:: "Alex Angelopoulos" <[EMAIL PROTECTED]>
:: (2) From what I understand, you make almost anything run over SSH.
:: (Take that with a chunk of salt, though - I've only done it with
:: about 3 things in the past).
: Michael Ossmann <[EMAIL PROTECTED]>
: Yes, that's true. SSH only does TCP port forwarding, not UDP port
: forwarding, so some things (like XDMCP or DNS) won't work directly
: over port forwarding, but you can also do stuff like running PPP over
: SSH to create a VPN. UDP over IP over PPP over SSH over TCP over IP!
: :-)
There's an intermediate possibility that I use, which is easier
to configure than a VPN, but makes lots of things work. And
that's to use socks proxy over ssh.
On the server side, you run a socks server, and on the client side, you
run either applications that understand socks proxies, such as netscape,
or (on linux/unix) you can use "runsocks" from the socks reference
implementation, or Dante "socksify", and on windows, you can use
SocksCap from the reference implementation, or commercial products that
do the same thing.
What runsocks or SocksCap do is intercept any socket calls,
and proxy them, so that the program doesn't need to be written
to do anything special. Thus, on linux, you configure your socks
client or socksifying library to use localhost:1080 as the proxy port,
then start ssh like so
ssh -L 1080:localhost:1080 foo
then you can start a vnc session via
runsocks vncviewer bar
where the machine "bar" need not even be visible to your
mach ine, as long as it is visible to foo. The traffic from
your machine to foo is encrypted. Most often, the traffic
to bar from foo would be behind a firewall.
I realize my discussion and example are very sketchy. And there are
often better ways to go. But if you need access to many different
machines behind a firewall, it's a reasonable way to secure your traffic
TO that firewall, and not have to set up specific port forwards for
every machine you might want to contact. It also avoids the "raw
encodings" problem discussed on the att page on use of VNC over ssh.
And while I'm mentioning it, the latest tightVNC will automagically
launch ssh for you on demand; that is, you just say you want to connect
to "foo", and an ssh tunnel is created for the traffic to foo.
So. Socks is worth looking at. Reading material:
http://www.socks.nec.com/
http://www.inet.no/dante/
http://www.tightvnc.org/
http://www.doxpara.com/index_orig.php
http://www.doxpara.com/gwc/gwc3.ppt
The doxpara site, and especially that powerpoint slideshow,
describes increasingly exotic and difficult stunts you can do
with ssh, including an ssh client that combines socks proxy
so that you don't even need a socks proxy on the server side.
It also mentions resources for setting up a VPN via socks.
For the .ppt, you'll need powerpoint, or staroffice, or openoffice.
And it's just a slide show. But suggestive reading nevertheless.
As the title slide says, "this is not how to crack ssh,
this is ssh on crack..."
In any event; VNC works very will via socks proxy,
using runsocks or socksify on linux/unix, and SockCap
or commercial socksifyers on windows (Permeo's "e-Driver"
has been recommended to me, but I haven't actually used it,
being mostly unix/linux oriented).
Enjoy.
Wayne Throop [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
