VNC via SSH - loopbackonly & allowloopback problem

Miroslav Luptak luptak "at" snt.sk
Thu, 21 Jun 2001 12:51:48 +0000


Isn't it possible that you used LoopbackOnly set to 1 and Teraterm
forwarding to a.b.c.d instead of 127.0.0.1? This is important ...

Regards,

Miroslav Luptak

> 
> Hello All,
> 
> I'm attempting to connect via SSH port forwarding. Want to allow *_only_*
> tunneled connections via SSH to VNC.
> 
> No matter what I try, I cannot get it tightened down to *_only_* tunneled
> connections. The best I can get is tunneled & direct allowed at the same
> time.
> 
> >From what I can see, I think that I have the SSH port forwarding set up
> correctly - after all, it works if I connect to 127.0.0.1:1 when I have the
> AllowLoopback registry entry set. But as to the actual cause of the problem
> - I'm stumped. Any suggestions?
> 
> Below is what I hope is a complete description of my test environment and
> the results.
> -----------------------------------------------------------------------
> VNC host is a WIN NT server, sp6a, 128bit encryption.
> SSHd is Brandon Zehm's sshd1 for WinNT.
> 
> Client is a WIN NT workstation, sp6a, 128bit encryption.
> SSH client is the ttssh extension to Tera Term 
> 
> I have established an SSH connection and set up the port forwarding:
> 5901:a.b.c.d:5900 (ie: I am forwarding calls to port 5901 from my client to
> port 5900 on the server with ip address a.b.c.d). In Tera Term the
> formatting of establishing this is different than shown here, but this is
> the effect.
> 
> The actual fields in the TTSSH port forwarding window - 
> Forward local port: 5901
> to remote machine: a.b.c.d
> port: 5900
> 
> If I create and set the HKLM\software\orl\winvnc3 Dword key AllowLoopback to
> 1, I can connect by specifying 127.0.0.1:1 or 127.0.0.1:5901 in the
> connection details screen of the VNCviewer application.  However I can at
> this stage still connect directly by specifying a.b.c.d only. 
> 
> Attempting to tighten it down, I implement the LoopbackOnly Dword key (same
> path), setting it to 1 as well. At this stage I invariably get the message:
> "A program on the local machine attempted to connect to a forwarded port.
> The forwarding request was denied by the server. The connection has been
> closed."
> 
> Setting the LoopbackOnly key back to 0 gives me tunnel access again. Note:
> at each stage I have to restart the VNC server - it does not dynamically
> read the registry settings for each connection attempt, so whenever I play
> with them I need to do a stop and start of the VNC program.
> 
> A full table of my test results:
> AL LO  tunnel   direct
> 0    0   disabled pass
> 0    1   denied	fail
> 1    0   pass	pass
> 1    1   denied	fail
> -     1   denied	fail
> 1     -   pass	pass
> 
> An explanation of the results:
> AL - AllowLoopback
> LO - LoopbackOnly
> disabled - a message from VNC (presumably from the server): "Local Loopback
> Connections are disabled."
> denied - message from Tera Term: "A program on the local machine attempted
> to connect to a forwarded port. The forwarding request was denied by the
> server. The connection has been closed."
> fail - message back from VNCviewer application: "Failed to connect to
> server."
> pass - it connects (asks for session password)
> A "-" is where I completely deleted the key from the registry (grasping at
> straws time).
> 
> Rgds,
> Dave.
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------