hi...
in researching how to properly secure the VNC Server, it appears that the
basic question comes down to how one can configure a SSH client application
appropriately. (If I open up the firewall.. I can easily connect to the VNC
Server.)
In the following diagram, the client is outside the firewall, the VNC
Service is behind the firewall. The firewall is permits only port 22 which
is forwarded to the VNC Server. The VNC Server is running SSHD as well.
(External IPs are for discussion...)
+-----------------+
| External Client |
| VNC Client | (12.123.45.xx)
| PuTTY |
+-----------------+
^
|
v
+-----------------+
| Firewall/Router | (23.222.45.yy)
| (Linksys) |<--------------+
+-----------------+ (192.168.1.1) |
| (Internal Network)
|
v
+------------------------------------------+
| |
| |
v v
+--------------+ +---------------+
| | | |
| Linux Box | (192.168.1.55) | Windows 2K
Box|(192.222.33.5)
| (VNCServer) | | (VNC Client) |
| (SSHD) | | (PuTTY) |
+--------------+ | |
+---------------+
So here's the question(s):
1) Can the above situation work? IE, can the client PuTTY application be
setup to allow a VNC "tunnel" to be created, allowing communication to occur
between the VNC Client/Server over port 22?
I believe it should be possible. However, when I've tried to set up the
PuTTY client application, it appears that I have something configured
incorrectly. (I have the latest version of the Windows PuTTY)
Under the Session Options
Host Name/IP : 23.222.45.yy (The router/firewall IP address)
Port: 22 (The SSH port, only port open on the firewall)
Protocol: SSH
Under SSH Options:
Tunnels:
Forwarded Source Port: 5901
Forwarded Destination: 23.222.45.yy:5901
I've also tried this setting as well...
Tunnels:
Forwarded Source Port: 5901
Forwarded Destination: 12.123.45.xx:5901
Neither setup for the Tunnels appears to work. Using either setup, I can get
into the Linux box and log on, establishing the SSH tunnel. However, when I
fire up the VNC Client, I am unable to establish a connection with the VNC
Server on the linux Box. The VNC Server is working as I am able to see it on
the Linux Box.
I have tried to establish connections using:
23.222.45.yy:1
23.222.45.yy:5901
12.123.45.xx:1
12.123.45.xx:5901
The thought being that one has to establish a connection with either the
port on the router or the port on the local client machine which would then
be forwarded to the VNC Server.
This setup doesn't seem to work.
So... The end question is how should the PuTTY/VNC be configured to allow
one to go through the firewall and establish a VNC connection using the SSH
tunnel....
thanks in advance for any pointers...
-bruce
ps... I recall seeing some directions to this at one time from a google
search.. however, a couple of the sites with the information now appear to
be down....
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
