Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: How to use screen sharing remotely and securely' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: How to use screen sharing remotely and securely
Authored by: dewab on Nov 19, '07 03:03:51PM

The command given isn't correct.

In order to create an SSH tunnel, you'd use a command similar to the following:

ssh -L 1202:localhost:5900 remote-host

This would listen locally on port 1202, tunnel to "remote-host" and then have "remote-host" redirect that traffic to localhost on port 5900. (i.e. localhost = remote-host) You can also replace localhost with a different box that remote-host has access to, perhaps if you wanted to tunnel through that box to another box on it's network.



[ Reply to This | # ]
10.5: How to use screen sharing remotely and securely
Authored by: felix-fi on Nov 19, '07 11:42:51PM

My 2 cents:

I am always confused too by ssh tunnel... so I keep reading the man page each time :-). In any case the original proposed method (not using localhost) create a secure tunnel:

From man ssh:

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocat-
ing a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the
connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.

Local (client) host means the machine executing the ssh. However, the :host: (i.e. the vnc server then) and the ssh server (the machine name at the end of the ssh command) should be the same otherwise the data between them will be in clear...

Is it clearer? ( I am not even sure it is for me ;-) )




[ Reply to This | # ]
10.5: How to use screen sharing remotely and securely
Authored by: felix-fi on Nov 20, '07 03:21:36AM

Just to clarify a bit my previous post...

when host-X executes
ssh -L port:host-Y:hostport host-Z

then local packet sent to port are tunneled to host-Z which then decrypt them and pass them to host-Y in clear. Moreover, host-Y is "resolved" from host-Z point of view (so if it is localhost or 127.0.0.1, it means host-Z itself)

(I hope I did not add to much confusion again)




[ Reply to This | # ]