My work has given me a remote windows desktop to use, that I access using AWS.
Through this windows desktop (accessed via a chrome web-browser), I can SSH into a compute node to do work.
I dont actually need this virtual desktop, I’d rather just SSH from my local machine directly to the compute node, using the remote desktop’s network without having to spawn the desktop itself.
Ive been reading up about SSM agents[0] as a solution, but am unsure if I have the priveledges to do this myself.
Is this something I can easily do using the AWS credentials that I have?
Yeah the browser seems to be what I’m resigned to. In terms of security, there isn’t really much stopping me from spawning an reverse SSH proxy to a public server from within the desktop, and then connecting to that…
If I wanted to wreac havok, my user would still need to be in the right access groups to do anything. I feel that cutting out the middleman and letting me connect directly to the bastion would be easier for everyone…
Except that the idea is that you cannot get data in or out of the corporate network. Depending on how it’s implemented will determine how successful that is.
Regardless, you’re likely to lose your job if it’s detected without written permission and even then it’s likely to turn into a security pissing match.
In the scenario I have, the browser clipboard literally lets me drag-and-drop files to my laptop. I do hear your wider point though