Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] vnc masqueraded
  • From: Andreas Schamanek <schamanek@xxxxxxx>
  • Date: Sat, 19 Jan 2002 09:09:38 +0100 (MET)
  • Message-id: <Pine.LNX.4.21.0201190906570.28827-100000@xxxxxxxxxxxxxxxxxxxxxxxx>

On Thu, 17 Jan 2002, Jens Woch wrote:

> But sniffing could happen even if I replace 0/0 with something
> (much) more specific, couldn't it? The ssh-suggestion by Markus
> Gaugusch would prevent it, I guess (have to play with it yet).

Jens, in your situation I recommend using SSH port forwarding. Log in
to the firewall and port forward your connection. Depending on your
setup you have 2 possibilities:

a) port forward a port on your firewall to the desired machine
b) port forward your localhost through the firewall

ad a) you will need _ssh -g -L...._ see _man ssh_ and

man sshd especially section AUTHORIZED_KEYS FILE FORMAT on how to
restrict the -g (global access)

ad b) the better solution: login from the remote machine and forward a
port from the remote machine (which is localhost for you) through the
firewall to the desired VNC server. i.e.

ssh -L12344:vnc_server:5900 firewall

(this is for Unix/Linux but other clients are not much different.)

then connect your viewer to _localhost:12345_

hope that helps,

-- Andreas

< Previous Next >