SSH Windows to Linux

David Brodbeck DavidB "at" mail.interclean.com
Wed, 02 Jan 2002 16:03:26 +0000


I don't use SSH Secure Shell, but my guess is you have two problems here:

The window-in-a-window effect happens when you connect to a VNC server on
the same machine as the viewer you're running.  You must have a server
running on display 0?

You probably want to set your OUTGOING tunnel to listen on port 5901, then
try connecting to 127.0.0.1:1.

To test, you can try telnetting into the tunnel.  You should see a brief
message starting with "RFB" if you've connected to a VNC server.

-----Original Message-----
From: Leite, Keith [mailto:Keith.Leite "at" GDC4S.Com]
Sent: Monday, December 31, 2001 2:00 PM
To: 'vnc-list "at" uk.research.att.com'
Subject: RE: SSH Windows to Linux


Greetings,

I have been following the this message thread and I would like
to say that I am trying to accomplish the same thing here.

I am using SSH Secure Shell for Windows and I think I configured
it correctly. I set my OUTGOING Tunnel to listen on Port 22 and the DEST
Host is localhost and the DEST Port is 5900, I set it up to allow Local
connections only.

It seems to make the connection but when I launch VNC from the PC running
Windows and point to the localhost or 127.0.0.1:5900 it seems to launch
almost a Window within a Window meaning it seems like I am connecting to
myself and it doesn't seem like my data is being forwarded through the
Tunnel.

Do I have to make a INCOMING Tunnel also ???

Not too sure ... I understand the concept of connecting locally and let the
tunnel forwared traffic from the PC to the Linux box but it doesn't seem to
be forwarding ....

Is there any test I can perform to verify that port 5900 is open for
business ???

ThanX Keith ...

-----Original Message-----
From: David Brodbeck [mailto:DavidB "at" mail.interclean.com]
Sent: Monday, December 31, 2001 1:12 PM
To: 'vnc-list "at" uk.research.att.com'
Subject: RE: SSH Windows to Linux


When you make the connection through SSH, it will probably appear to come
from lo (the local interface), though it may depend on how you specify the
forwarding -- whether you use the loopback address or the machine's actual
IP.  Try it and find out; if you deny all to port 5900 and it doesn't work,
you may have to add an allow rule for connections from the machine itself.

I use TeraTerm Pro and the SSH plugin, and it works pretty well for me.  You
should be able to use a host entry something like this to do what you want:

remotemachine.foo.net:22/ssh /ssh-L5900:127.0.0.1:5900

This tells it to connect to remotemachine.foo.net, port 22, using the ssh
protocol.  It then requests that port 5900 on the local machine be forwarded
to locahost port 5900 on the remote end.

(I haven't tested this specifically, since I connect *through* the remote
machine to a third one, but it should work.)

You would then fire up the VNC viewer and tell it to connect to localhost:0.

-----Original Message-----
From: James Pifer [mailto:jamesvnclist "at" tnjinfl.com]
Sent: Monday, December 31, 2001 12:58 PM
To: vnc-list "at" uk.research.att.com
Subject: RE: SSH Windows to Linux


Have you gotten this to work? If so, what SSH client? I'm trying the 
ssh-win32 that the VNC docs point you to. I set it up to forward the ports 
but can't seem to make a connection. I get nothing. VNC doesn't ever come 
back. No erros, nothing. Very weird.

I am using ipchains. When you make a connection through SSH does Linux 
think it's coming from the local trusted NIC? Not sure if that was clear. 
Can I just completely block that port with ipchains and as long as I can 
make the SSH connection I should be able to connect to VNC?

Thanks,
James

At 12:09 PM 12/31/2001 -0500, you wrote:
>You need to ask your SSH client to do port forwarding.  How you do that
will
>depend on the client.  Generally you'll ask it to, say, forward local port
>5900 to remote port 5900. Then you tell VNC to connect to port 5900 on your
>local machine, and SSH forwards it from there.
>
>Since you're running RedHat, the quickest way to keep VNC from accepting
>outside connections would probably be to block that port off with ipchains
>or iptables.
>
>-----Original Message-----
>From: James Pifer [mailto:jamesvnclist "at" tnjinfl.com]
>Sent: Monday, December 31, 2001 11:41 AM
>To: vnc-list "at" uk.research.att.com
>Subject: SSH Windows to Linux
>
>
>I know this has been asked before, but I'm not finding my answer so far.
>I've also read through the docs, but the holiday drinking must have made my
>brain a little mushy.
>
>I have a Redhat 7.2 server that I'm going to stick on the net. For this
>reason I obviously need it secure. Like many others, we're a windows shop
>not Linux. I can't figure out how to connect from a windows PC to a VNC
>session on Linux over SSH.
>
>I have SSH running on Redhat and can connect to it from two different
>Windows SSH clients. When I connect I get the $ prompt like a terminal
>session.
>
>How to a make a VNC connection?
>
>Also, how do I make sure that VNC will not accept normal connections?
>
>I've used Zebedee on windows in the past and then used the authosts
>registry setting to limit only connections from the local machine.
>
>Thanks.
>James
>---------------------------------------------------------------------
>To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
>'unsubscribe vnc-list' in the message BODY
>See also: http://www.uk.research.att.com/vnc/intouch.html
>---------------------------------------------------------------------
>---------------------------------------------------------------------
>To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
>'unsubscribe vnc-list' in the message BODY
>See also: http://www.uk.research.att.com/vnc/intouch.html
>---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------