Did you enable "Allow Loopback"?
-ME
----- Original Message -----
From: "Serge Dutremble" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 20, 2000 1:02 PM
Subject: Re: VNC and SSH
> My goal is NOT to use the java client.
>
> OK. I tried this and got again the same error:
>
> I did:
> 1. "ssh -L 5910:RemoteServerIP:5902 RemoteServerIP"
>
> 2. got validated by SSH.
>
> 3. on a separate terminal, I did "vncviewer localhost:10"
>
> 4. got the "bla bla" error on the ssh server window
>
> 5. got a "vncviewer: vncserver closed connection" message on the client
window.
>
> I have the same result when using the vnc from orl and the tight encoder
> version with the -tunnel switch.
>
> I seem to get the connection but it fails because the "channel" can not be
> opened. I do not know why. Note that I seem NOT to be able to redirect
ANY
> ports so this may not be a vnc problem but a ssh problem after all.
>
> Now, although I am not pursuing the java client connection at this time, I
do
> not think your method would actually connect to the java server if you use
the
> command http://remotehost:5902 This seems to me to be just a straight
> connection to the remote java vnc server without even using the ssh
tunnel.
>
> If I do that command without even bothering with the ssh redirection, I do
get
> the response from the server as expected. Did you jsut do a type there or
am I
> just confused.
>
>
> Serge.
>
>
> On Wed, 20 Dec 2000, you wrote:
> > Is your goal to use the java client from a web browser? If not, let's
> > abandon that line of thinking now.
> >
> > First of all, find out what port VNC Server is running on. Make sure
that
> > "Allow Loopback" is enabled.
> > >From the client, run "ssh -L 5920:localhost:5902 remotehost" This
assumes
> > that VNC Server is running on port 5902 on the remote host. Also,
> > localhost, in this context, is referring to "localhost" from the SSH
> > Server's point of view... meaning: itself. Now, connect, from the
client,
> > to localhost:20 using the vncviewer.
> >
> > Now, if your goal _IS_ to use the java client from a web browser, make
sure
> > that 1. VNC Server _IS_ running on 5902. Also make sure that nothing is
> > running on the client machine on ports 5902 or 5802. Now, make your ssh
> > connection like this: ssh -L 5902:localhost:5902 -L 5802:localhost:5802
> > remotehost. Next, use your web browser and connect to
> > http://remotehost:5802/. Bingo.
> >
> > -ME
> >
> > ----- Original Message -----
> > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 20, 2000 10:30 AM
> > Subject: Re: VNC and SSH
> >
> >
> > > OK I tried this and, as I thought, it did not work. I believe this is
the
> > > reason:
> > >
> > > How will my localhost web server know what a remore web server (on
another
> > > port) runs?
> > >
> > > If we use the second vnc x-display as an example:
> > > The java apps run on the remote host at port 5802. SSH forwards port
5902
> > to
> > > remotehost:5902. Remotehost may know that the java vnc runs on port
5802
> > but
> > > my localhost can never find this out as I try http://localhost:5802!
> > > http://localhost:5902 will not work either as per the vnc
documentation (I
> > > tried it anyway). I get a server not found error in netscape and the
page
> > is
> > > redirected to a search engine.
> > >
> > > If I forward local port 5902 to remote port 5802, I get a netscape
error
> > telling
> > > me I have a "network error: broken pipe". The ssh verbose tells me
the
> > same
> > > "bla bla" message.
> > >
> > > If I go directly to remoteport:5802, I get the vnc java application
> > > (unencrypted, naturally).
> > >
> > > I have verified my version of ssh as follow:
> > >
> > > remote host runs Linux Mandrake 6.2 with:
> > > SSH Version OpenSSH_2.1.1 Protocol version 1.5/2.0 compiled with SSL
> > > (0x0090581f)
> > >
> > > local host runs Linux RedHat 7.0 with:
> > > SSH Version OpenSSH_2.2.0p1 protocol version 1.5/2.0 compiled with SSL
> > > (0x0090581f)
> > >
> > > ssh_config and sshd_config files on both workstations are the same.
> > >
> > > Any more ideas?
