On Mon 15 Feb 2010 16:08:23 NZDT +1300, Nick Rout wrote: > At work: windows computer which runs putty and vnc server. > > At home: linux machines, one running openssh server. > > Therefore I can only initiate ssh from the office end.
Correct. > I can easily use putty to enable access to web servers on the home > machine, but can I set something up so that I can connect to the vnc > server on the office machine from a vnc client at home? Is it as > simple as connecting port 5900 on the windows machine to a defined > port, say 2000, on the openssh server at home? > > Or does a tunnel like that have to be opened from the other end? No, and yes you can. ssh is one of the more subversive protocols around ;) I use *ix terminology here, you can sort putty out accordingly. ssh -L ... will establish a listener (start with localhost) and forward connection attempts to the other side. What you want is ssh -R ... which establish a listener on the other side, forwarding connections to the host which has the ssh client running on it. Reality is a tad more complicated, you do not have to use the ssh client or server hosts, you can also use a host on the respective LAN. There is no limit to the number of these tunnels you can establish, but you have to establish them when the ssh client connects to the server. And the really nifty thing is: no need to worry about any firewalls. If you can establish a connection from the ssh client to the server, you can tunnel back any connection from programs on the server host to any host on the client's LAN which the client can connect to. The tunnel data is going over the originally established connection. Use with caution. In putty this should be somewhere under the tunneling setting. Be aware that some ssh clients may have bugs which make tunnel operation not entirely reliable, in particular when X11 protocols are forwarded. And remember to crank up putty before you go home... (Plan B would be to place a barebones Linux machine with a LAN connection in your desk's bottom drawer.) Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
