rdpgw icon indicating copy to clipboard operation
rdpgw copied to clipboard

Published 20 hours ago verified publisher icon bolkedebruin

User / Password based RDP gateway to use with Guacamole?

Open apiening opened this issue 3 years ago • 5 comments

I'm looking for a solution to connect securely to internal RDP servers from remote using Apache Guacamole.

My idea is to run this rdpgw on a non standard port and configure the firewall so that it is only publicly reachable from the Guacamole server.

Apache Guacamole does support Remote Desktop Gateways which are configurable with Hostname/IP, Port, Username, Password and Domain. As far as I know there is no special support for certificate based authentication or OpenID or anything other than Username / Password authentication.

Is it possible to configure this RDP Gateway implementation, so that it would work under the given circumstances?

apiening avatar Mar 08 '21 23:03 apiening

This requires a patch to the gateway. At the moment only OpenID connect is supported. I might do this in a couple of weeks, but obviously open to have it as a PR.

bolkedebruin avatar Mar 10 '21 08:03 bolkedebruin

Thank you vor your response. This feature would be really nice to have. I have seen discussions where users were asking for SSH tunneling support to connect to internal machines securely, especially from Guacamole. Having a RDP gateway with basic authentication would solve that issue.

I don‘t see myself in the position to be able to provide a PR. But I would like to test the implementation and provide feedback when this functionality gets available in an experimental stage.

apiening avatar Mar 12 '21 16:03 apiening

I would really like to see this also for auth purposes.

If a basic with method is added i think it would also be a good base for people to write other auth providers for

Tigger2014 avatar Jul 01 '21 20:07 Tigger2014

i would also vote in favour of this if there isnt any other way for setting up a completely identical replacement for the original microsoft rdp gateway,

i would very much like this to be as it is with the commercial product:

you enter your rdp-host and your rdp-gateway plus your domain\username and passwort and it connects as if you were using an original microsoft rdp gateway.

ingo

mrfreezer avatar Jul 27 '21 14:07 mrfreezer

i would also vote for this, my usage case would be a single executable i can start as windows service which only allows access to 127.0.0.1 so a singlehost windows box anywhere can be accessed via https instead of rdp. this makes firewalling of a remote host much more practical.

jrsmile avatar Dec 21 '21 18:12 jrsmile

User / password authentication is now possible by setting Authentication to local and running the included rdpgw-auth service (as root / setuid). This will verify users against PAM so will only work on Linux/OSX/BSD.

bolkedebruin avatar Aug 25 '22 10:08 bolkedebruin