VNC and SSH tunneling
whooper "at" freeshell.org
Tue Jul 23 03:02:04 2002
----- Original Message -----
From: "Tim McGarry" <tim "at" mcgarry.ch>
To: <vnc-list "at" realvnc.com>
Sent: Monday, July 22, 2002 1:56 PM
Subject: VNC and SSH tunneling
> I'm running the VNC server on a Solaris 8 box with OpenSSH.
> Normally I use vncviewer.exe (Windows NT/98) forwarded through an SSH
> connection (PuTTY) . this works fine. I start the server with -localhost
> (port 5900 is forwarded locally)
> What I'd like to do is start the vncviewer in listen mode and make a
> initiated connection tunnelled through a remotely forwarded port.
> The reverse connections work fine without the SSH tunnel, but I've had
> absolutely no success in opening a reverse connection to vncviewer through
> remote port forward.
> Does anyone have experience of this, what remote ports (5500? 5900?) do I
> need to forward and where do I forward them to (localhost? 127.0.0.1?
> ipaddress?) are there any configs that I need to take care of in OpenSSH
> Tim McGarry
Disclaimer - I've never tried so I reserve the right to be wrong!
The vncviewer listens on port 5500 for the server connection. That means if
you forward the OpenSSH server's port 5500 to the client that communication
should work. You would tell the server to make a connection to localhost.
You also need a connection for the VNC session to go over once it is
started. This would be over the normal port of 5900. So you need a tunnel
from the PuTTY machine to the OpenSSH server on port 5900.
The PuTTY docs talk about how to set up the two types of tunnels here:
Again Disclaimer - I've never tried it so I might be wrong. If the server
sends a hard coded IP instead of localhost it could very well try to bypass
the SSH tunnel and try to go direct and not work.
Just curious, if you can log in normally and start the session from client
side, what advantage are you getting from starting the connection from the
server side instead?
Save the whales, collect the whole set !