ssh with localhost

Robin Hill
Mon Nov 18 15:31:17 2002

On Sat Nov 16, 2002 at 03:49:01PM -0700, Scott Hyde <> wrote:

> Suppose that Charlie is not available to the internet as a whole, but Bob
> is able to access Charlie through ssh.  Bob is connected to the internet
> so Alice can connect to Bob through ssh.  However, Alice can't connect to
> Charlie directly, but through Bob.
> Suppose Charlie has vncserver with the -localhost option running.  How can
> Alice connect to Charlie with vncviewer?
You don't want vncserver running with the -localhost option here.  The
ssh tunnel will link Alice to Bob, then a clear connection will be made
from Bob to Charlie.  This means Charlie will see the connection as
coming from Bob so needs to listen on the standard port.  You only want
the -localhost option when the ssh server is running on the same machine
as the vncserver.

> I've tried the following two commands without luck
> ssh -L 5901:bob:8989 bob
> then in the ssh shell for bob type
> ssh -L 8989:localhost:5901 charlie
> But it doesn't seem to work.
> -Scott

        ssh -L 5901:charlie:5901 bob
so port 5901 locally is forwarded to port 5901 on Charlie, routed via
the ssh tunnel to Bob.

Of course, if you're trying to get the entire connection encrypted then
it gets more complicated.  Then you do want the remote system running
vncserver with -localhost and you'll need two tunnels:
        ssh -L 5901:localhost:8989 bob
and then, from bob:
        ssh -L 8989:localhost:5901 charlie
though I've not tried it myself.


    ( ' }     |       Robin Hill        <> |
   / / )      | Little Jim says ....                            |
  // !!       |      "He fallen in de water !!"                 |