Re: VNC and SSH

Erdely, Michael Thu, 21 Dec 2000 07:06:25 -0800
Well... I have to be honest with you, I haven't worked with the Linux
version of VNC Server for a while.  And not with SSH.  Maybe it is enabled
by default.  Then, I'm not sure why it isn't working.

-ME

----- Original Message -----
From: "Serge Dutremble" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 21, 2000 8:42 AM
Subject: Re: VNC and SSH


> I know how to do this with the Windows server but I have not found a
switch on
> the Linux server to cover that.  Can you expand on how to do this?
>
> As Jay Freeman suggested to me privately, my problem is not restricted to
> VNC port forwarding.  No other ports seem to work either.  I agree with
him on
> this one and will pursue the issue on an SSH list.
>
> For the list:
>
> 1.  I suspect it may be a conflict with my older Linux Mandrake
> configuration although I do not think so.  Such conflicts would have been
> reported long ago.
>
> 2.  Another possibility is that my firewall (ipchains on the
> Linux server) stops the forwarding.  Does anyone have any
> ideas on which ipchain rule must be enabled (on not
> disabled) to ensure the ssh port forwarding works?  I have checked the
obvious
> 58xx and 59xx series but all this work directly anyway.  Anyone know if
ssh
> uses some other ports for redirection?
>
>
> 3.  The suggestion from Michael to check for
> loopback is also possible.  Once I figure out how to allow loopback on the
> linux server, I will report to the list with the results.
>
> Serge.
>
> On Wed, 20 Dec
> 2000, you wrote: > Did you enable "Allow Loopback"? >
> > -ME
> >
> > ----- Original Message -----
> > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 20, 2000 1:02 PM
> > Subject: Re: VNC and SSH
> >
> >
> > > My goal is NOT to use the java client.
> > >
> > > OK.  I tried this and got again the same error:
> > >
> > > I did:
> > > 1.  "ssh -L 5910:RemoteServerIP:5902 RemoteServerIP"
> > >
> > > 2.  got validated by SSH.
> > >
> > > 3.  on a separate terminal, I did "vncviewer localhost:10"
> > >
> > > 4.  got the "bla bla" error on the ssh server window
> > >
> > > 5.  got a "vncviewer: vncserver closed connection" message on the
client
> > window.
> > >
> > > I have the same result when using the vnc from orl and the tight
encoder
> > > version with the -tunnel switch.
> > >
> > > I seem to get the connection but it fails because the "channel" can
not be
> > > opened.  I do not know why.  Note that I seem NOT to be able to
redirect
> > ANY
> > > ports so this may not be a vnc problem but a ssh problem after all.
> > >
> > > Now, although I am not pursuing the java client connection at this
time, I
> > do
> > > not think your method would actually connect to the java server if you
use
> > the
> > > command http://remotehost:5902   This seems to me to be just a
straight
> > > connection to the remote java vnc server without even using the ssh
> > tunnel.
> > >
> > > If I do that command without even bothering with the ssh redirection,
I do
> > get
> > > the response from the server as expected.  Did you jsut do a type
there or
> > am I
> > > just confused.
> > >
> > >
> > > Serge.
> > >
> > >
> > > On Wed, 20 Dec 2000, you wrote:
> > > > Is your goal to use the java client from a web browser?  If not,
let's
> > > > abandon that line of thinking now.
> > > >
> > > > First of all, find out what port VNC Server is running on.  Make
sure
> > that
> > > > "Allow Loopback" is enabled.
> > > > >From the client, run "ssh -L 5920:localhost:5902 remotehost"  This
> > assumes
> > > > that VNC Server is running on port 5902 on the remote host.  Also,
> > > > localhost, in this context, is referring to "localhost" from the SSH
> > > > Server's point of view... meaning: itself.  Now, connect, from the
> > client,
> > > > to localhost:20 using the vncviewer.
> > > >
> > > > Now, if your goal _IS_ to use the java client from a web browser,
make
> > sure
> > > > that 1. VNC Server _IS_ running on 5902.  Also make sure that
nothing is
> > > > running on the client machine on ports 5902 or 5802.  Now, make your
ssh
