Thanks, Lukas, I was aware of IPCop (running via VMWare) but not of copssh for Windows. The latter is probably much easier to handle (no VMWare and a running linux system necessary). I'll give it a try!
Best, Dieter On 28 Jan 2009 at 8:15, Wymann Lukas (W3L) wrote: From: "Wymann Lukas (W3L)" <[email protected]> To: "[email protected]" <[email protected]>, "[email protected]" <VNC- [email protected]> Date sent: Wed, 28 Jan 2009 08:15:15 +0100 Subject: AW: restrict access to server to a non- resolved address > Hi > > Why don't you "create" an ssh-tunnel from the user to your system and have vnc "travelling" inside this tunnel? > You can use for this the public-private-key authentication to establish that tunnel and in addition to that, you have the vnc traffic secured within that tunnel. So you wouldn't depend on how to restrict a user coming from a dynamic ip-address, since that user is already authenticated through ssh. > Tools to do this?! : copssh from a windows client to establish tunnel, vnc-viewer connects to localhost:5900 (for example) > Just an idea. > > Best regards > > Lukas > > Suva > Abteilung Informatik > Bereich System-Services > Lukas Wymann > Systemspezialist > Postfach 4358 > Rvsslimattstrasse 39 > 6002 Luzern > > > > > > Tel: 041 419 6478 > mailto: [email protected] > http://www.suva.ch > > -----Urspr|ngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] Im Auftrag von Dieter Blaas > Gesendet: Dienstag, 27. Januar 2009 19:19 > An: [email protected] > Betreff: restrict access to server to a non-resolved address > > Hi, > I already posted a similar question some time ago but the answers showed me that I was misunderstood. So, I am trying > again: > > I want to restrict, on the server side, access to a single user. > This user has a dynamic IP, which, by using dyndn.org, translates into xyz.dyndns.org. I know how to restict assess to a normal IP address but if I enter (in the server's setup dialog) an address like xyz.dyndns.org (instead of e.g. > 120.231.139.12) it does not accept it. Is there any way of doing this? > To be even more clear: I want that user xyz.dynds.org can access the server regardless which real IP it has at a given time. Maybe the free version cannot but presonal or enterprise can? > Thanks a lot for hints, Dieter > ------------------------------------------------------------------------ > Dieter Blaas, > Max F. Perutz Laboratories > Medical University of Vienna, > Inst. Med. Biochem., Vienna Biocenter (VBC), Dr. Bohr Gasse 9/3, A-1030 Vienna, Austria, > Tel: 0043 1 4277 61630, > Fax: 0043 1 4277 9616, > e-mail: [email protected] > ------------------------------------------------------------------------ > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list > > Disclaimer: > > Diese Nachricht und ihr eventuell angehdngte Dateien sind nur f|r den Adressaten bestimmt. Sie kann vertrauliche oder gesetzlich gesch|tzte Daten oder Informationen beinhalten. Falls Sie diese Nachricht irrt|mlich erreicht hat, bitten wir Sie hvflich, diese unter Ausschluss jeglicher Reproduktion zu lvschen und die absendende Person zu benachrichtigen. Danke f|r Ihre Hilfe. > > This message and any attached files are for the sole use of the recipient named above. It may contain confidential or legally protected data or information. If you have received this message in error, please delete it without making any copies whatsoever and notify the sender. Thank you for your assistance. > ------------------------------------------------------------------------ Dieter Blaas, Max F. Perutz Laboratories Medical University of Vienna, Inst. Med. Biochem., Vienna Biocenter (VBC), Dr. Bohr Gasse 9/3, A-1030 Vienna, Austria, Tel: 0043 1 4277 61630, Fax: 0043 1 4277 9616, e-mail: [email protected] ------------------------------------------------------------------------ _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
