SSH, VNC, Windows

Michael Ossmann michael.ossmann "at"
Wed, 09 Jan 2002 17:39:39 +0000

On Wed, Jan 09, 2002 at 10:33:13AM -0500, Boyd D. Mills wrote:
> There is a key described at
> called LoopbackOnly.

Gee, how did I miss that?  Thanks.  :-)

> I was a little surprised that this key was not already created with the
> default of 0.  I had to create the key LocalMachine\Software\ORL\WinVNC\
> key: LoopbackOnly value 1.
> This does cause WinVNC to only accept connections from the local machine.

Bummer.  That sounds like a bug.  Has anyone else encountered this?

Did you try setting AllowLoopback and AuthHosts instead?  If that
doesn't work, you may need to resort to using third party "personal
firewall" software or set up a separate gateway system or firewall.
(Or, even better, fix the bug in WinVNC.  :-)

> But I need to configure the OpenSSH server to redirect incoming Browser
> connections to WinVNC.  That's the first major hurdle.

Ah, I missed that part in your first post.  This is trickier.  You do
need to have an SSH client running on the system with the web browser.
This can be an OpenSSH client that you use to turn on port forwarding
prior to making the VNC connection and then close again afterward, but
you would probably prefer to have the SSH client integrated into the
Java applet.  The only Java applet I'm aware of that does this is
mindvnc, which is part of the mindterm package.  I haven't tried the
commercial version which supports SSH2 (and I'm not even sure if it
still includes mindvnc), but a GPL version that only supports SSH1 is
being maintained by ISNetworks.  They have a nice signed Java archive
that is free to use:

The example html page can be easily modified to run mindvnc instead of

<applet archive="sshNetscape.jar"
code=mindbright.application.MindVNC.class width=640 height=480>
This looks a lot like the vanilla Java VNC client but also sets up an
SSH tunnel.

Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.
To unsubscribe, mail majordomo "at" with the line:
'unsubscribe vnc-list' in the message BODY
See also: