Mailing List Archive

Setup the SSH server and VNC server on the Linux box.

Setup the Client PC:
Launch PuTTY.
Under session:
Host Name: your Unix box FQDN or IP
Click SSH
Give the session a name

Under: Connection / SSH / Tunnels
Enter a port forward for Local
Source Port: 5901
Destination: localhost:5900
Click Add

Click on session again and save it.

Now launch (Open) your PuTTY session and logon to your Linux box's SSH
server.
Then launch your VNC Viewer and enter localhost:1 as the VNC Server. Your
SSH session will forward it to your Linux box. You should get prompted for
the VNC Password setup on the VNC server on Linux.

You should now be connected to the Linux box via VNC.

GL
Carl

----- Original Message -----
From: "Terence Van Hise" <tvh2k@optonline.net>
To: <VNC-List@realvnc.com>
Sent: Friday, January 11, 2002 4:11 PM
Subject: VNC over SSH


> Hello all:
>
> I'm a newbie to VNC and SSH and was wondering if I could get some help in
> configuring VNC to tunnel over SSH? Specifically, what I would like to do
> is:
>
> 1. SSH from a Windows machine (PUTTY) to my linux machine at home (linksys
> router, ipchains, openssh already configured)
> 2. Tunnel a VNC connection over SSH, but have the VNC Server not running
on
> the linux machine but rather on another machine at my house
>
> Thanks!
>
> -Terence VH
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list

----- Original Message -----
From: "Carl" <wc4h@bellsouth.net>

[snip]
> Under: Connection / SSH / Tunnels
> Enter a port forward for Local
> Source Port: 5901
> Destination: localhost:5900
> Click Add
[snip]

But since the OP wanted to go to a machine that is not the SSH server, VNC
server's name or IP should go in the destination box. For example:

Destination: vncserver:5900

--
William Hooper

Any neural system sufficiently complex to generate the axioms of arithmetic
is too complex to be understood by itself.

Did I miss read it. Thought Terence said he wanted to use VNC via SSH. So
the host PC would need to have SSH & VNC servers installed, which was the
first thing I mentioned to him.

Carl

----- Original Message -----
From: "William Hooper" <whooper@freeshell.org>
To: "VNC" <vnc-list@realvnc.com>
Sent: Sunday, January 12, 2003 12:08 AM
Subject: Re: VNC over SSH


> ----- Original Message -----
> From: "Carl" <wc4h@bellsouth.net>
>
> [snip]
> > Under: Connection / SSH / Tunnels
> > Enter a port forward for Local
> > Source Port: 5901
> > Destination: localhost:5900
> > Click Add
> [snip]
>
> But since the OP wanted to go to a machine that is not the SSH server, VNC
> server's name or IP should go in the destination box. For example:
>
> Destination: vncserver:5900
>
> --
> William Hooper
>
> Any neural system sufficiently complex to generate the axioms of
arithmetic
> is too complex to be understood by itself.
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list

----- Original Message -----
From: "Carl" <wc4h@bellsouth.net>
> Did I miss read it. Thought Terence said he wanted to use VNC via SSH.
So
> the host PC would need to have SSH & VNC servers installed, which was the
> first thing I mentioned to him.
>
> Carl
>


You missed the second part of Terence's question:
> 2. Tunnel a VNC connection over SSH, but have the VNC Server not running
> on the linux machine but rather on another machine at my house

SSH allows you to forward ports to another host, so you would only really
need SSH on one machine in order to reach a whole network of machines. The
forwarded info on the LOCAL network would not be encrypted, but that usually
isn't an issue. For an example look at the "More advanced use" section on
http://www.uk.research.att.com/vnc/sshvnc.html .

--
William Hooper

Have you crashed your Windows today ?

IMHO he needs the SSH server on the Linux box if that's the one he's trying
to connect to and the SSH client on his PC (remote client). I didn't not
misread it, I tried to give what he needed to do to accomplish the goal of a
secure connection. Then again, I'm not an "expert" on this, just relating
from my setup.

Still, I have not seen documentation that indicates that if I have SSH
Server & Client on my PC, I can securely connect to any other PC. If that
were feasible, we would never need SSH server running on any server only on
the clients trying to connect to them.

Carl

----- Original Message -----
From: "William Hooper" <whooper@freeshell.org>
To: "VNC" <vnc-list@realvnc.com>
Sent: Sunday, January 12, 2003 1:21 PM
Subject: Re: VNC over SSH


> ----- Original Message -----
> From: "Carl" <wc4h@bellsouth.net>
> > Did I miss read it. Thought Terence said he wanted to use VNC via SSH.
> So
> > the host PC would need to have SSH & VNC servers installed, which was
the
> > first thing I mentioned to him.
> >
> > Carl
> >
>
>
> You missed the second part of Terence's question:
> > 2. Tunnel a VNC connection over SSH, but have the VNC Server not running
> > on the linux machine but rather on another machine at my house
>
> SSH allows you to forward ports to another host, so you would only really
> need SSH on one machine in order to reach a whole network of machines.
The
> forwarded info on the LOCAL network would not be encrypted, but that
usually
> isn't an issue. For an example look at the "More advanced use" section on
> http://www.uk.research.att.com/vnc/sshvnc.html .
>
> --
> William Hooper
>
> Have you crashed your Windows today ?
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list

----- Original Message -----
From: "Carl" <wc4h@bellsouth.net>
> IMHO he needs the SSH server on the Linux box if that's the one he's
trying
> to connect to and the SSH client on his PC (remote client). I didn't not
> misread it, I tried to give what he needed to do to accomplish the goal of
a
> secure connection. Then again, I'm not an "expert" on this, just relating
> from my setup.
>
> Still, I have not seen documentation that indicates that if I have SSH
> Server & Client on my PC, I can securely connect to any other PC. If that
> were feasible, we would never need SSH server running on any server only
on
> the clients trying to connect to them.
>
> Carl


Terence states he has a SSH server running on his Linux machine (now I guess
I will finish quoting his whole mail):

> 1. SSH from a Windows machine (PUTTY) to my linux machine at home (linksys
> router, ipchains, openssh already configured)
> 2. Tunnel a VNC connection over SSH, but have the VNC Server not running
> on the linux machine but rather on another machine at my house

My statement was that he doesn't need SSH installed on the machine referred
to as "another machine at my house". SSH can be used to accept a connection
on the SSH server and forward it to another machine in the network. SSH and
VNC don't have to be installed on the Linux machine to make it work. As a
matter of fact if you have a Linux box and a Windows Box on the same network
it is much easier to open on port on the firewall, SSH into the Linux box,
then you are able to connect VNC to either the Linux machine or the Windows
machine. To do this you change the forwarding from "localhost" to
"another-machine-name" (using a valid hostname or IP, of course). Your
example:

>Under: Connection / SSH / Tunnels
>Enter a port forward for Local
>Source Port: 5901
>Destination: localhost:5900
>Click Add

Works for the case of the Linux box being both the SSH and VNC servers, but
needs changed in order to accomplish step 2:

>Under: Connection / SSH / Tunnels
>Enter a port forward for Local
>Source Port: 5901
>Destination: another-machine-name:5900
>Click Add

Now that we have went way off on a tangent, is Terence still out there and
if so did you get it working?

--
William Hooper

34th Law of Computing: Anything that can go wrSEEK ERROR ON C: SECTOR D5

Hmm...must be doing something wrong. I have TightVNC installed on a windows
machine, ip 192.168.1.102. I have OpenSSH running on linux machine, ip
192.168.1.75. I have putty set up under Connection->SSH->Tunnels with
source port of 5901 and destination of "192.168.1.75:5900". I connect
through putty, password authenticate, and get a bash shell just fine. I
then try to scan port 5901 on the machine running putty, but get no
response....the port appears to be closed.

What's going on? Could this have something to do with the fact that I'm
running ipchains on the linux machine? Again, I'm a newbie to linux, but
I'm pretty sure that all my outgoing ports are open (":output ACCEPT" at top
of ipchains). I also tried adding this line to ipchains, to no avail:

"-A input -s 0/0 -d 192.168.1.0/24 5900:5900 -p TCP -y -j ACCEPT"

So what am I missing?
Thanks a million!

