[gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 475 bytes --]

I have a gentoo box setup as a router with 3 servers behind it (all 4
servers are running gentoo).  Right now I simply have port 5901 to forward
from the router to my vnc server so I can access it remotely.  I've looked
on the gentoo forums and online but haven't been able to find any solid
information on how to tunnel 5901 through ssh through the router to the vnc
server.  Basically, client -> router -> vnc server port 5901, but over ssh.
Any ideas?

-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 524 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mauro Faccenda]

On Tuesday 10 October 2006 13:46, Mark Shields wrote:
> I have a gentoo box setup as a router with 3 servers behind it (all 4
> servers are running gentoo).  Right now I simply have port 5901 to forward
> from the router to my vnc server so I can access it remotely.  I've looked
> on the gentoo forums and online but haven't been able to find any solid
> information on how to tunnel 5901 through ssh through the router to the vnc
> server.  Basically, client -> router -> vnc server port 5901, but over ssh.
> Any ideas?

if you want to connect to a vnc session on the ssh server:

ssh -L 5901:localhost:5901 user@host_of_ssh_server

then:

vncviewer localhost:1

if you want to connect to another box at the same network of the ssh server:

ssh -L 5901:ip_of_another_box:5901 user@host_of_ssh_serverr

then:

vncviewer localhost:1

got the idea?

hope it helps.

[]'s
	.m


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Richard Fish]

On 10/10/06, Mark Shields <laebshade@gmail.com> wrote:
> I have a gentoo box setup as a router with 3 servers behind it (all 4
> servers are running gentoo).  Right now I simply have port 5901 to forward
> from the router to my vnc server so I can access it remotely.  I've looked
> on the gentoo forums and online but haven't been able to find any solid
> information on how to tunnel 5901 through ssh through the router to the vnc
> server.  Basically, client -> router -> vnc server port 5901, but over ssh.
> Any ideas?

You want ssh port forwarding....you can read the ssh man page, but
basically you want:

# ssh -L localhost:5901:remotehost:5901 &
# vncviewer localhost:5901

HTH,
-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 1708 bytes --]

On 10/10/06, Richard Fish <bigfish@asmallpond.org> wrote:
>
> On 10/10/06, Mark Shields <laebshade@gmail.com> wrote:
> > I have a gentoo box setup as a router with 3 servers behind it (all 4
> > servers are running gentoo).  Right now I simply have port 5901 to
> forward
> > from the router to my vnc server so I can access it remotely.  I've
> looked
> > on the gentoo forums and online but haven't been able to find any solid
> > information on how to tunnel 5901 through ssh through the router to the
> vnc
> > server.  Basically, client -> router -> vnc server port 5901, but over
> ssh.
> > Any ideas?
>
> You want ssh port forwarding....you can read the ssh man page, but
> basically you want:
>
> # ssh -L localhost:5901:remotehost:5901 &
> # vncviewer localhost:5901
>
> HTH,
> -Richard
> --
> gentoo-user@gentoo.org mailing list
>
>
Thank you Richard and Mauro, but this wasn't what I was looking for.  The
vnc and the ssh server are not the same.  I am familiar with and have no
problem using the particular setup you mention; however, it will not work
for what I want to accomplish.  I want to tunnel vnc traffic over ssh to my
router, then forward that vnc traffic to the actual vnc server.  I think the
problem lies somewhere in my iptables rules.  I did have: /sbin/iptables -t
nat -A PREROUTING -p TCP --dport 5901 -i ${WAN} -j DNAT --to
192.168.0.235:5901 , which will forward it correctly if I connect through
5901, but tunneling via SSH doesn't work.  Again, I want to tunnel the vnc
connection to the router, which will then forward the port 5901 traffic to
the vnc server.

Btw, I'm using Putty and Tightvnc on a WinXP machine (work PC) to connect to
the vnc server.

-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 2246 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Richard Fish]

On 10/10/06, Mark Shields <laebshade@gmail.com> wrote:
> Thank you Richard and Mauro, but this wasn't what I was looking for.  The
> vnc and the ssh server are not the same.

ssh port forwarding is not limited to just the machine you are logging
into.  It will forward the connection to another host.  So I think
this is still what you want:

# ssh -L localhost:5901:vnchost:5901 routerhost

This will cause the ssh client to forward any connections to 5901 on
localhost to be forwarded to the server on routerhost, which will then
make the connection to vnchost port 5901.  No need to muck with
iptables rules at all here.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 825 bytes --]

On 10/10/06, Richard Fish <bigfish@asmallpond.org> wrote:
>
> On 10/10/06, Mark Shields <laebshade@gmail.com> wrote:
> > Thank you Richard and Mauro, but this wasn't what I was looking
> for.  The
> > vnc and the ssh server are not the same.
>
> ssh port forwarding is not limited to just the machine you are logging
> into.  It will forward the connection to another host.  So I think
> this is still what you want:
>
> # ssh -L localhost:5901:vnchost:5901 routerhost
>
> This will cause the ssh client to forward any connections to 5901 on
> localhost to be forwarded to the server on routerhost, which will then
> make the connection to vnchost port 5901.  No need to muck with
> iptables rules at all here.
>
> -Richard
> --
> gentoo-user@gentoo.org mailing list
>
>
Ok, how can I do that with putty?