> > > > connection like this: ssh -L 5902:localhost:5902 -L
5802:localhost:5802
> > > > remotehost.  Next, use your web browser and connect to
> > > > http://remotehost:5802/.  Bingo.
> > > >
> > > > -ME
> > > >
> > > > ----- Original Message -----
> > > > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Wednesday, December 20, 2000 10:30 AM
> > > > Subject: Re: VNC and SSH
> > > >
> > > >
> > > > > OK I tried this and, as I thought, it did not work.  I believe
this is
> > the
> > > > > reason:
> > > > >
> > > > > How will my localhost web server know what a remore web server (on
> > another
> > > > > port) runs?
> > > > >
> > > > > If we use the second vnc x-display as an example:
> > > > > The java apps run on the remote host at port 5802.  SSH forwards
port
> > 5902
> > > > to
> > > > > remotehost:5902.  Remotehost may know that the java vnc runs on
port
> > 5802
> > > > but
> > > > > my localhost can never find this out as I try
http://localhost:5802!
> > > > > http://localhost:5902 will not work either as per the vnc
> > documentation (I
> > > > > tried it anyway).  I get a server not found error in netscape and
the
> > page
> > > > is
> > > > > redirected to a search engine.
> > > > >
> > > > > If I forward local port 5902 to remote port 5802, I get a netscape
> > error
> > > > telling
> > > > > me I have a "network error: broken pipe".  The ssh verbose tells
me
> > the
> > > > same
> > > > > "bla bla" message.
> > > > >
> > > > > If I go directly to remoteport:5802, I get the vnc java
application
> > > > > (unencrypted, naturally).
> > > > >
> > > > >  I have verified my version of ssh as follow:
> > > > >
> > > > > remote host runs Linux Mandrake 6.2 with:
> > > > > SSH Version OpenSSH_2.1.1 Protocol version 1.5/2.0 compiled with
SSL
> > > > > (0x0090581f)
> > > > >
> > > > > local host runs Linux RedHat 7.0 with:
> > > > > SSH Version OpenSSH_2.2.0p1 protocol version 1.5/2.0 compiled with
SSL
> > > > > (0x0090581f)
> > > > >
> > > > > ssh_config and sshd_config files on both workstations are the
same.
> > > > >
> > > > > Any more ideas?
> > > > >
> > > > > Serge
> > > > >
> > > > >  On Wed, 20 Dec 2000, you wrote: > Two thoughts:
> > > > > >
> > > > > > 1.  If you are run VNC Server on the same host as SSHD (which it
> > appears
> > > > you
> > > > > > are), you have to enable "Loopback" connections with VNC.
Because
> > of
> > > > the
> > > > > > SSH tunnel, the VNC server sees that the connection is coming
from
> > the
> > > > SSHD
> > > > > > server.  If they're the same host, it is a loopback connection.
> > > > > >
> > > > > > 2.  If you are planning on using the Java viewer, you have to
run
> > VNC on
> > > > the
> > > > > > remote server on the same port you want to use for the
redirection.
> > > > > > For example:
> > > > > >   You run VNC Server on port 5920 (so HTTP server runs on port
> > 5820).
> > > > You
> > > > > > make your ssh connection with "ssh -L 5920:remote_ip:5920
remote_ip"
> > and
> > > > > > then connection to http://localhost:5820/.
> > > > > > The reasoning behind this is: the HTTP server that serves up the
> > Java
> > > > applet
> > > > > > "knows" that VNC Server is running on a port 100 more than
itself
> > (5820
> > > > +
> > > > > > 100 = 5920).  If you are proxying the HTTP port as something
like
> > 5825,
> > > > the
> > > > > > server still sees that it is running on port 5820 even though
the
> > client
> > > > > > sees it as running on port 5825.  The client is expecting
(because
> > you
> > > > > > proxied it that way with SSH) the VNC Server to be running on
port
> > 5925,
> > > > but
> > > > > > the Java applet will be redirected to port 5920 because that's
what
> > the
> > > > HTTP
> > > > > > server "knows" VNC to be running on.  Since you haven't proxied
port
> > > > 5920,
> > > > > > but 5925, it will not work.
> > > > > >
> > > > > > I know that's a weird concept to explain.  If it doesn't make
sense,
> > let
> > > > me
> > > > > > know.
> > > > > >
> > > > > > Mike Erdely
> > > > > > mailto:[EMAIL PROTECTED]
> > > > > > http://mike.erdelynet.com/
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Serge Dutremble" <[EMAIL PROTECTED]>
