ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    RDP to RDP to RDP?

    Scheduled Pinned Locked Moved IT Discussion
    20 Posts 10 Posters 865 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Only thing that I could think of would be using something other than RDP for internal steps. What you are using now is like a jump box to a jump box, etc.

      If instead you used proxies, that would help.

      1 Reply Last reply Reply Quote 3
      • IRJI
        IRJ @1337
        last edited by

        @Pete-S said in RDP to RDP to RDP?:

        Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

        So if you want to go:
        host1 -> host2 -> host3

        Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

        Why can't you just connect to host 3?

        I am assuming host 1 is a public IP and host2 and host3 are internal?

        scottalanmillerS 1 2 Replies Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @IRJ
          last edited by

          @IRJ said in RDP to RDP to RDP?:

          Why can't you just connect to host 3?

          If only he'd have thought to put in the right IP address the first time, LOLOL.

          IRJI 1 Reply Last reply Reply Quote 2
          • ObsolesceO
            Obsolesce @1337
            last edited by

            @Pete-S said in RDP to RDP to RDP?:

            Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

            So if you want to go:
            host1 -> host2 -> host3

            Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

            TeamViewer

            1 1 Reply Last reply Reply Quote 1
            • IRJI
              IRJ @scottalanmiller
              last edited by

              @scottalanmiller said in RDP to RDP to RDP?:

              @IRJ said in RDP to RDP to RDP?:

              Why can't you just connect to host 3?

              If only he'd have thought to put in the right IP address the first time, LOLOL.

              I mean generally host 1 (bastion in this case) would be configured to connect to either host 2 or host 3.

              1 Reply Last reply Reply Quote 0
              • 1
                1337 @IRJ
                last edited by 1337

                @IRJ said in RDP to RDP to RDP?:

                @Pete-S said in RDP to RDP to RDP?:

                Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

                So if you want to go:
                host1 -> host2 -> host3

                Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

                Why can't you just connect to host 3?

                I am assuming host 1 is a public IP and host2 and host3 are internal?

                Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.

                IRJI DustinB3403D 2 Replies Last reply Reply Quote 0
                • 1
                  1337 @Obsolesce
                  last edited by

                  @Obsolesce said in RDP to RDP to RDP?:

                  @Pete-S said in RDP to RDP to RDP?:

                  Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

                  So if you want to go:
                  host1 -> host2 -> host3

                  Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

                  TeamViewer

                  The servers on the LANs can't connect to anything not explicitly define in the external firewalls. So no phoning home and no Teamviewer.

                  jt1001001J 1 Reply Last reply Reply Quote 0
                  • jt1001001J
                    jt1001001 @1337
                    last edited by

                    @Pete-S My company is forced to do this with some of our healthcare customers; we use a linux box for HOST1, which RDP's to HOST2 (windows on customer prem) then that's the jump box to the rest of the machines. Stinks but that's what the customer wants.

                    1 Reply Last reply Reply Quote 0
                    • IRJI
                      IRJ @1337
                      last edited by

                      @Pete-S said in RDP to RDP to RDP?:

                      @IRJ said in RDP to RDP to RDP?:

                      @Pete-S said in RDP to RDP to RDP?:

                      Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

                      So if you want to go:
                      host1 -> host2 -> host3

                      Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

                      Why can't you just connect to host 3?

                      I am assuming host 1 is a public IP and host2 and host3 are internal?

                      Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.

                      So you could create a bastion host behind VPN on it's own subnet. Then allow incoming RDP traffic from this bastion host.

                      1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @1337
                        last edited by

                        @Pete-S said in RDP to RDP to RDP?:

                        @IRJ said in RDP to RDP to RDP?:

                        @Pete-S said in RDP to RDP to RDP?:

                        Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

                        So if you want to go:
                        host1 -> host2 -> host3

                        Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

                        Why can't you just connect to host 3?

                        I am assuming host 1 is a public IP and host2 and host3 are internal?

                        Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.

                        So you're asking us how you would circumvent your customers network?

                        I guess just install TeamViewer or the likes on host 3 and go from there. Set up an additional password at a minimum.