-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 1277 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 579 bytes --]

On 10/10/06, Bo Ørsted Andresen <bo.andresen@zlin.dk> wrote:
>
> On Tuesday 10 October 2006 19:58, Mark Shields wrote:
> [SNIP]
> > > # ssh -L localhost:5901:vnchost:5901 routerhost
> [SNIP]
> >
> > Ok, how can I do that with putty?
>
> http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html
>
> --
> Bo Andresen
>
>
>
Thank you Bo for the link, but it was missing a crucial step:  after adding
the port forward in putty and connecting to routerhost, I then also had to
do a ssh port forward from the routerhost to the vnchost.


-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 961 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Richard Fish]

On 10/10/06, Mark Shields <laebshade@gmail.com> wrote:
> On 10/10/06, Richard Fish <bigfish@asmallpond.org> wrote:
> > # ssh -L localhost:5901:vnchost:5901 routerhost
>
> Ok, how can I do that with putty?
>

I don't use putty, but I believe pretty much the same way.  You should
be able to enter vnchost as the "destination host name" even while
logging into your router. [1]

Putty also supports many of the same command line options as ssh [2],
so you could also try:

# putty -L 5901:vnchost:5901 routerhost

[1] http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter3.html#using-port-forwarding
[2] http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter3.html#using-general-opts

HTH,
-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[W.Kenworthy]

Check out zebedee - unlike ssh, its designed specifically for this type
of thing (esp VNC) and as a consequence is more flexible.  Also works
with doze etc.

Billk

On Tue, 2006-10-10 at 12:46 -0400, Mark Shields wrote:
> I have a gentoo box setup as a router with 3 servers behind it (all 4
> servers are running gentoo).  Right now I simply have port 5901 to
> forward from the router to my vnc server so I can access it remotely.
> I've looked on the gentoo forums and online but haven't been able to
> find any solid information on how to tunnel 5901 through ssh through
> the router to the vnc server.  Basically, client -> router -> vnc
> server port 5901, but over ssh.  Any ideas? 
> 
> -- 
> - Mark Shields
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Sieb, Glenn E (Glenn)]

richard.j.fish@gmail.com wrote:
> I don't use putty, but I believe pretty much the same way.
> You should be able to enter vnchost as the "destination host
> name" even while logging into your router. [1]

You can do it via the command line, or you can create a saved session too. Under Connection->SSH->Tunnels you can enter ports to forward.. then, once you've set your key up and the machine &c &c, you can save the session--then every time you connect to that saved session, you have your VNC ports all ready.

Best,
--Glenn
-- 
Glenn E. Sieb, MTS
Bell Laboratories
sieb@lucent.com
+1 732 949 5453
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mick]

[-- Attachment #1: Type: text/plain, Size: 921 bytes --]

On Tuesday 10 October 2006 20:27, Sieb, Glenn E (Glenn) wrote:
> richard.j.fish@gmail.com wrote:
> > I don't use putty, but I believe pretty much the same way.
> > You should be able to enter vnchost as the "destination host
> > name" even while logging into your router. [1]
>
> You can do it via the command line, or you can create a saved session too.
> Under Connection->SSH->Tunnels you can enter ports to forward.. then, once
> you've set your key up and the machine &c &c, you can save the
> session--then every time you connect to that saved session, you have your
> VNC ports all ready.

You should be able to set up the whole string under the field 
called "Destination" and after you click add, edit it manually in the field 
above.

However, I wonder if since you are traversing machines and you keep forwarding 
ports, what you want to use is PuTTY's agent forwarding?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mark Shields]

[-- Attachment #1: Type: text/plain, Size: 1150 bytes --]

On 10/10/06, Mick <michaelkintzios@gmail.com> wrote:
>
> On Tuesday 10 October 2006 20:27, Sieb, Glenn E (Glenn) wrote:
> > richard.j.fish@gmail.com wrote:
> > > I don't use putty, but I believe pretty much the same way.
> > > You should be able to enter vnchost as the "destination host
> > > name" even while logging into your router. [1]
> >
> > You can do it via the command line, or you can create a saved session
> too.
> > Under Connection->SSH->Tunnels you can enter ports to forward.. then,
> once
> > you've set your key up and the machine &c &c, you can save the
> > session--then every time you connect to that saved session, you have
> your
> > VNC ports all ready.
>
> You should be able to set up the whole string under the field
> called "Destination" and after you click add, edit it manually in the
> field
> above.
>
> However, I wonder if since you are traversing machines and you keep
> forwarding
> ports, what you want to use is PuTTY's agent forwarding?
> --
> Regards,
> Mick
>
>
>
Guys, there's no need to keep replying.  Thanks for the help, but I'm able
to do it now (have been for the past 4 e-mails)

-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 1588 bytes --]

Re: [gentoo-user] VNC over SSH (VNC session is non-local to SSH)

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1072 bytes --]

On Tuesday 10 October 2006 22:55, Mark Shields wrote:

> Guys, there's no need to keep replying.  Thanks for the help, but I'm able
> to do it now (have been for the past 4 e-mails)

I'm glad you got it sorted Mark.

A vaguely related but quite O/T question: would you perhaps know why when I 
select "connect to local ports only" (in the VNC server running on a WinXP 
box, under the Properties tab Connections) to stop it listening to ports 
connected to the Internet, I can no longer connect from another WinXP box 
through ssh port forwarding?  No problem connecting to the VNC server from my 
Gentoo box, or from the WinXP box using Knoppix.  The error that comes up on 
the VNC viewer is something like "the connection was unexpectedly terminated, 
would you like to try again".  Telnet-ing through the forwarded port 
similarly fails - the telenet session hangs waiting for a response from the 
server.  As soon as I remove the "connect to local ports only" the WinXP VNC 
viewer connects happily again.  Is this a WinXP bug?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]