> > > > > > To: <[EMAIL PROTECTED]>
> > > > > > Sent: Monday, December 18, 2000 1:22 PM
> > > > > > Subject: VNC and SSH
> > > > > >
> > > > > >
> > > > > > > I have been attempting to use VNC through SSH for a few weeks
with
> > no
> > > > > > results.
> > > > > > >
> > > > > > > Some responses from the list have suggested I should redirect
both
> > the
> > > > > > 58XX and
> > > > > > > 59XX ports in order to get it to work but I get the same
result.
> > The
> > > > > > > instructions in the VNC documentation do not suggest it may be
> > > > necessary
> > > > > > at all
> > > > > > > anyway.  I think I have to redirect port 59XX is I use the vnc
> > viewer
> > > > and
> > > > > > port
> > > > > > > 58XX if I want to use the http java viewer.  I am not
attemting to
> > use
> > > > > > both at
> > > > > > > this time but would just like to get at least one going.
> > > > > > >
> > > > > > > I try the following on a Linux RH 7.0 workstation:
> > > > > > >
> > > > > > > ssh -L 5910:remote_ip:5901 remote_ip
> > > > > > > I get validated by remote_ip (a Mandrake 6.2 workstation)
> > > > > > >
> > > > > > > Then I try on another terminal window:
> > > > > > > vncviewer localhost:10
> > > > > > >
> > > > > > > I get a "vncviewer: VNC server closed connection" message
locally
> > > > while I
> > > > > > get a
> > > > > > > "channel_open_failure: 2: reason 1: bla bla" message on
remote_ip.
> > > > > > >
> > > > > > > The command vncviewer remote_ip:1 works fine (but naturrally
not
> > > > > > encrypted).
> > > > > > >
> > > > > > > Doesn't make much sense to me.
> > > > > > >
> > > > > > > Can anyone help?
> > > > > > >
> > > > > > > Serge.
> > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, send a message with the line: unsubscribe
vnc-list
> > > > > > > to [EMAIL PROTECTED]
> > > > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > > > >
> > > ---------------------------------------------------------------------
> > > > >
> > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, send a message with the line: unsubscribe
vnc-list
> > > > > > to [EMAIL PROTECTED]
> > > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > > >
> > > ---------------------------------------------------------------------
> > > > > > ____________________________________________________________
> > > > > > Get your free domain name and domain-based e-mail from
> > > > > > Namezero.com. New!  Namezero Plus domains now available.
> > > > > > Find out more at: http://www.namezero.com
> > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > > to [EMAIL PROTECTED]
> > > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > >
> ---------------------------------------------------------------------
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > > to [EMAIL PROTECTED]
> > > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > >
> ---------------------------------------------------------------------
> > > > ____________________________________________________________
> > > > Get your free domain name and domain-based e-mail from
> > > > Namezero.com. New!  Namezero Plus domains now available.
> > > > Find out more at: http://www.namezero.com
> > > ---------------------------------------------------------------------
> > > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > > to [EMAIL PROTECTED]
> > > See also: http://www.uk.research.att.com/vnc/intouch.html
> > > ---------------------------------------------------------------------
> > ---------------------------------------------------------------------
> > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > to [EMAIL PROTECTED]
> > See also: http://www.uk.research.att.com/vnc/intouch.html
> > ---------------------------------------------------------------------
> > ____________________________________________________________
> > Get your free domain name and domain-based e-mail from
> > Namezero.com. New!  Namezero Plus domains now available.
> > Find out more at: http://www.namezero.com
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
Re: VNC and SSH

Reply via email to
