From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
I specialize in Azure admin.
Sounds like this might be by design to ensure secure connections.
Using AVD as a bastion replacement.
Only option with similar security would be VPN into the vnet and just ssh normally.
As an alternative, you might be able to set up OpenSSH in Windows (yes it's possible), then use the ProxyJump setting in your local ~/.ssh/config to connect via a tunnel to the final box.
Here's how you configure the server to not let the user wreak too much havoc:
Match User restricted
PermitOpen 127.0.0.1:3389 [::1]:3389
X11Forwarding no
AllowAgentForwarding no
ForceCommand /bin/sh -c 'while sleep 999; do true; done'
ClientAliveInterval 1
ClientAliveCountMax 2
Fun fact: mentioning etc ssh sshd_config triggers some CloudFlare security warning that prevents me from posting it under the right name.
Got to love our Cloudflare overlords
I wasn't able to set up a reverse tunnel, because I'm also under a corporate VPN :( I was able to get xfreerdp to work, though! Maybe I can add some port-forward + tunnels and be free :P
If your local machine is not reachable from the internet, you could set up the cheapest VPS - you can get a free one for 12 months at https://azure.microsoft.com/en-us/free/#all-free-services Connect from your destination machine (the firewalled one) to the VPS, and set up a reverse tunnel. For example, drop this into your ~/.ssh/config on the destination machine:
Host rtun
Hostname something
RemoteForward 1234 localhost:22
tmux new-ses 'while sleep 1; do ssh rtun; done'
Then configure your local machine to connect to destination via the jumpbox:
Host vps
Hostname something
Host destination
Hostname localhost
Port 1234
ProxyJump vps
ssh destination should work now.
Make sure to use SSH key auth, not passwords, and never transport secret keys off-machine. It's easier to wipe and recreate a VPS, if you lose keys, than to explain to Security folks how you were the donkey that enabled the breach.
@pathief just use the webclient. By far the easiest option
https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-web
Freerdp 3.x has this support. I have been using it half a year back for this very purpose. Ask for help on #FreeRDP:matrix.org they are very helpful
My example:
xfreerdp "$RDPW_FILE" /u:"$RDP_USERNAME" /p:"$RDP_PASSWORD" /sec:nla /cert:ignore +clipboard /multimon /monitors:0 /gateway:type:arm /network:auto /gfx:AVC444 /rfx /dynamic-resolution
Keep in mind that I was using for accessing Windows machine... Some flags might need to be a bit different
This worked perfectly, thank you so much. Now let's check if I can add some port forwarding through this...
In arch it's xfreerdp3, just in case anyone needs it.
Where'd you get the .rdp file? I can't find a way to get a working version of mine.
Here's how I got mine:
Go to the web version: https://client.wvd.microsoft.com/arm/webclient/index.html
In the top right corner, click on the settings icon (cog)
Under "Resources Launch Method", select the `Download the rdp file" radio option
Click whatever machine you want to access
The file started to download
Lovely. Thanks! Now to figure out how to redirect that YubiKey USB device, so I could use Passkey auth...
Can you use it though a web browser?
I can use it, just not very efficiently.
Ideally, I can set port forwards/tunnels so that I can then work from my machine's terminal.