> > >
> > > Serge
> > >
> > > On Wed, 20 Dec 2000, you wrote: > Two thoughts:
> > > >
> > > > 1. If you are run VNC Server on the same host as SSHD (which it
appears
> > you
> > > > are), you have to enable "Loopback" connections with VNC. Because
of
> > the
> > > > SSH tunnel, the VNC server sees that the connection is coming from
the
> > SSHD
> > > > server. If they're the same host, it is a loopback connection.
> > > >
> > > > 2. If you are planning on using the Java viewer, you have to run
VNC on
> > the
> > > > remote server on the same port you want to use for the redirection.
> > > > For example:
> > > > You run VNC Server on port 5920 (so HTTP server runs on port
5820).
> > You
> > > > make your ssh connection with "ssh -L 5920:remote_ip:5920 remote_ip"
and
> > > > then connection to http://localhost:5820/.
> > > > The reasoning behind this is: the HTTP server that serves up the
Java
> > applet
> > > > "knows" that VNC Server is running on a port 100 more than itself
(5820
> > +
> > > > 100 = 5920). If you are proxying the HTTP port as something like
5825,
> > the
> > > > server still sees that it is running on port 5820 even though the
client
> > > > sees it as running on port 5825. The client is expecting (because
you
> > > > proxied it that way with SSH) the VNC Server to be running on port
5925,
> > but
> > > > the Java applet will be redirected to port 5920 because that's what
the
> > HTTP
> > > > server "knows" VNC to be running on. Since you haven't proxied port
> > 5920,
> > > > but 5925, it will not work.
> > > >
> > > > I know that's a weird concept to explain. If it doesn't make sense,
let
> > me
> > > > know.
> > > >
> > > > Mike Erdely
> > > > mailto:[EMAIL PROTECTED]
> > > > http://mike.erdelynet.com/
> > > >
> > > > ----- Original Message -----
> > > > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, December 18, 2000 1:22 PM
> > > > Subject: VNC and SSH
> > > >
> > > >
> > > > > I have been attempting to use VNC through SSH for a few weeks with
no
> > > > results.
> > > > >
> > > > > Some responses from the list have suggested I should redirect both
the
> > > > 58XX and
> > > > > 59XX ports in order to get it to work but I get the same result.
The
> > > > > instructions in the VNC documentation do not suggest it may be
> > necessary
> > > > at all
> > > > > anyway. I think I have to redirect port 59XX is I use the vnc
viewer
> > and
> > > > port
> > > > > 58XX if I want to use the http java viewer. I am not attemting to
use
> > > > both at
> > > > > this time but would just like to get at least one going.
> > > > >
> > > > > I try the following on a Linux RH 7.0 workstation:
> > > > >
> > > > > ssh -L 5910:remote_ip:5901 remote_ip
> > > > > I get validated by remote_ip (a Mandrake 6.2 workstation)
> > > > >
> > > > > Then I try on another terminal window:
> > > > > vncviewer localhost:10
> > > > >
> > > > > I get a "vncviewer: VNC server closed connection" message locally
> > while I
> > > > get a
> > > > > "channel_open_failure: 2: reason 1: bla bla" message on remote_ip.
> > > > >
> > > > > The command vncviewer remote_ip:1 works fine (but naturrally not
> > > > encrypted).
> > > > >
> > > > > Doesn't make much sense to me.
> > > > >
> > > > > Can anyone help?
> > > > >
> > > > > Serge.
> > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > > to [EMAIL PROTECTED]
> > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > >
> ---------------------------------------------------------------------
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > to [EMAIL PROTECTED]
> > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > >
> ---------------------------------------------------------------------
> > > > ____________________________________________________________
> > > > Get your free domain name and domain-based e-mail from
> > > > Namezero.com. New! Namezero Plus domains now available.
> > > > Find out more at: http://www.namezero.com
> > > ---------------------------------------------------------------------
> > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > to [EMAIL PROTECTED]
> > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > ---------------------------------------------------------------------
> > ---------------------------------------------------------------------
> > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > to [EMAIL PROTECTED]
> > See also: http://www.uk.research.att.com/vnc/intouch.html
> > ---------------------------------------------------------------------
> > ____________________________________________________________
> > Get your free domain name and domain-based e-mail from
> > Namezero.com. New! Namezero Plus domains now available.
> > Find out more at: http://www.namezero.com
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
