Royal Server Secure Gateway is using SSH Tunneling internally to tunnel connections to servers. 

The general use case for Secure Gateway Connections is by using Royal TS/X connections (supported types are Remote Desktop Connections, VNC, SSH and Telnet Connections). But you can also use a standard SSH client to tunnel through Royal Server - no Royal TS/X clients are needed.


To make this work, please disable the setting "Only allow Royal TS/X as client" in the "Security Configuration" in the "Secure Gateway" section in the Royal Server Configuration Tool.

Using SSH to tunnel through Royal Server

In order to use Royal Server as a Jump Host for a standards-based SSH connection issue the following command:

ssh -J rs-secure-gateway-user@<royal-server-host> destination-host-user@<destination-host>

Now, you first have to enter the password for authenticating with Royal Server and then the password for authenticating with the destination host.

As usually, the "rs-secure-gateway-user" needs to be in the local group "Royal Server Gateway Users". If you are using a user account that is not member of this group, you will find the following log entry:

PreAuthentication rejected: Could not find Windows user account for demoadmin777 in RoyalServer.SecureGateway.SecureGatewayService {}


Using for debugging purposes

If you are using this way to tunnel through Royal Server for debugging purposes, please specify also verbose logging into a file:

ssh -v -J rs-secure-gateway-user@<royal-server-host> destination-host-user@<destination-host> 2>sshlog.txt

By using the -v switch and redirecting the output to sshlog.txt you get detailed logging from SSH.