                        1 1 Reply Last reply Reply Quote 1
                        • 1
                          1337 @DustinB3403
                          last edited by 1337

                          @DustinB3403 said in RDP to RDP to RDP?:

                          @Pete-S said in RDP to RDP to RDP?:

                          @IRJ said in RDP to RDP to RDP?:

                          @Pete-S said in RDP to RDP to RDP?:

                          Is there a smarter way to connect through several RDP sessions instead of doing each one manually?

                          So if you want to go:
                          host1 -> host2 -> host3

                          Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?

                          Why can't you just connect to host 3?

                          I am assuming host 1 is a public IP and host2 and host3 are internal?

                          Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.

                          So you're asking us how you would circumvent your customers network?

                          I guess just install TeamViewer or the likes on host 3 and go from there. Set up an additional password at a minimum.

                          No circumvention. This is the way it is designed. Look up Purdue Model for ICS architecture if you don't know what it is.

                          What I'm asking is if there is smarter way to set up a chain of RDP connections instead of doing every hop manually.
                          Like you can multi-hop with ssh for example: ssh -J host1,host2,host3

                          ObsolesceO 1 Reply Last reply Reply Quote 0
                          • dbeatoD
                            dbeato
                            last edited by

                            You can do an RD Gateway that would be the best.

                            1 Reply Last reply Reply Quote 1
                            • RojoLocoR
                              RojoLoco
                              last edited by

                              3t7ot2.jpg

                              1 Reply Last reply Reply Quote 3
                              • ObsolesceO
                                Obsolesce @1337
                                last edited by Obsolesce

                                @Pete-S said in RDP to RDP to RDP?:

                                Purdue Model

                                Except that model is basically dead...

                                https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

                                1 1 Reply Last reply Reply Quote 0
                                • 1
                                  1337 @Obsolesce
                                  last edited by

                                  @Obsolesce said in RDP to RDP to RDP?:

                                  @Pete-S said in RDP to RDP to RDP?:

                                  Purdue Model

                                  Except that model is basically dead...

                                  https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

                                  No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline πŸ™‚

                                  ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote 0
                                  • ObsolesceO
                                    Obsolesce @1337
                                    last edited by

                                    @Pete-S said in RDP to RDP to RDP?:

                                    @Obsolesce said in RDP to RDP to RDP?:

                                    @Pete-S said in RDP to RDP to RDP?:

                                    Purdue Model

                                    Except that model is basically dead...

                                    https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

                                    No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline πŸ™‚

                                    I knew it was dead beforehand, then Google and listened to the whole thing after finding it. And still, I tell you it's dead. However, there's always those who refuse to let things die that need to die. :thumbs_down:

                                    1 Reply Last reply Reply Quote 0
                                    • siringoS
                                      siringo
                                      last edited by

                                      Zerotier?

                                      1 Reply Last reply Reply Quote 0
                                      • stacksofplatesS
                                        stacksofplates @1337
                                        last edited by

                                        @Pete-S said in RDP to RDP to RDP?:

                                        @Obsolesce said in RDP to RDP to RDP?:

                                        @Pete-S said in RDP to RDP to RDP?:

                                        Purdue Model

                                        Except that model is basically dead...

                                        https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

                                        No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline πŸ™‚

                                        It really is. It’s overly complex and has much less return on investment and security than something like the zero trust model.

                                        1 1 Reply Last reply Reply Quote 2
                                        • 1
                                          1337 @stacksofplates
                                          last edited by 1337

                                          @stacksofplates said in RDP to RDP to RDP?:

                                          @Pete-S said in RDP to RDP to RDP?:

                                          @Obsolesce said in RDP to RDP to RDP?:

                                          @Pete-S said in RDP to RDP to RDP?:

                                          Purdue Model

                                          Except that model is basically dead...

                                          https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

                                          No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline πŸ™‚

                                          It really is. It’s overly complex and has much less return on investment and security than something like the zero trust model.

                                          I'm not an ICS infosec expert. I just know what enterprises that have big plants in the oil & gas, pulp & paper, chemical industry have and what they have is what I said they have. And if I look at Homeland Security, NIST etc what they have as best practice is what the customers are doing. Will it change in the future? Sure, everything does.

                                          1 Reply Last reply Reply Quote 0
                                          • 1 / 1
                                          • First post
                                            Last post