricted
        PermitOpen 127.0.0.1:3389 [::1]:3389
        X11Forwarding no
        AllowAgentForwarding no
        ForceCommand /bin/sh -c 'while sleep 999; do true; done'
        ClientAliveInterval 1
        ClientAliveCountMax 2
[–] [email protected] 7 points 3 months ago* (last edited 3 months ago) (1 children)

Fun fact: mentioning etc ssh sshd_config triggers some CloudFlare security warning that prevents me from posting it under the right name.

[–] [email protected] 4 points 3 months ago

Got to love our Cloudflare overlords

[–] [email protected] 1 points 3 months ago (1 children)

I wasn't able to set up a reverse tunnel, because I'm also under a corporate VPN :( I was able to get xfreerdp to work, though! Maybe I can add some port-forward + tunnels and be free :P

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

If your local machine is not reachable from the internet, you could set up the cheapest VPS - you can get a free one for 12 months at https://azure.microsoft.com/en-us/free/#all-free-services Connect from your destination machine (the firewalled one) to the VPS, and set up a reverse tunnel. For example, drop this into your ~/.ssh/config on the destination machine:

Host rtun
        Hostname something
        RemoteForward 1234 localhost:22

tmux new-ses 'while sleep 1; do ssh rtun; done'

Then configure your local machine to connect to destination via the jumpbox:

Host vps
        Hostname something

Host destination
        Hostname localhost
        Port 1234
        ProxyJump vps

ssh destination should work now.

Make sure to use SSH key auth, not passwords, and never transport secret keys off-machine. It's easier to wipe and recreate a VPS, if you lose keys, than to explain to Security folks how you were the donkey that enabled the breach.

[–] [email protected] 3 points 3 months ago (1 children)

Freerdp 3.x has this support. I have been using it half a year back for this very purpose. Ask for help on #FreeRDP:matrix.org they are very helpful

[–] [email protected] 3 points 3 months ago (2 children)

My example:

xfreerdp "$RDPW_FILE" /u:"$RDP_USERNAME" /p:"$RDP_PASSWORD" /sec:nla /cert:ignore +clipboard /multimon /monitors:0 /gateway:type:arm /network:auto /gfx:AVC444 /rfx /dynamic-resolution

Keep in mind that I was using for accessing Windows machine... Some flags might need to be a bit different

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

This worked perfectly, thank you so much. Now let's check if I can add some port forwarding through this...

In arch it's xfreerdp3, just in case anyone needs it.

[–] [email protected] 1 points 3 months ago (1 children)

Where'd you get the .rdp file? I can't find a way to get a working version of mine.

[–] [email protected] 1 points 3 months ago (1 children)

Here's how I got mine:

  1. Go to the web version: https://client.wvd.microsoft.com/arm/webclient/index.html

    • You should have a list of machines, in my case I only have one
  2. In the top right corner, click on the settings icon (cog)

  3. Under "Resources Launch Method", select the `Download the rdp file" radio option

  4. Click whatever machine you want to access

  5. The file started to download

[–] [email protected] 1 points 3 months ago

Lovely. Thanks! Now to figure out how to redirect that YubiKey USB device, so I could use Passkey auth...

[–] [email protected] 2 points 3 months ago
[–] [email protected] 2 points 3 months ago (1 children)

Can you use it though a web browser?

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

I can use it, just not very efficiently.

Ideally, I can set port forwards/tunnels so that I can then work from my machine's terminal.