I know how to do this with the Windows server but I have not found a switch on
the Linux server to cover that. Can you expand on how to do this?
As Jay Freeman suggested to me privately, my problem is not restricted to
VNC port forwarding. No other ports seem to work either. I agree with him on
this one and will pursue the issue on an SSH list.
For the list:
1. I suspect it may be a conflict with my older Linux Mandrake
configuration although I do not think so. Such conflicts would have been
reported long ago.
2. Another possibility is that my firewall (ipchains on the
Linux server) stops the forwarding. Does anyone have any
ideas on which ipchain rule must be enabled (on not
disabled) to ensure the ssh port forwarding works? I have checked the obvious
58xx and 59xx series but all this work directly anyway. Anyone know if ssh
uses some other ports for redirection?
3. The suggestion from Michael to check for
loopback is also possible. Once I figure out how to allow loopback on the
linux server, I will report to the list with the results.
Serge.
On Wed, 20 Dec
2000, you wrote: > Did you enable "Allow Loopback"? >
> -ME
>
> ----- Original Message -----
> From: "Serge Dutremble" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, December 20, 2000 1:02 PM
> Subject: Re: VNC and SSH
>
>
> > My goal is NOT to use the java client.
> >
> > OK. I tried this and got again the same error:
> >
> > I did:
> > 1. "ssh -L 5910:RemoteServerIP:5902 RemoteServerIP"
> >
> > 2. got validated by SSH.
> >
> > 3. on a separate terminal, I did "vncviewer localhost:10"
> >
> > 4. got the "bla bla" error on the ssh server window
> >
> > 5. got a "vncviewer: vncserver closed connection" message on the client
> window.
> >
> > I have the same result when using the vnc from orl and the tight encoder
> > version with the -tunnel switch.
> >
> > I seem to get the connection but it fails because the "channel" can not be
> > opened. I do not know why. Note that I seem NOT to be able to redirect
> ANY
> > ports so this may not be a vnc problem but a ssh problem after all.
> >
> > Now, although I am not pursuing the java client connection at this time, I
> do
> > not think your method would actually connect to the java server if you use
> the
> > command http://remotehost:5902 This seems to me to be just a straight
> > connection to the remote java vnc server without even using the ssh
> tunnel.
> >
> > If I do that command without even bothering with the ssh redirection, I do
> get
> > the response from the server as expected. Did you jsut do a type there or
> am I
> > just confused.
> >
> >
> > Serge.
> >
> >
> > On Wed, 20 Dec 2000, you wrote:
> > > Is your goal to use the java client from a web browser? If not, let's
> > > abandon that line of thinking now.
> > >
> > > First of all, find out what port VNC Server is running on. Make sure
> that
> > > "Allow Loopback" is enabled.
> > > >From the client, run "ssh -L 5920:localhost:5902 remotehost" This
> assumes
> > > that VNC Server is running on port 5902 on the remote host. Also,
> > > localhost, in this context, is referring to "localhost" from the SSH
> > > Server's point of view... meaning: itself. Now, connect, from the
> client,
> > > to localhost:20 using the vncviewer.
> > >
> > > Now, if your goal _IS_ to use the java client from a web browser, make
> sure
> > > that 1. VNC Server _IS_ running on 5902. Also make sure that nothing is
> > > running on the client machine on ports 5902 or 5802. Now, make your ssh
> > > connection like this: ssh -L 5902:localhost:5902 -L 5802:localhost:5802
> > > remotehost. Next, use your web browser and connect to
> > > http://remotehost:5802/. Bingo.
> > >
> > > -ME
> > >
> > > ----- Original Message -----
> > > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, December 20, 2000 10:30 AM
> > > Subject: Re: VNC and SSH
> > >
> > >
> > > > OK I tried this and, as I thought, it did not work. I believe this is
> the
> > > > reason:
> > > >
> > > > How will my localhost web server know what a remore web server (on
> another
> > > > port) runs?
> > > >
> > > > If we use the second vnc x-display as an example:
> > > > The java apps run on the remote host at port 5802. SSH forwards port
> 5902
> > > to
> > > > remotehost:5902. Remotehost may know that the java vnc runs on port
> 5802
> > > but
> > > > my localhost can never find this out as I try http://localhost:5802!
> > > > http://localhost:5902 will not work either as per the vnc
> documentation (I
> > > > tried it anyway). I get a server not found error in netscape and the
> page
> > > is
> > > > redirected to a search engine.
> > > >
> > > > If I forward local port 5902 to remote port 5802, I get a netscape
> error
> > > telling
> > > > me I have a "network error: broken pipe". The ssh verbose tells me
> the
> > > same
> > > > "bla bla" message.
> > > >
> > > > If I go directly to remoteport:5802, I get the vnc java application
> > > > (unencrypted, naturally).
> > > >
> > > > I have verified my version of ssh as follow:
> > > >
> > > > remote host runs Linux Mandrake 6.2 with:
> > > > SSH Version OpenSSH_2.1.1 Protocol version 1.5/2.0 compiled with SSL
> > > > (0x0090581f)
> > > >
> > > > local host runs Linux RedHat 7.0 with:
> > > > SSH Version OpenSSH_2.2.0p1 protocol version 1.5/2.0 compiled with SSL
> > > > (0x0090581f)
> > > >
> > > > ssh_config and sshd_config files on both workstations are the same.
