Tunneling VNC through SSH

Another SSH tunneling option is to use SSH to tunnel VNC. To do this, you must have an SSH server running on the VNC server computer and an SSH client on the VNC client computer. The easiest way to use this option is to use the -via option of Tight VNC's vncviewer:

$ vncviewer -via proxy.luna.edu blueox.luna.edu:2

This command tells vncviewer to connect to the computer specified by the -via option using SSH and to use that link to initiate a connection to the ultimate target system. Normally, you would provide the same host twice on the command line—once for the SSH tunnel and again as the ultimate target of the VNC connection. If you're only concerned about Internet encryption, though, you could use an SSH server on a remote network (such as proxy.luna.edu in the preceding example) to link up to another system on that network (such as blueox.luna.edu) that has a VNC server but not an SSH server. For instance, you might connect to a Windows VNC server via an SSH server running on a Linux system on the same local network as the Windows system. This configuration would encrypt your Internet traffic, but not the traffic local to the destination network. If necessary, you can provide a username in addition to the SSH server computer's hostname, as in [email protected].

In a default configuration, vncviewer will ask you for your password on the SSH server system as well as your password on the target VNC server system. If you configure the SSH server to use keys without passphrases, as described earlier, in "Using SSH Clients," vncviewer won't prompt for the SSH password. If you tie VNC and XDMCP together, as described earlier, in "Linking VNC to XDMCP," vncviewer won't prompt for a VNC password, but you'll still see the XDMCP server and its username and password prompts.

The vncviewer program from the original VNC package doesn't support the -via option. In order to create an SSH tunnel using this package, you must type an extra command and change the way you address the VNC server system:

$ ssh -N -f -L 5910:blueox.luna.edu:5902 proxy.luna.edu $ vncviewer localhost:10

The ssh command creates an SSH tunnel between the local computer and proxy.luna.edu, telling the SSH server on proxy to forward data to port 5902 on blueox.luna.edu. The 5910 that precedes the ultimate target system's name and port tells the SSH client to listen on port 5910 for data to send through this tunnel. The second line connects to this port (localhost:10 in VNC nomenclature, or port 5910 on localhost), and SSH does the rest, tunneling the data to proxy's port 5902. In practice, you're likely to use the same hostname twice on the ssh line, and you may use the same port number twice.

Team LIB

0 0

Post a comment