ssh with localhost

Adrian Umpleby
Mon Nov 18 22:24:00 2002

>> Suppose that Charlie is not available to the internet as a whole, but 
>> Bob
>> is able to access Charlie through ssh.  Bob is connected to the 
>> internet
>> so Alice can connect to Bob through ssh.  However, Alice can't connect 
>> to
>> Charlie directly, but through Bob.
>> Suppose Charlie has vncserver with the -localhost option running.  How 
>> can
>> Alice connect to Charlie with vncviewer?
> Try
>         ssh -L 5901:charlie:5901 bob
> so port 5901 locally is forwarded to port 5901 on Charlie, routed via
> the ssh tunnel to Bob.
> Of course, if you're trying to get the entire connection encrypted then
> it gets more complicated.  Then you do want the remote system running
> vncserver with -localhost and you'll need two tunnels:
>         ssh -L 5901:localhost:8989 bob
> and then, from bob:
>         ssh -L 8989:localhost:5901 charlie
> though I've not tried it myself.

Note that an alternative, though slightly round-about, way to do this, 
*if charlie can see the whole internet* (though it cannot be accessed 
from the internet beyond bob) is as I just described in the thread 
"Accessing a computer that uses NAT".

In this case, you would set up a *remote* port forward from charlie 
which makes a port listener on a remote machine.
i.e. while you have a command-line prompt for charlie, type the 

ssh -f -N -R 5909:localhost:5901 <remote-host>

On the 'remote' host you can then connect all the way through to charlie 
using port 5909 (i.e. display number 9).

Note the warnings I mentioned in the other thread about timeouts and 
encodings with local connections...



Adrian Umpleby
vncPatches68k - Not just for 68k Macs!