SSH, VNC, Windows

David Brodbeck DavidB "at" mail.interclean.com
Thu, 10 Jan 2002 15:50:01 +0000


It's common, yes.  It's called "TCP tunnelling".  You have the app connect
to an ssh client that's listening on a local port, then the ssh client
forwards it through an encrypted tunnel to the remote end, where it's
connected to a local or remote port.  It's useful because the app doesn't
have to "understand" anything about ssh or encryption.

-----Original Message-----
From: Alex Angelopoulos [mailto:alex "at" bittnet.com]
Sent: Wednesday, January 09, 2002 10:56 AM
To: vnc-list "at" uk.research.att.com
Subject: Re: SSH, VNC, Windows


A semi-topical clarification question...

Is this the standard method for settting apps up to use SSH? "relay" through
a loopback to a local SSH service?

----- Original Message ----- 
From: "Michael Ossmann" <michael.ossmann "at" alttech.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Tuesday/2002 January 08 19:56
Subject: Re: SSH, VNC, Windows


: On Tue, Jan 08, 2002 at 04:36:19PM -0500, Boyd D. Mills wrote:
: > 
: > The requirement is to ENFORCE secure access to VNC through the web
: > browser.  The first thing is to configure OpenSSH on the server
: > machine to effectively sit between VNC server and the remote browser
: > machine.  The second (hopefully two in the same) is to disable
: > unsecure connections to VNC.
: 
: Take a look at the AllowLoopback and AuthHosts advanced options:
: 
: http://www.uk.research.att.com/vnc/winvnc.html
: 
: If you allow loopback access and deny all hosts except 127.0.0.1, you
: can limit network access to those being forwarded by SSH.  This will
: also allow unencrypted connections from the localhost, but that probably
: is not a problem.
: 
: -- 
: Mike Ossmann, Tarantella/UNIX Engineer/Instructor
: Alternative Technology, Inc.  http://www.alttech.com/
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
: 'unsubscribe vnc-list' in the message BODY
: See also: http://www.uk.research.att.com/vnc/intouch.html
: ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------