Providing (Windows) VNC support to clients that have strict corporate firewalls

Steve Palocz spalocz "at" tgtsolutions.com
Fri, 18 Jan 2002 21:27:01 +0000


Please go to the vnc website and read the documentation. As we have told you
the answer that works for us and it is documented there.

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Chuck Renner
Sent: Friday, January 18, 2002 3:52 PM
To: vnc-list "at" uk.research.att.com
Subject: RE: Providing (Windows) VNC support to clients that have strict
corporate firewalls


Thanks.  The "permitopen" option works really well on the sshd.  The only
way I seem to be able to get around the loopback restriction is by running
the ssh client on an intermediate machine.  The "AllowLoopback" registry
setting changes nothing.

- Chuck Renner

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Michael Ossmann
Sent: Wednesday, January 16, 2002 3:26 PM
To: vnc-list "at" uk.research.att.com
Subject: Re: Providing (Windows) VNC support to clients that have strict
corporate firewalls


On Wed, Jan 16, 2002 at 02:40:16PM -0500, Chuck Renner wrote:
>
> Since VNCviewer states, "Internal loopback connections are not allowed",
the
> implication is that there is a setting that WILL allow them, either in the
> source, or in the GUI settings.  Is this the case?

I wasn't expecting this.  I have no idea why loopback connections
wouldn't be allowed, and I suspect a source code change would be
required to change it.  Anyone?

>       2.  Opening the SSH connection from the client to the SSHD your
Linux
> firewall is effectively like creating a VPN connection from the client to
> your network.  This opens a huge security hole in your network, and gives
> someone on the client's network the ability to snoop around your network
> when the connection is made.

One of the advantages of using public key authentication is that OpenSSH
can limit port forwarding to particular host:port combinations specified
by the permitonly option in the authorized_keys file.

--
Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.  http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------