> On Tue, 12 Feb 2002 14:11:40 -0600 (CST), dssyenon <[EMAIL PROTECTED]> wrote > > I tried following the ssh instructions at > > http://www.uk.research.att.com/vnc/sshvnc.html and also invoked vncserver > > with -localhost, but am unable to connect over ssh or clear. If I don't > > specify -localhost, I'm able to connect over both ssh and clear. I only > > want to allow over ssh connections. > > > > Suppose the linux vncserver is on display :1. A cleartext connection would > > open to linuxbox:5901. If I configure the ssh client to forward its > > local port 5902 to linuxbox:5901, then on the client I'd need to open > ^^^^^^^^^^^^^ > > vncviewer to windowsbox:2 (or localhost:2) in order to connect over the > > tunnel. However, if vncserver on linuxbox is -localhost, why would it > > accept connections over the tunnel at all, since the tunnel originated > > outside linuxbox?
On Wed, 13 Feb 2002, Ehud Karni wrote: > If you want to ensure ssh tunnel connection to your VNC you must run > it with the -localhost argument and change the ssh forwarding to > localhost:5901 (the localhost is the "sshd" localhost not the originator > localhost) localhost is just an alias for the loopback net (127.0.0.1). A config summary: 1. vncserver -localhost running on linuxbox:5901 2. vncviewer running on windowsbox 3. windows ssh client set to forward windowsbox:5902 to linuxbox:5901. If I'm understanding correctly, are you saying #3 is wrong? I'm guessing that's because linuxbox's vncserver was started with -localhost, so it won't accept a connection from windowsbox:5902. Would I then need two tunnels? 3b. windows ssh client set to forward windowsbox:5902 to linuxbox:5902. 4. linux ssh client set to forward linuxbox:5902 to linuxbox:5901. Since the vncserver is running on linuxbox:5901 and will only accept connections from linuxbox, would I need an additional tunnel on linuxbox between windowsbox:5902 and linuxbox:5901? On linuxbox, would I do: ssh -L 5902:linuxbox:5901 linuxbox ? Since windowsbox:5902 forwards to linuxbox:5902 and linuxbox:5902 is local to vncserver on linuxbox:5901, that gets around the -localhost requirement. My reasoning is apparently flawed, because this didn't work either. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
