Alex, I believe the soultion is to use "ssh -l administrator -L 5900:127.0.0.1:5900 -C PC2" with OpenSSH.
Best regards, Miro > -----Original Message----- > From: Alex Morris [mailto:[EMAIL PROTECTED]] > Sent: Wed, Jan 22, 2003 11:32 > To: VNC List > Subject: Stumped by loopback with SSH > > > Yesterday I managed to get VNC working over SSH. At least, I think I > did. Many thanks to the various pieces of documentation found on the > AT&T VNC site. > > I installed TightVNC 1.2.7 and OpenSSH for Windows 3.4.3 on > two Windows > machines, PC1 (Windows XP) and PC2 (Windows 2000). PC2 is the > PC running > OpenSSH as a service, and is the one I want to control with VNC > > On PC1 I issued the command > 'ssh -l administrator -L 5900:PC2:5900 -C PC2' > > After providing the appropriate password and getting a > command prompt I > launched VNC Viewer and told it to connect to 127.0.0.1. > After supplying > the session password I ended up with the display from PC2. TCPView - > http://www.sysinternals.com/ - seemed to confirm that, on PC2, > WINVNC.EXE was in fact connected to another port on the same > PC and, on > PC1, VNCVIEWER.EXE was connected to port 5900 on itself, which was > opened by SSH.EXE. > > Thus, I surmise that I got SSH working. Hurrah for me. > > Now I get confused. > > In its current configuration VNC will accept connections from > any other > machine on the network. I don't want this to be the case. I > want all VNC > traffic to come through an SSH tunnel first. I want the added > layer of > security provided by having to authenticate via SSH first. > > I thought that all I'd need to do, since the traffic appears to be > coming from the local host, is enable loopback connections and set > "Allow only loopback connections". This didn't work. I did not get > prompted for a password when launching VNC Viewer. TCPView showed a > connection to port 5900 (listened to by SSH) on PC1, but nothing else > happened. If I unticked "Allow only loopback connections" then I got > prompted for a password as normal. > > I have successfully managed to get this working using only loopback > connections using a commercial product - WinSSHD from > http://www.bitvise.com/ > > There are two components needed: WinSSHD itself and a > separate program > Tunnelier. WinSSHD can sit on any machine on the network, apparently, > and Tunnelier needs to be on every machine with a redirected port. > > I set up Tunnelier on PC1 to listen on port 5900 and redirect to > PC2:6000. I set up Tunnelier on PC2 to listen on port 6000 > and redirect > to 127.0.0.1:5900. I then told VNC Viewer to connect to 127.0.0.1 and > the traffic got redirected through to PC2 as desired. "Allow only > loopback connections" was selected. > > I don't know enough about OpenSSH to know how it compares to > WinSSHD and > Tunnelier, but the method used by WinSSHD makes me wonder: do > I need to > set up an SSH session on PC2 which listens on a particular > port and then > forwards it to 127.0.0.1:5900, instead of just forwarding > straight from > PC1 to PC2:5900? If so, how would I go about it? > > I've perused the various VNC/SSH pages I've managed to find > through the > AT&T site, but all I can see is information about using a third PC as > the SSH man-in-the-middle. I may have missed something; if so > then feel > free to catcall and jeer. > > Can anyone offer any suggestions, please? If necessary I'd pay for > WinSSHD but I'd much rather use OpenSSH. It's cheaper, for a > start. :-) > -- > Alex Morris > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
