Accessing multiple VNC servers using only one SSH port?

LUPTAK,MIROSLAV (HP-Slovakia,ex1) miroslav_luptak@hp.com
Tue Nov 19 15:41:01 2002


Hi, Bruce.

If I understand the problem correctly, the following should solve it (I
suppose all VNC Servers listen on 5900):

On the client, run the following ssh command (or configure 3 port
forwardings on your SSH Client):
client# ssh -L5901:vnc_server1:5900 \
		-L5902:vnc_server1:5900 \
		-L5903:vnc_server1:5900 \
		ssh_server

Then on the client, if you want to connect to VNC Server 1, you use
"vncviewer localhost:1", to connect to VNC Server 2, you use "vncviewer
localhost:2",  etc.

>From the firewall point of view, only TCP port 22 to the SSH Server needs to
be open.

Does this solve your problem?

Best regards,

Miro

> -----Original Message-----
> From: Bruce Atherton [mailto:bruce@callenish.com]
> Sent: Mon, Nov 18, 2002 21:12
> To: vnc-list@realvnc.com
> Subject: Accessing multiple VNC servers using only one SSH port?
> 
> 
> I've gone through the FAQ and mailing list looking for an 
> answer to this 
> problem, but so far I haven't seen anything relevant. Sorry if I just 
> missed it.
> 
> I'm trying to figure out a way to use a single open port on a 
> firewall to 
> connect to one of several VNC servers. Something like this 
> (apologies to 
> the proportional font crowd):
> 
>                                              -- VNC Server 1
>                                              |
>    Client -> Internet -> Firewall -> SSH  ---|- VNC Server 2
>                          port 22    Server   |
>                                              -- VNC Server 3
> 
> If you already have a solution for this problem that works, I 
> would love to 
> hear about it. If not, then I have a way to get this 
> behaviour but I don't 
> know how to set it up currently, and would love some advice.
> 
> This isn't a hard problem from an architecture point of view. The SSH 
> server could have a program run by the client that opened a 
> socket to a 
> named machine and port and that returned that socket on its 
> standard out. 
> The VNC client could have a facility for communicating over 
> its standard 
> in, piped in from the ssh client (after dealing with the password).
> 
> So, if a program on the SSH server was called "opensocket" 
> and the firewall 
> was configured to forward port 22 to the SSH server, on the 
> client you 
> could run something like:
> 
>      ssh firewall.my.org opensocket vnc1.my.org 5901 | vncviewer -
> 
> and have it all just work, even if multiple clients are connecting to 
> different servers across the firewall at the same time.
> 
> Due to blocking you may not want to use pipes, but you get 
> the idea. Does 
> anyone know of any way of accomplishing something like this?
> 
> Any ideas at all gratefully accepted. Thanks.
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list