RDP gateway
RDP Gateway Installation
RDP gateway
Soffid allows you to deploy a new docker container with the RDP gateway. The configuration is similar to the sync server configuration.
Prerequisites
The RDP Service is only released as a docker service.
1. Install docker ( https://docs.docker.com/install/ )
2. Install Soffid PAM (store container and launcher container)
You can visit the PAM Jump Server Installation page for more information about how to install PAM
3. Create a Docker network(*), that network allows you to connect containers to the same bridge network to communicate:
sudo docker network create -d bridge NETWORKNAME* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.
Installation
The steps required to install SSH container are:
1. Create a user
We need to create a user in the pam store container. To do this, we need to connect to the store container.
sudo docker exec -it soffid-pam-store /bin/bashOnce, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.
2. Create volume
We need to create a volume that will be used by the docker container
sudo docker volume create soffid-rdp3. Create a docker container
Finally, we need to execute the command to create the rdp gateway container
docker run \
--name soffid-rdp \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=changeit \
-e SOFFID_HOSTNAME=rdp-gateway \
-e STORE_SERVER=http://soffid-pam-store:8080 \
-e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \
-e STORE_USER=proxyrdp \
-v soffid-rdp:/opt/soffid/iam-sync/conf \
--privileged \
--shm-size=1024m \
-p 3389:3389 \
--network=soffidnet.intenal \
soffid/pam-rdp:1.4.2Environment Variables
To create the new SSH container you need to set the following environment variables:
| Variable | Description | Example |
|
SOFFID_SERVER |
Sync Server URL |
https://syncserver01.soffid.com:1760 |
|
SOFFID_USER |
Soffid user to join the security domain |
admin |
|
SOFFID_PASSWORD |
Soffid user password |
changeit |
|
SOFFID_HOSTNAME |
The hostname used to access the ssh gateway |
ssh-gateway |
|
STORE_SERVER |
Store URL |
http://soffid.pat.pam:8082 |
|
STORE_PASSWORD |
Password received when you created the user in the store container. |
************ |
|
STORE_USER |
Store user |
proxyrdp |
RDP Gateway Connection
Introduction
We can establish a connection to the target system using the RDP remote access protocol. You can use a remote desktop client.
How to connect
You can establish the connection with the ssh gateway using a desktop client and then Soffid will ask you the parameters to connect:
- System name: system to which you want to connect.
- Account name: Soffid's account.
- Account system: account to use to connect to the target system.
https://es.wikipedia.org/wiki/Remote_Desktop_Protocol