RDP to RDP to RDP?
-
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
-
Only thing that I could think of would be using something other than RDP for internal steps. What you are using now is like a jump box to a jump box, etc.
If instead you used proxies, that would help.
-
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
Why can't you just connect to host 3?
I am assuming host 1 is a public IP and host2 and host3 are internal?
-
@IRJ said in RDP to RDP to RDP?:
Why can't you just connect to host 3?
If only he'd have thought to put in the right IP address the first time, LOLOL.
-
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
TeamViewer
-
@scottalanmiller said in RDP to RDP to RDP?:
@IRJ said in RDP to RDP to RDP?:
Why can't you just connect to host 3?
If only he'd have thought to put in the right IP address the first time, LOLOL.
I mean generally host 1 (bastion in this case) would be configured to connect to either host 2 or host 3.
-
@IRJ said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
Why can't you just connect to host 3?
I am assuming host 1 is a public IP and host2 and host3 are internal?
Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.
-
@Obsolesce said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
TeamViewer
The servers on the LANs can't connect to anything not explicitly define in the external firewalls. So no phoning home and no Teamviewer.
-
@Pete-S My company is forced to do this with some of our healthcare customers; we use a linux box for HOST1, which RDP's to HOST2 (windows on customer prem) then that's the jump box to the rest of the machines. Stinks but that's what the customer wants.
-
@Pete-S said in RDP to RDP to RDP?:
@IRJ said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
Why can't you just connect to host 3?
I am assuming host 1 is a public IP and host2 and host3 are internal?
Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.
So you could create a bastion host behind VPN on it's own subnet. Then allow incoming RDP traffic from this bastion host.
-
@Pete-S said in RDP to RDP to RDP?:
@IRJ said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
Why can't you just connect to host 3?
I am assuming host 1 is a public IP and host2 and host3 are internal?
Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.
So you're asking us how you would circumvent your customers network?
I guess just install TeamViewer or the likes on host 3 and go from there. Set up an additional password at a minimum.
-
@DustinB3403 said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
@IRJ said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Is there a smarter way to connect through several RDP sessions instead of doing each one manually?
So if you want to go:
host1 -> host2 -> host3Is there a way to do this in one step instead of first connecting to host1 then from there start a connection to host2 and then from there start a connection to host3?
Why can't you just connect to host 3?
I am assuming host 1 is a public IP and host2 and host3 are internal?
Yes, host 1 is reached over VPN and the rest are different internal networks and subnets with firewall restrictions. Enterprise customers. So the only way is to connect to the servers in this particular order.
So you're asking us how you would circumvent your customers network?
I guess just install TeamViewer or the likes on host 3 and go from there. Set up an additional password at a minimum.
No circumvention. This is the way it is designed. Look up Purdue Model for ICS architecture if you don't know what it is.
What I'm asking is if there is smarter way to set up a chain of RDP connections instead of doing every hop manually.
Like you can multi-hop with ssh for example:ssh -J host1,host2,host3 -
You can do an RD Gateway that would be the best.
-
-
@Pete-S said in RDP to RDP to RDP?:
Purdue Model
Except that model is basically dead...
https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/
-
@Obsolesce said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Purdue Model
Except that model is basically dead...
https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/
No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline
-
@Pete-S said in RDP to RDP to RDP?:
@Obsolesce said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Purdue Model
Except that model is basically dead...
https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/
No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline
I knew it was dead beforehand, then Google and listened to the whole thing after finding it. And still, I tell you it's dead. However, there's always those who refuse to let things die that need to die. :thumbs_down:
-
Zerotier?
-
@Pete-S said in RDP to RDP to RDP?:
@Obsolesce said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Purdue Model
Except that model is basically dead...
https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/
No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline
It really is. Itβs overly complex and has much less return on investment and security than something like the zero trust model.
-
@stacksofplates said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
@Obsolesce said in RDP to RDP to RDP?:
@Pete-S said in RDP to RDP to RDP?:
Purdue Model
Except that model is basically dead...
https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/
No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline
It really is. Itβs overly complex and has much less return on investment and security than something like the zero trust model.
I'm not an ICS infosec expert. I just know what enterprises that have big plants in the oil & gas, pulp & paper, chemical industry have and what they have is what I said they have. And if I look at Homeland Security, NIST etc what they have as best practice is what the customers are doing. Will it change in the future? Sure, everything does.
