Ip restriction question on VNC 4.0 version

Scott C. Best sbest "at" best.com
Thu Jan 22 19:38:01 2004


	Heya. Here's a way of thinking about it: your VNC Server is
getting its data from the SSH tunnel. So when you created the tunnel,
you used a command like this:

ssh -L port:host:hostport ssh.server.ip.address

	So, what did you put for "host" in there? If you put
"localhost", then the IP address your VNC Server will "see" the
data coming from is the loopback address, If you put
in "ssh.server.ip.address", then it will be that IP address the
data appears to be coming from.

	Putting in "localhost" or (even better) "" for the
"host" address in the SSH tunnel command is best when your SSH server
is the same as your VNC server. Doing it that way, you then add the
"LoopbackOnly" registry key to your VNC Server, and now nothing can
connect to it that's not being tunneled thru SSH. Then all of your
"IP restriction" work is offloaded onto SSH, which has very thorough
identity checking capabilities.

	Hope this helps!


> Hey There,
> Im so excited since I finally managed to use VNC and SSH on my
> windows computer. However, I would like to restrict to only accept
> connections from a few ip's, and I cant really figure it out.
> This is my setup.
> Installed openSSH on my windowsbox running vnc server.
> I open putty from another computer on internet, log into my computer,
> then run WINVNC user connection to localhost:0.. Works like a charm
> with tunnel.
> SO the big question, in the IP RESTRICTION box on server side, what
> ip do I allow?