Has anyone used VNC to access a remote linux box to view the KDE session on a given display (display:0 for example)? What firewall settings were used?
On 5/13/05, Steven
Has anyone used VNC to access a remote linux box to view the KDE session on a given display (display:0 for example)? What firewall settings were used?
Hi Steven, Just 5900 for :0. But you have to know that VNC session is not secured. For that reason I use ssh tunneling. Then from my "client" I ssh to the host, and the use VNC viewer against a local port. That way there is no need to open 59xx ports in the firewall. Cheers Sunny
Sunny wrote:
On 5/13/05, Steven
wrote: Has anyone used VNC to access a remote linux box to view the KDE session on a given display (display:0 for example)? What firewall settings were used?
Hi Steven, Just 5900 for :0.
But you have to know that VNC session is not secured. For that reason I use ssh tunneling. Then from my "client" I ssh to the host, and the use VNC viewer against a local port. That way there is no need to open 59xx ports in the firewall.
Cheers Sunny
I've never heard of that process before. How does one go about doing it?
Hi Steven, Just 5900 for :0.
But you have to know that VNC session is not secured. For that reason I use ssh tunneling. Then from my "client" I ssh to the host, and the use VNC viewer against a local port. That way there is no need to open 59xx ports in the firewall.
Cheers Sunny
I've never heard of that process before. How does one go about doing it?
0. ssh to the remote box forwarding local port 15900 to the remote box's own port 5900 e.g. ssh -L 15900:localhost:5900 user@hosts.dns-name.or.address 1. then run a vnc client on your host but connect to your own port 15900 e.g. krdc vnc://localhost:15900 ssh tunnels this vnc connection to your localhost port 15900, through the ssh session, and out the other side to the other machine's localhost port 5900. the port numbers i used are just examples, use whatever ports suit you and your scenario. hope that helps! Khan
On Friday 13 May 2005 15:52, Khan St. Preest wrote:
Hi Steven, Just 5900 for :0.
But you have to know that VNC session is not secured. For that reason I use ssh tunneling. Then from my "client" I ssh to the host, and the use VNC viewer against a local port. That way there is no need to open 59xx ports in the firewall.
Cheers Sunny
I've never heard of that process before. How does one go about doing it?
0. ssh to the remote box forwarding local port 15900 to the remote box's own port 5900 e.g. ssh -L 15900:localhost:5900 user@hosts.dns-name.or.address
When I check the man page for ssh the -L option looks like this: -L Xo Sm off port host hostport Sm on, but you only used -L in your example. When you use -L what are the values for the ' Xo Sm off port host hostport Sm on' part? Thanks, Jerome
1. then run a vnc client on your host but connect to your own port 15900 e.g. krdc vnc://localhost:15900
ssh tunnels this vnc connection to your localhost port 15900, through the ssh session, and out the other side to the other machine's localhost port 5900.
the port numbers i used are just examples, use whatever ports suit you and your scenario.
hope that helps! Khan
On Saturday 14 May 2005 18:18, Susemail wrote:
On Friday 13 May 2005 15:52, Khan St. Preest wrote: When I check the man page for ssh the -L option looks like this: -L Xo Sm off port host hostport Sm on, but you only used -L in your example. When you use -L what are the values for the ' Xo Sm off port host hostport Sm on' part? Thanks, Jerome
From man ssh: -L port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can for ward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport. sunny@suse:~> rpm -qa | grep openssh openssh-askpass-3.8p1-33 openssh-3.8p1-37.17 What version of openssh do you use? Btw, you never tald wht OS id the "client". Cheers Sunny
On Sunday 15 May 2005 01:18, Susemail wrote:
When I check the man page for ssh the -L option looks like this: -L Xo Sm off port host hostport Sm on, but you only used -L in your example. When you use -L what are the values for the ' Xo Sm off port host hostport Sm on' part?
:) The .Xo Sm off Sm on stuff is troff markup. You've been looking at a man page that hasn't been formatted for screen display, the source code of a man page.
Khan St. Preest wrote:
Hi Steven, Just 5900 for :0.
But you have to know that VNC session is not secured. For that reason I use ssh tunneling. Then from my "client" I ssh to the host, and the use VNC viewer against a local port. That way there is no need to open 59xx ports in the firewall.
Cheers Sunny
I've never heard of that process before. How does one go about doing it?
0. ssh to the remote box forwarding local port 15900 to the remote box's own port 5900 e.g. ssh -L 15900:localhost:5900 user@hosts.dns-name.or.address
1. then run a vnc client on your host but connect to your own port 15900 e.g. krdc vnc://localhost:15900
ssh tunnels this vnc connection to your localhost port 15900, through the ssh session, and out the other side to the other machine's localhost port 5900.
the port numbers i used are just examples, use whatever ports suit you and your scenario.
Note that the standard vnc client can do most of this for you, these days. From 'man vncviewer': -via gateway Automatically create encrypted TCP tunnel to the gateway machine before connection, connect to the host through that tunnel (TightVNC-specific). By default, this option invokes SSH local port forwarding, assuming that SSH client binary can be accessed as /usr/bin/ssh. Note that when using the -via option, the host machine name should be specified as known to the gateway machine, e.g. "localhost" denotes the gateway, not the machine where vncviewer was launched. See the ENVIRONMENT section below for the information on configuring the -via option. So you can simply type: vncviewer -via my_remote_host localhost:0 where "localhost:0" indicates VNC session 0 (port 5900) on the "my_remote_host" host, strangely. I only found this by accident, but it certainly saves a lot of typing :) - Korny
participants (6)
-
Anders Johansson
-
Khan St. Preest
-
Kornelis Sietsma
-
Steven
-
Sunny
-
Susemail