First time user of SSH and VNC
carlyle.sutphen "at" db.com
Mon Mar 15 09:01:01 2004
On Fri, 12 Mar 2004 17:03:26 -0000
> im using VNC quite happily over the internet to another PC no probs.
> but this is not secure (so i read)
> so im trying to set up a SSh tunnel using Putty.
> Can someone please expalin what i need to do on the server and viewer side cos
> its the first time ive heard of SSH and i think im configuring the viewer side
> to use Putty but i get the error message 'network error connection refused'.
> im not sure if i have to configure the server end as well for SSH???
How are the two computers connected to the internet? I will assume that
both are separated via firewalling routers. That would mean that you have
both routers set up to pass connections on the vnc port through. This
does two things which are not as secure as might be desired. First, it
opens up the possibility for an attack on the VNC server port on your
server machine. Second, when you have an active connection, it is possible
to intercept the IP packets and "spy" on what you are doing.
Some background on using ssh to make a more secure connection:
An ssh server (or daemon) needs to run on the machine running VNC server.
The ssh client (PuTTY) can then initiate an ssh session which can serve
as a "tunnel" to shield your VNC connection from prying eyes. You will set it
up to "listen" on the VNC sever port and to ask the ssh daemon to "pass"
the connection to your VNC server process. Then you will connect the vnc
client to localhost:5900+display# which causes the daemon to connect to
the server process on that port.
You will set up router1 and router2 to no longer allow connections on
Set up router1 to allow outgoing connections on port 22, the ssh port number.
Set up router2 to allow incoming connections on port 22.
Now you can do one of two things. First, you may run the ssh daemon on
router2 or on PC2. If router2 is a unix variant, that may already be the case
and, if not, it is easy to set up with an entry in the inet daemon
configuration. If PC2 is a Windows machine someone else should advise you how
to set up an ssh daemon service. I don't know off hand so would have to look
it up. In that case you would set up router2 to pass the ssh connection on to PC2.
Finally, some details can be gotten here:
Diese E-Mail enthdlt vertrauliche und/oder rechtlich gesch|tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt|mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.