This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Problem Tunneling VNC through SSH

To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
Subject: Re: Problem Tunneling VNC through SSH
From: "Mark Paulus" <commpg at yahoo dot com>
Date: Fri, 27 Jul 2001 13:42:33 -0600
Reply-To: "Mark Paulus" <commpg at yahoo dot com>

One small caveat on this (I do this to home quite nicely).  If you have 
a firewall on both ends, then you actually want to make the middle 
parameter be localhost of the Forwarding Address.  For a pretty complete
discussion about this, see section 9.2.8 in the O'Reilly SSH:  The Secure
Shell book.  The last sentence states:
"In general, we recommend using localhost as the forwarding target whenever
possible.  This way, you are less likely to set up an insecure off-host forwarding by 
accident". 

And in my case,  I couldn't get the port forwarded through both
my firewalls.  So I had to use a local port.

My ssh command looks like the following:
ssh -l <myuser> -R 5904:localhost:5900 -L 5904:localhost:5932 home.

What this does is set up 2 pipes.  This allows me to connect to VNC
display localhost:4 and get to my machine at home running on 
display 32 (-L 5904:localhost:5932), and it also sets up a pipe 
that allows me to connect to display localhost:4 at home, which 
connects to the VNC under Win2K on Display 0 at work
(-R 5904:localhost:5900)

On Fri, 27 Jul 2001 14:13:36 -0500, fred@ontosys.com wrote:

>On Fri, Jul 27, 2001 at 02:12:05PM -0400, Lesley.D.Lahman@medstar.net wrote:
>> When on my_workstation I start ssh like this:
>> 'ssh -L 5901:my_server:5900 my_server'
>> port 5900 on my_server then supposedly is forwarded to
>> port 5901 on my_workstation, which corresponds to display 1.
>
>Doesn't that actually forward my_workstation:5901 to my_server:5900,
>given the sense of "forward" usually used with ssh?
>
>Have you tried 'ssh -L 5901:my_server:5901 my_server'?  That way when
>'vncviewer my_workstation:1' tries to connect to port 5901 on
>my_workstation it will end up communicating with port 5901 on the
>my_server.
>
>-- 
>Fred Yankowski           fred@OntoSys.com      tel: +1.630.879.1312
>Principal Consultant     www.OntoSys.com       fax: +1.630.879.1370
>OntoSys, Inc             38W242 Deerpath Rd, Batavia, IL 60510, USA
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Re: Problem Tunneling VNC through SSH
  - From: fred

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]