Ah! :) yes I see what "vncserver -localhost" does now. That very handy piece of information missing from the vncserver manpage, but maybe I have an older version installed :( Thanks for pointing that out!
-----Original Message----- From: Rainer Duffner [mailto:rainer@ultra-secure.de] Sent: Wednesday, 9 February 2005 7:24 p.m. To: suse-security@suse.com Subject: Re: [suse-security] Keep Remote App Running after ssh logout
Mike Tierney wrote:
In that case what Rainer Duffner said is your best bet.
Start a VNC server running on the REMOTE machine (i.e. vncserver :1 - depth 24) and tunnel that port from your local server to the remote machine. Then use vncviewer to access the remote X desktop. This way your Java app runs in a persistant environment. You can leave your app running and reconnect to it whenever you want. Think of it as the "screen" program for X Windows.
To forward the port you'd change your ssh login command to something like
ssh -L 5901:localhost:5901 <destination hostname>
That's if you start a vncserver as desktop :1. The port number would be 5902 if it was desktop :2 etc.
The only problem is that now ANYONE can try to connect to that remote vncserver(!) session (unless firewalled). So you probably want to password it and/or add a firewall rule to stop all external connections to that port 5902. Blocking external connections to that port wont stop your SSH tunneled ones. :)
That's why you let vnc listen to localhost.
Then, you can do ssh target -L 5901:127.0.0.1:5901 .
The vnc-documentation/website contains more information (and some drawings) about this.
cheers, Rainer
-- =================================================== ~ Rainer Duffner - rainer@ultra-secure.de ~ ~ Freising - Munich - Germany ~ ~ Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===================================================
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here