Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: How to use screen sharing remotely and securely' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: How to use screen sharing remotely and securely
Authored by: billpenn on Aug 30, '08 12:39:59AM
I use this handy shell script to secure my vnc through a tunnel:

#!/bin/sh

## script to make ssh tunnel connect to vnc host specified in
## first argument
##
## Jan 02, 2004 - W Penn - creation
## May 15 2005 - W Penn - command arguments added converted for vnc
## Jun 10 2005 - some dude named ward - process management added
##

LOCAL_PORT=5902;

TARGET_HOST=127.0.0.1;
TARGET_PORT=5900;

TUNNEL_HOST="$1";

echo "opening tunnel";
ssh -L $LOCAL_PORT:$TARGET_HOST:$TARGET_PORT -f -N $TUNNEL_HOST;
echo "Local port $LOCAL_PORT used";
echo "opening vnc client";
open -a /Applications/JollyFastVNC.app/;

clear;
TUN=`lsof -i:$LOCAL_PORT -Fp | head -1| sed s/p//`;
echo IMPORTANT: Leave this Terminal window open during your VNC session.;
echo When you finish your VNC session, press the ENTER key in this window.;
echo This will manually close down your SSH tunnel to the remote computer.;
read answer;
clear;
kill $TUN;
echo SSH tunnel closed. You now can close this Terminal window.;

save with your favorite text editor (I call mine svnc) and chmod u+x to make it executable then, if the file is in your path, you can fire up your secure tunnel by typing:

svnc username@somehost.com

if you have JollyFastVNC.app in your Applications folder, it will open and you connect to localhost (127.0.0.1) and port 5902

the terminal window will wait for you to hit return when you are done with your secure vnc, hitting return kills the tunnel so you do not have it sitting around un-noticed.

Someone clever and less lazy than me could surely wrap this up in AppleScript for click and go fun; if that is you, share and enjoy.

I first posted a version of this script years ago with an incorrect variable in response to a question from felix-fi (who commented above) on another site about securing afp (just change the ports and the open command). The version here is secure and done up properly.

To felix-fi, I also have to pull up the man page to ssh ever time I start thinking about tunnels sorry for any aggravation from mixed up variables four years ago.



[ Reply to This | # ]