This port is configured as an SSH tunnel to the RDP target host and port. When I request to open the connection Royal TS connects using SSH to the Secure Gateway and opens a port on localhost.We change that connection to use a Secure Gateway. Lets say we have an RDP connection which is configured for direct connections.The way I understand it this is done by the following steps: This obviously works with the ActiveX version. Royal TS can use ssh proxies in the Secure Gateway feature. The point I am trying to make and I believe Jody was pointing out was that you do not need built-in support for proxies. I am well aware that MSRDP ActiveX is closed source and does not support the use of proxies. If this still doesn't make sense, I can probably mock up some code in C#. The difference, which is critical, is that the connection via the SOCKS5 proxy server isn't encrypted again, and it is using a SOCKS5 proxy server that we specify, not one that is created dynamically by SSH. Since the RDP ActiveX control doesn't support SSH tunnels either, I expect this is exactly what you are doing with the SSH tunnels in the Secure Gateway feature. You would set this up to listen on a random unused local port for each connection which would forward to the true target, and simply use the RDP ActiveX control to connect to the localhost and local port. They show how to use a SOCKS5 proxy server to create a non-encrypted tunnel from a local port to a remote server and port via a SOCKS5 proxy server. The links I sent do not show how to create a proxy server. There are several competing audit packages that provide similar functionality, they are very common in extremely large companies that are subject to regulatory compliance such as PCI-DSS, Sarbanes-Oxley, HIPAA, etc. The auditing software is CryptoAuditor ( ). We have software in place that will decrypt both SSH and RDP protocols if they are passing through a specific software package that behaves as a SOCKS5 proxy server, but not if they are passing through a SSH tunnel or a different SOCKS5 proxy that is provided dynamically by a ssh connection. a non-encrypted tunnel so that we can audit it for regulatory compliance. We need support for a non-secure Gateway, i.e. What I am suggesting doesn't require any changes to the ActiveX control. The Secure Gateway does not meet the need because it adds an additional layer of encryption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |