RDP-From-Ubuntu
Rdp from Ubuntu to Windows 11 Securely

Procedure Manual: Secure RDP Access to Windows via Remmina

Overview

This manual outlines the steps for securely accessing a Windows machine via RDP (Remote Desktop Protocol) using Remmina, leveraging security options like SSH tunneling, VPN, and Two-Factor Authentication (2FA). These methods ensure that the RDP traffic is encrypted and safe when accessed over the internet.

Option 1: Secure RDP with SSH Tunneling in Remmina

1. Install OpenSSH on Windows (if not already installed)

Steps to Install OpenSSH on Windows:

  1. Open Settings on your Windows machine by pressing Windows + I.
  2. Go to Apps > Optional Features.
  3. Scroll down and click on Add a feature.
  4. In the search bar, type OpenSSH Client and OpenSSH Server.
  5. Select both features and click Install.
  6. Open PowerShell with administrative privileges (Right-click Start, select Windows PowerShell (Admin)).
  7. Start the SSH service with the following command: 
    Start-Service sshd
  8. Optionally, you can enable the service to start automatically with: 
    Set-Service -Name sshd -StartupType 'Automatic'

2. Set Up SSH Tunnel in Remmina

Steps to Set Up SSH Tunnel:

  1. Open Remmina and click the "+" icon to create a new connection.
  2. Set the Protocol to SSH.
  3. In the Server field, enter the IP address or hostname of your Windows machine.
  4. Under the Advanced tab, enable SSH tunneling.
  5. Set up a local port forwarding:
    • Local Port: Choose a local port, e.g., 13389.
    • Remote Host: Enter the IP address or hostname of the Windows machine.
    • Remote Port: Set to 3389 (the default RDP port).
  6. In the Basic tab, provide your Windows credentials (Username and Password).
  7. Click Connect.

3. Connect to Windows RDP via SSH Tunnel

  1. Once the SSH tunnel is established, create a RDP connection in Remmina.
  2. In the Server field, enter localhost:13389 (or whichever local port you set).
  3. Enter your Windows credentials again.
  4. Click Connect to securely access the Windows GUI over the SSH tunnel.

Option 2: Secure RDP Access Using a VPN

1. Set Up VPN Server (on the Remote Network or Windows Server)

VPN Setup Options:

  • Windows Built-in VPN: Use Windows Server's built-in VPN or set up an OpenVPN server.
  • Azure VPN Gateway: If the Windows machine is hosted on Azure, use Azure VPN Gateway to create a VPN connection to the Azure network.

2. Connect to VPN

Steps to Connect to VPN:

  1. Install a VPN client on your local machine (e.g., OpenVPN client or Windows VPN client).
  2. Enter the VPN credentials (IP, username, and password) provided by your VPN provider or administrator.
  3. Connect to the VPN. This ensures that your machine is now securely part of the remote network.

3. Use RDP Over VPN

  1. Once connected to the VPN, use Remmina to create an RDP connection.
  2. In the Server field, enter the IP address or hostname of the Windows machine.
  3. Enter your Windows credentials.
  4. Click Connect to access the Windows desktop securely over the VPN connection.

Option 3: Use Remote Desktop Gateway for Secure RDP

1. Set Up RD Gateway on Windows Server

Steps to Set Up Remote Desktop Gateway:

  1. On a Windows Server, install the Remote Desktop Gateway role:
    • Open Server Manager and click on Add Roles and Features.
    • Select Remote Desktop Services and then the Remote Desktop Gateway role.
    • Follow the wizard to configure RD Gateway settings (such as authentication methods and SSL certificates).
  2. Configure the Firewall to allow RDP over HTTPS (default port 443).

2. Connect to RDP via RD Gateway in Remmina

  1. In Remmina, create a new RDP connection.
  2. Under Advanced settings, enable Remote Desktop Gateway.
  3. Enter the RD Gateway server address (this should be the external address of the RD Gateway server).
  4. Enter your Windows credentials.
  5. Click Connect to securely access the Windows machine's GUI.

Option 4: Enable Two-Factor Authentication (2FA) for RDP Access

1. Set Up Two-Factor Authentication for RDP

Using Duo Security for RDP:

  1. Sign up for Duo Security and integrate it with your Windows Server.
  2. Follow the Duo documentation to configure RDP with 2FA.
  3. Once configured, you will need to authenticate via Duo (e.g., push notification to your mobile device or a hardware token) in addition to the standard RDP login.

Security Best Practices

  • Use Strong Passwords: Ensure that the password for your Windows machine is complex and hard to guess.
  • Use Encryption: Whether using SSH tunneling, VPN, or RD Gateway, ensure the connection is encrypted to protect sensitive data.
  • Limit RDP Access: Use firewalls and network restrictions to limit who can connect via RDP. Only allow RDP access from trusted IPs or VPN connections.
  • Monitor RDP Usage: Regularly monitor logs for failed RDP login attempts to detect potential attacks.

Troubleshooting

Common Issues:

  1. RDP Connection Fails After SSH Tunnel: Ensure the SSH tunnel is properly established. Check the local port forwarding and verify that the SSH service is running on the remote machine.
  2. RDP Not Connecting Over VPN: Check the VPN connection and ensure that the local machine is correctly part of the remote network.
  3. 2FA or RD Gateway Issues: If using 2FA or RD Gateway, verify that the configuration is correct and that you have the necessary credentials for both.

Conclusion

By following the steps in this manual, you can securely access a Windows machine remotely via RDP using Remmina. The methods described, such as SSH tunneling, VPN, and Remote Desktop Gateway, provide secure ways to encrypt RDP traffic, ensuring protection against unauthorized access when connecting over the internet.

Vim for Python ProgrammingRegex Tutorial