Reverse Tunnelling -- SSH - Then VNC -- Question

Jessani, Karim (CSS) Karim.Jessani "at" css.gov.on.ca
Fri Dec 9 18:46:02 2005 

Okay. so now I have done exactly what you said:


SSH -R5901:localhost:5900 12.13.14.15

-- at home type in vncviewer:1


and I am getting:
   "the filename, directory name, or volume label syntax is incorrect"

I would prefer to "add the client" once I establish the reverse connection via SSH, so I tried to 

Add Client -- at work
typed in 12.13.14.15::5900   

and 12.13.14.15::5901     both got an error msg   "Failed to connect to listening VNC Viewer"

now, about enabling the Reverse Connection at my "Home".....would it not be a "default" because when I initiate the Reverse SSH Connection it looks like it worked perfectly..at Work...I can see my "Home" dos prompt and with no error Msgs being displayed about the connection....I am using ...OPENSSH  ... 


> Karim Jessani - Data Migration - ISDM
> Ministry of Community and Social Services 
> Family Responsibility Office
> 1201 Wilson Ave, Bldg. B, 4th Floor
> Downsview, ON  M3M 1J8
> Tel - 416-243-1900 X 7017
> Fax -  416-240-3638
> Email - Karim.Jessani "at" css.gov.on.ca


-----Original Message-----
From: James Weatherall [mailto:jnw "at" realvnc.com]
Sent: December 9, 2005 12:22 PM
To: Jessani, Karim (CSS); vnc-list "at" realvnc.com
Subject: RE: Reverse Tunnelling -- SSH - Then VNC -- Question


Karim,

Sorry, my mistake.  The -L should be a -R.  The reverse tunnels need to be
enabled at home, not at work.  -R tells ssh to request that a reverse tunnel
will be made, but the ssh server on your home computer will almost certainly
refuse to unless you've explicitly enabled reverse tunnels, because of the
security risk.

Regards,

Wez @ RealVNC Ltd.
 

> -----Original Message-----
> From: Jessani, Karim (CSS) [mailto:Karim.Jessani "at" css.gov.on.ca] 
> Sent: 09 December 2005 17:09
> To: James Weatherall; vnc-list "at" realvnc.com
> Subject: RE: Reverse Tunnelling -- SSH - Then VNC -- Question
> 
> There is still no -R command in the SSH command line you gave 
> me...its okay right ???
> 2nd thing..how to "Enable" Reverse SSH Tunnels at work ?...is 
> there a Config file to edit? I was under the impression by 
> just putting the -R command, this will enable a Reverse Tunnel?
> 
> 
> THANKS
> Karim 
> 
> -----Original Message-----
> From: James Weatherall [mailto:jnw "at" realvnc.com]
> Sent: December 9, 2005 12:03 PM
> To: Jessani, Karim (CSS); vnc-list "at" realvnc.com
> Subject: RE: Reverse Tunnelling -- SSH - Then VNC -- Question
> 
> 
> Karim,
> 
> When you said "reverse connection", I assumed you meant a VNC
> reverse-connection (i.e. one made by a server to a viewer).
> 
> For what you want, you need to run, from work:
> 
> ssh -L5901:localhost:5900 12.13.14.15
> 
> And then, when you are at home & have triggered the ssh command:
> 
> vncviewer :1
> 
> Which will connect to your home PC's port 5901 and through 
> the tunnel to
> port 5900 on your server at work.
> 
> Note that you must have SSH reverse-tunnels enabled for this 
> to work, which
> they're almost certainly not by default.
> 
> Cheers,
> 
> Wez @ RealVNC Ltd.
> 
> 
> > -----Original Message-----
> > From: vnc-list-admin "at" realvnc.com 
> > [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Jessani, 
> Karim (CSS)
> > Sent: 09 December 2005 15:21
> > To: vnc-list "at" realvnc.com
> > Subject: RE: Reverse Tunnelling -- SSH - Then VNC -- Question
> > 
> > Sorry..this is what I want....Port 22 is the only "Open" port 
> > at "work" so, thats why I can only use SSH to connect to 
> > "HOME", now...what I do is send an email to myself at work 
> > from home and a macro opens up VNC to add a "client" and thus 
> > enabling me to connect to work from Home..(thats why I need 
> > to use the Reverse Tunnel Option)...
> > I can already establish my SSH Connection from Work to Home, 
> > but now I need a reverse so that when I am at Home, using SSH 
> > to tunnel, then VNC to control the work computer...my 
> > properties for VNC are set at auto, so Port 5900 (Main) and 
> > Port 5800 (Http)....somehow I need to use the port 22 for my 
> > connection back to Work from Home...
> > 
> > 
> > Thanks ALOT
> >  Karim  
> > 
> > -----Original Message-----
> > From: James Weatherall [mailto:jnw "at" realvnc.com]
> > Sent: December 9, 2005 10:13 AM
> > To: Jessani, Karim (CSS); vnc-list "at" realvnc.com
> > Subject: RE: Reverse Tunnelling -- SSH - Then VNC -- Question
> > 
> > 
> > Karim,
> > 
> > The problem you have is that you are telling ssh to forward 
> > connections to
> > port 5900 on the ssh server machine to port 6500 on the ssh 
> > client machine,
> > and are then telling VNC Server to connect to port 6500 or 5500.
> > 
> > Assuming that what you are actually trying to do is connect 
> > from work to
> > home via SSH, then connect out from work to a listening 
> > viewer running at
> > home, you probably want:
> > 
> > ssh -L 5501:localhost:5500 12.13.14.15 
> > 
> > And then connect VNC Server out to it with:
> > 
> > winvnc4 -connect localhost::5501
> > 
> > This will cause your work desktop to display on your home 
> > system, assuming
> > that a listening viewer is running on port 5500 on that system.
> > 
> > But I'm not sure that that's what you mean..
> > 
> > Wez @ RealVNC Ltd.
> > 
> > 
> > > -----Original Message-----
> > > From: vnc-list-admin "at" realvnc.com 
> > > [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Jessani, 
> > Karim (CSS)
> > > Sent: 09 December 2005 14:20
> > > To: vnc-list "at" realvnc.com
> > > Subject: Reverse Tunnelling -- SSH - Then VNC -- Question
> > > 
> > > I have installed and running an SSH Server at "work"  ...only 
> > > port 22 is open...
> > > installed VNC viewer and server at work and home
> > > 
> > > now I can connect to "home" using SSH ..but how to do a 
> > > "reverse" connection back to work and with that connect to 
> > > "work" using VNC
> > > 
> > > so I did the following:
> > > ssh -R 5900:127.0.0.1:6500 12.13.14.15
> > > 
> > > I can then connect perfectly..BUT...
> > > 
> > > with RealVNC I add a new client (at work, while the listener 
> > > is running at home) -> i type the following
> > > Localhost::6500 -- does not work
> > > localhost::5500 -- does not work
> > > 
> > > 127.0.0.1::5500 -- infinite loop of windows
> > > 
> > > Anyone know what the heck I am doing wrong???
> > > The issue I have is that port 22 is the only one open so I 
> > > need to use that as the "Forwarding" port from Home back 
> to Work....
> > > 
> > > THANKS ALOT 
> > > __________________
> > > Karim J 
> > > _______________________________________________
> > > VNC-List mailing list
> > > VNC-List "at" realvnc.com
> > > To remove yourself from the list visit:
> > > http://www.realvnc.com/mailman/listinfo/vnc-list
> > _______________________________________________
> > VNC-List mailing list
> > VNC-List "at" realvnc.com
> > To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list