On Tue, 12 Feb 2002 14:11:40 -0600 (CST), dssyenon <[EMAIL PROTECTED]> wrote: > > I tried following the ssh instructions at > http://www.uk.research.att.com/vnc/sshvnc.html and also invoked vncserver > with -localhost, but am unable to connect over ssh or clear. If I don't > specify -localhost, I'm able to connect over both ssh and clear. I only > want to allow over ssh connections. > > Suppose the linux vncserver is on display :1. A cleartext connection would > open to linuxbox:5901. If I configure the ssh client to forward its > local port 5902 to linuxbox:5901, then on the client I'd need to open ^^^^^^^^^^^^^ > vncviewer to windowsbox:2 (or localhost:2) in order to connect over the > tunnel. However, if vncserver on linuxbox is -localhost, why would it > accept connections over the tunnel at all, since the tunnel originated > outside linuxbox?
If you want to ensure ssh tunnel connection to your VNC you must run it with the -localhost argument and change the ssh forwarding to localhost:5901 (the localhost is the "sshd" localhost not the originator localhost) localhost is just an alias for the loopback net (127.0.0.1). > Also, does the client need a bidirectional forward (ie remote 5901 to local > 5902) or are tunnels automatically bidirectional? I tried configuring this > in my windows ssh client but it still didn't let me open to linuxbox:5901. The "ssh" forwarded tunnels are always bi-directional, the difference between local forward and remote forward is which side is listening for connections (local forward - the ssh client listens, remote forward - the sshd server listens). Ehud. -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
