ssh with localhost
Mon Nov 18 22:24:00 2002
>> Suppose that Charlie is not available to the internet as a whole, but
>> is able to access Charlie through ssh. Bob is connected to the
>> so Alice can connect to Bob through ssh. However, Alice can't connect
>> Charlie directly, but through Bob.
>> Suppose Charlie has vncserver with the -localhost option running. How
>> Alice connect to Charlie with vncviewer?
> ssh -L 5901:charlie:5901 bob
> so port 5901 locally is forwarded to port 5901 on Charlie, routed via
> the ssh tunnel to Bob.
> Of course, if you're trying to get the entire connection encrypted then
> it gets more complicated. Then you do want the remote system running
> vncserver with -localhost and you'll need two tunnels:
> ssh -L 5901:localhost:8989 bob
> and then, from bob:
> ssh -L 8989:localhost:5901 charlie
> though I've not tried it myself.
Note that an alternative, though slightly round-about, way to do this,
*if charlie can see the whole internet* (though it cannot be accessed
from the internet beyond bob) is as I just described in the thread
"Accessing a computer that uses NAT".
In this case, you would set up a *remote* port forward from charlie
which makes a port listener on a remote machine.
i.e. while you have a command-line prompt for charlie, type the
ssh -f -N -R 5909:localhost:5901 <remote-host>
On the 'remote' host you can then connect all the way through to charlie
using port 5909 (i.e. display number 9).
Note the warnings I mentioned in the other thread about timeouts and
encodings with local connections...
Adrian Umpleby email@example.com
vncPatches68k - Not just for 68k Macs!