Milestone 5: deliver embedded RDP sessions and lifecycle hardening
This commit is contained in:
Keith Smith
85
third_party/FreeRDP/server/proxy/cli/freerdp-proxy.1.in
vendored
Normal file
85
third_party/FreeRDP/server/proxy/cli/freerdp-proxy.1.in
vendored
Normal file
@@ -0,0 +1,85 @@
|
||||
.de URL
|
||||
\\$2 \(laURL: \\$1 \(ra\\$3
|
||||
..
|
||||
.if \n[.g] .mso www.tmac
|
||||
.TH @MANPAGE_NAME@ 1 2023-12-14 "@FREERDP_VERSION_FULL@" "FreeRDP"
|
||||
.SH NAME
|
||||
@MANPAGE_NAME@ \- A server binary allowing MITM proxying of RDP connections
|
||||
.SH SYNOPSIS
|
||||
.B @MANPAGE_NAME@
|
||||
[\fB-h\fP]
|
||||
[\fB--help\fP]
|
||||
[\fB--buildconfig\fP]
|
||||
[\fB--dump-config\fP \fB<config file>\fP]
|
||||
[\fB-v\fP]
|
||||
[\fB--version\fP]
|
||||
[\fB<config file>\fP]
|
||||
.SH DESCRIPTION
|
||||
.B @MANPAGE_NAME@
|
||||
can be used to proxy a RDP connection between a target server and connecting clients.
|
||||
Possible usage scenarios are:
|
||||
.IP Proxying
|
||||
Connect outdated/insecure RDP servers from behind a (more secure) proxy
|
||||
.IP Analysis
|
||||
Allow detailed protocol analysis of (many) unknown protocol features (channels)
|
||||
.IP Inspection
|
||||
MITM proxy for session inspection and recording
|
||||
|
||||
.SH OPTIONS
|
||||
.IP -h,--help
|
||||
Display a help text explaining usage.
|
||||
.IP --buildconfig
|
||||
Print the build configuration of the proxy and exit.
|
||||
.IP -v,--version
|
||||
Print the version of the proxy and exit.
|
||||
.IP --dump-config \fB<config-ini-file>\fP
|
||||
Dump a template configuration to \fB<config-ini-file>\fP
|
||||
.IP \fB<config-ini-file>\fP
|
||||
Start the proxy with settings read from \fB<config-ini-file>\fP
|
||||
|
||||
.SH WARNING
|
||||
The proxy does not support authentication out of the box but acts simply as intermediary.
|
||||
Only \fBRDP\fP and \fBTLS\fP security modes are supported, \fBNLA\fP will fail for connections to the proxy.
|
||||
To implement authentication a \fBproxy-module\fP can be implemented that can authenticate against some backend
|
||||
and map connecting users and credentials to target server users and credentials.
|
||||
|
||||
.SH EXAMPLES
|
||||
@MANPAGE_NAME@ /some/config/file
|
||||
|
||||
@MANPAGE_NAME@ --dump-config /some/config/file
|
||||
|
||||
.SH PREPARATIONS
|
||||
|
||||
1. generate certificates for proxy
|
||||
|
||||
\fBwinpr-makecert -rdp -path . proxy\fP
|
||||
|
||||
2. generate proxy configuration
|
||||
|
||||
\fB@MANPAGE_NAME@ --dump-config proxy.ini\fP
|
||||
|
||||
3. edit configurartion and:
|
||||
|
||||
* provide (preferably absolute) paths for \fBCertificateFile\fP and \fBPrivateKeyFile\fP generated previously
|
||||
* remove the \fBCertificateContents\fP and \fBPrivateKeyContents\fP
|
||||
* Adjust the \fB[Server]\fP settings \fBHost\fP and \fBPort\fP to bind a specific port on a network interface
|
||||
* Adjust the \fB[Target]\fP \fBHost\fP and \fBPort\fP settings to the \fBRDP\fP target server
|
||||
* Adjust (or remove if unuse) the \fBPlugins\fP settings
|
||||
|
||||
3. start proxy server
|
||||
|
||||
\fB@MANPAGE_NAME@ proxy.ini\fP
|
||||
|
||||
.SH EXIT STATUS
|
||||
.TP
|
||||
.B 0
|
||||
Successful program execution.
|
||||
.TP
|
||||
.B 1
|
||||
Otherwise.
|
||||
|
||||
.SH SEE ALSO
|
||||
wlog(7)
|
||||
|
||||
.SH AUTHOR
|
||||
FreeRDP <team@freerdp.com>
|
||||
Reference in New Issue
Block a user