Access to SUSE Live Lab Environment through SSH reverse Tunnel and RDP

> posts > 2022 > Sep


SUSE provides some great Training Courses with a lot of Exercises and Online Labs are also available for most of them. But, at least in the Environment available to SUSE Partners, the Labs can only be accessed through a Browser, with a fixed size of 1080x800, no support for Resize, Full-screen or Copy/Paste.

The Tech Stack used to provide those access: hastexo XBlock (Archive: [1], [2]), Apache Guacamole (Archive: [1], [2]), and Open edX (Archive: [1], [2]).

As much I love the provided Trainings, that's just not really comfortable in my opinion. It's fine for a few quick Exercises, but if you have some complex ones or do multiple hours of hands on Training, a more direct way to connect, with support for Full-screen and Copy/Paste, would be way better.

The alternative is to setup the Lab Environment locally, but that requires additional time and resources.

SUSE Labs are based on a main server, which runs all other virtual machines, relevant for the lab, via KVM. You always access this main server and from there you can either use SSH or the Virtual Machine Manager Console to connect to the other systems.

The good thing, this main server has full Internet Access via NAT (IPv4), we can establish outgoing connections without restrictions and also have full root permissions. So by establishing a SSH Reverse Tunnel to a public server, as rendezvous point, it's possible to access the Lab Server quite easy via RDP, which is enabled by default, because of the used Tech Stack to provide Browser access.

-----------------------                                           ------------------------
| Local Workstation   |          -----------------------          | SUSE Live Lab Server |   ------------------------------
|                     | tcp/22 > | VPS (Public Server) | < tcp/22 |                      | > | Other Lab Virtual Machines |
| SSH Tunnel to VPS   |          -----------------------          | SSH Tunnel to VPS    |   ------------------------------
| Outgoing Connection |                                           | Outgoing Connection  |
-----------------------                                           ------------------------

    localhost:3389         >            SSH Tunnel            >        localhost:3389


  1. Create VPS
  • Any cheap Virtual Machine, for example Hetzner Cloud (Referral Link) with Public IPv4 address does the trick, you can also re-use any Server you might already have.
  1. Create additional User Account on the VPS used for SSH Tunneling
  • You have to type the User and Password into the SUSE Live Lab Server (no copy/paste), so I picked something simple and didn't used my regular User for the tunneling, but it's up to you.
  1. Establish a SSH Reverse Tunnel from the Lab Server to the VPS and also from your local Workstation to the VPS
  1. Connect via RDP
  • I'm running openSUSE Tumbleweed and use Remmina, any other Client with RDP support will work as well.
  • It's a connection on your local Workstation to localhost:3389, which then goes through the established SSH Tunnel and hit Port 3389 (RDP) on the Lab Server.


# VPS (Hetzner Cloud, CX11, Falkenstein Germany, 0.0071 € / hour, Rocky Linux 9)
useradd -c "SSH Tunnel" -m -U sshtunnel
passwd sshtunnel

# SUSE Live Lab Server
ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 -nNT -R 3389:localhost:3389 sshtunnel@<vps-public-ip>

# Local Workstation
ssh -o TCPKeepAlive=no -o ServerAliveInterval=15 -nNT -L 3389:localhost:3389 sshtunnel@<vps-public-ip>

# Lab Server
# The password for user "tux" is unknown so you have to reset it
sudo su -
passwd tux

# Local Workstation
# Open an RDP Client, connect to localhost as user "tux" with the password you set earlier on the Lab Server


1) Leave the Web Browser with the Live Lab HTML Viewer open, if you close it the VM will be suspended, keep an eye on it, move the mouse from time to time when the windows is active or click the confirmation that you still want to keep the VM running when you are inactive for a while.

2) This hack will affect the access to the lab server through the Browser, you will see a login failed for display :0 error message, click ok and on the XRDP prompt, select xorg, user tux and the password you set earlier.

This is just a quick & dirty way to interact a little more comfortable with the Lab Environment, you can tunnel through SSH whatever you want, SSH Sessions or X Forwarding, whatever you prefer.

Especially the fact that your VM get suspended when you leave the website, makes it not really reliable, but for me it worked quite well to prepare for some Exams.

Happy hacking and enjoy your next SUSE Training :)

[ Show Source | Download PDF ]