> > > >
> > > > Any more ideas?
> > > >
> > > > Serge
> > > >
> > > > On Wed, 20 Dec 2000, you wrote: > Two thoughts:
> > > > >
> > > > > 1. If you are run VNC Server on the same host as SSHD (which it
> appears
> > > you
> > > > > are), you have to enable "Loopback" connections with VNC. Because
> of
> > > the
> > > > > SSH tunnel, the VNC server sees that the connection is coming from
> the
> > > SSHD
> > > > > server. If they're the same host, it is a loopback connection.
> > > > >
> > > > > 2. If you are planning on using the Java viewer, you have to run
> VNC on
> > > the
> > > > > remote server on the same port you want to use for the redirection.
> > > > > For example:
> > > > > You run VNC Server on port 5920 (so HTTP server runs on port
> 5820).
> > > You
> > > > > make your ssh connection with "ssh -L 5920:remote_ip:5920 remote_ip"
> and
> > > > > then connection to http://localhost:5820/.
> > > > > The reasoning behind this is: the HTTP server that serves up the
> Java
> > > applet
> > > > > "knows" that VNC Server is running on a port 100 more than itself
> (5820
> > > +
> > > > > 100 = 5920). If you are proxying the HTTP port as something like
> 5825,
> > > the
> > > > > server still sees that it is running on port 5820 even though the
> client
> > > > > sees it as running on port 5825. The client is expecting (because
> you
> > > > > proxied it that way with SSH) the VNC Server to be running on port
> 5925,
> > > but
> > > > > the Java applet will be redirected to port 5920 because that's what
> the
> > > HTTP
> > > > > server "knows" VNC to be running on. Since you haven't proxied port
> > > 5920,
> > > > > but 5925, it will not work.
> > > > >
> > > > > I know that's a weird concept to explain. If it doesn't make sense,
> let
> > > me
> > > > > know.
> > > > >
> > > > > Mike Erdely
> > > > > mailto:[EMAIL PROTECTED]
> > > > > http://mike.erdelynet.com/
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Monday, December 18, 2000 1:22 PM
> > > > > Subject: VNC and SSH
> > > > >
> > > > >
> > > > > > I have been attempting to use VNC through SSH for a few weeks with
> no
> > > > > results.
> > > > > >
> > > > > > Some responses from the list have suggested I should redirect both
> the
> > > > > 58XX and
> > > > > > 59XX ports in order to get it to work but I get the same result.
> The
> > > > > > instructions in the VNC documentation do not suggest it may be
> > > necessary
> > > > > at all
> > > > > > anyway. I think I have to redirect port 59XX is I use the vnc
> viewer
> > > and
> > > > > port
> > > > > > 58XX if I want to use the http java viewer. I am not attemting to
> use
> > > > > both at
> > > > > > this time but would just like to get at least one going.
> > > > > >
> > > > > > I try the following on a Linux RH 7.0 workstation:
> > > > > >
> > > > > > ssh -L 5910:remote_ip:5901 remote_ip
> > > > > > I get validated by remote_ip (a Mandrake 6.2 workstation)
> > > > > >
> > > > > > Then I try on another terminal window:
> > > > > > vncviewer localhost:10
> > > > > >
> > > > > > I get a "vncviewer: VNC server closed connection" message locally
> > > while I
> > > > > get a
> > > > > > "channel_open_failure: 2: reason 1: bla bla" message on remote_ip.
> > > > > >
> > > > > > The command vncviewer remote_ip:1 works fine (but naturrally not
> > > > > encrypted).
> > > > > >
> > > > > > Doesn't make much sense to me.
> > > > > >
> > > > > > Can anyone help?
> > > > > >
> > > > > > Serge.
> > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > > > to [EMAIL PROTECTED]
> > > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > > >
> > ---------------------------------------------------------------------
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > > to [EMAIL PROTECTED]
> > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > >
> > ---------------------------------------------------------------------
> > > > > ____________________________________________________________
> > > > > Get your free domain name and domain-based e-mail from
> > > > > Namezero.com. New! Namezero Plus domains now available.
> > > > > Find out more at: http://www.namezero.com
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > to [EMAIL PROTECTED]
> > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > > ---------------------------------------------------------------------
> > > ---------------------------------------------------------------------
> > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > to [EMAIL PROTECTED]
> > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > ---------------------------------------------------------------------
> > > ____________________________________________________________
> > > Get your free domain name and domain-based e-mail from
> > > Namezero.com. New! Namezero Plus domains now available.
> > > Find out more at: http://www.namezero.com
> > ---------------------------------------------------------------------
> > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > to [EMAIL PROTECTED]
> > See also: http://www.uk.research.att.com/vnc/intouch.html
> > ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ____________________________________________________________
> Get your free domain name and domain-based e-mail from
> Namezero.com. New! Namezero Plus domains now available.
> Find out more at: http://www.namezero.com
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
