Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'SSH is safer' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
SSH is safer
Authored by: ebaur on Jan 10, '08 10:00:24AM

A safer solution would be to only open up SSH to the outside world (you can still use the port translation to hid the ports used for SSH). You can then - from your external machine - do this:

ssh -L5900:127.0.0.1:5900 someone@my-machine.mydomain.com

This will set up port 5900 on the machine you're sitting at to forward over the encrypted ssh session to the remote machine. You can even use one machine to ssh port forward to another one on the same network. For example:

ssh -L5901:192.168.0.4:5900 someone@my-machine.mydomain.com

will use the machine you ssh to as a hop to get to the .4 machine, and you would connect your VNC client to port 5901 at localhost to get to port 5900 on the remote machine. The benefit here is that you can expose only one machine's SSH port to the internet and use it as a jumping point for everything else.



[ Reply to This | # ]
SSH is safer
Authored by: BobHarris on Jan 10, '08 01:07:17PM

NOTE: using a middle machine to forward as in

ssh -L5901:192.168.0.4:5900 someone@my-machine.mydomain.com

will only use ssh encryption between the first system and the middle system. The VNC traffic will then go from the middle system to the VNC server unencrypted.

This is NOT a big issue if the middle system and the VNC server are both in your home.

By the way, I personally VNC over an ssh tunnel over the internet to control my Mom's iMac, as well as get back to my home systems when I'm away from home.

ssh -L 5905:127.0.0.1:5900 -p 37100 mom@dynamic.dns.noip.com

The -p is a way to tell ssh to use a port number besides 22, and at my Mom's house, her router forwards port 37100 requests to my Mom's iMac port 22 (the standard ssh port).

Of course with back to my Mac and screen sharing via iChat available in Leopard, some of these hints will be needed less and less. ssh is a Swiss Army Knife of networking that is always good to learn.

Bob Harris



[ Reply to This | # ]