Use PuTTY to set up a reverse tunnel. You’ll need to create a restricted tunnel-only user in your machine. Make sure to use key auth.
From your local machine, connect to localhost:portnumber.
As an alternative, you might be able to set up OpenSSH in Windows (yes it’s possible), then use the ProxyJump setting in your local ~/.ssh/config to connect via a tunnel to the final box.
Here’s how you configure the server to not let the user wreak too much havoc:
<span style="color:#323232;">Match User restricted
</span><span style="color:#323232;"> PermitOpen 127.0.0.1:3389 [::1]:3389
</span><span style="color:#323232;"> X11Forwarding no
</span><span style="color:#323232;"> AllowAgentForwarding no
</span><span style="color:#323232;"> ForceCommand /bin/sh -c 'while sleep 999; do true; done'
</span><span style="color:#323232;"> ClientAliveInterval 1
</span><span style="color:#323232;"> ClientAliveCountMax 2
</span>