-Terence Van Hise


---------------------------------------------
Message: 10
From: "William Hooper" <whooper@freeshell.org>
To: "VNC" <vnc-list@realvnc.com>
Subject: Re: VNC over SSH
Date: Sun, 12 Jan 2003 00:08:53 -0500

----- Original Message -----
From: "Carl" <wc4h@bellsouth.net>

[snip]
> Under: Connection / SSH / Tunnels
> Enter a port forward for Local
> Source Port: 5901
> Destination: localhost:5900
> Click Add
[snip]

But since the OP wanted to go to a machine that is not the SSH server, VNC
server's name or IP should go in the destination box. For example:

Destination: vncserver:5900

--
William Hooper

Any neural system sufficiently complex to generate the axioms of arithmetic
is too complex to be understood by itself.


--__--__--

Try using 191.168.1.75 as the Host Name (under session) click on SSH radio
button.
and under Connection / SSH / Tunnels use L 5901 localhost:5900

Then on your VNC session use VNC Server of: localhost:1

That should get you connected.

Carl

----- Original Message -----
From: "Terence Van Hise" <tvh2k@optonline.net>
To: <vnc-list@realvnc.com>
Sent: Sunday, January 13, 2002 10:55 PM
Subject: Re: VNC over SSH


> Hmm...must be doing something wrong. I have TightVNC installed on a
windows
> machine, ip 192.168.1.102. I have OpenSSH running on linux machine, ip
> 192.168.1.75. I have putty set up under Connection->SSH->Tunnels with
> source port of 5901 and destination of "192.168.1.75:5900". I connect
> through putty, password authenticate, and get a bash shell just fine. I
> then try to scan port 5901 on the machine running putty, but get no
> response....the port appears to be closed.
>
> What's going on? Could this have something to do with the fact that I'm
> running ipchains on the linux machine? Again, I'm a newbie to linux, but
> I'm pretty sure that all my outgoing ports are open (":output ACCEPT" at
top
> of ipchains). I also tried adding this line to ipchains, to no avail:
>
> "-A input -s 0/0 -d 192.168.1.0/24 5900:5900 -p TCP -y -j ACCEPT"
>
> So what am I missing?
> Thanks a million!
>
> -Terence Van Hise
>
>
> ---------------------------------------------
> Message: 10
> From: "William Hooper" <whooper@freeshell.org>
> To: "VNC" <vnc-list@realvnc.com>
> Subject: Re: VNC over SSH
> Date: Sun, 12 Jan 2003 00:08:53 -0500
>
> ----- Original Message -----
> From: "Carl" <wc4h@bellsouth.net>
>
> [snip]
> > Under: Connection / SSH / Tunnels
> > Enter a port forward for Local
> > Source Port: 5901
> > Destination: localhost:5900
> > Click Add
> [snip]
>
> But since the OP wanted to go to a machine that is not the SSH server, VNC
> server's name or IP should go in the destination box. For example:
>
> Destination: vncserver:5900
>
> --
> William Hooper
>
> Any neural system sufficiently complex to generate the axioms of
arithmetic
> is too complex to be understood by itself.
>
>
> --__--__--
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list

> -----Original Message-----
> From: vnc-list-admin@realvnc.com
> [mailto:vnc-list-admin@realvnc.com] On Behalf Of Terence Van Hise
> Hmm...must be doing something wrong. I have TightVNC
> installed on a windows
> machine, ip 192.168.1.102. I have OpenSSH running on linux
> machine, ip
> 192.168.1.75. I have putty set up under Connection->SSH->Tunnels with
> source port of 5901 and destination of "192.168.1.75:5900". I connect
> through putty, password authenticate, and get a bash shell
> just fine. I
> then try to scan port 5901 on the machine running putty, but get no
> response....the port appears to be closed.

Do you have a VNC server running on display :0 of the Linux machine? If so
this is unusual. If not you need to change your port number to the correct
display. For example the first vncserver on Linux usually runs at display
:1, so you would need a source port of 5901 and a destination of
"192.168.1.75:5901". You would then try to connect by running the vncviewer
(on the machine with PuTTY) and connect to "localhost:1".

How did you run the port scan? By default PuTTY will only accept
connections from localhost for the forwarded ports.

> What's going on? Could this have something to do with the
> fact that I'm
> running ipchains on the linux machine? Again, I'm a newbie
> to linux, but
> I'm pretty sure that all my outgoing ports are open (":output
> ACCEPT" at top
> of ipchains). I also tried adding this line to ipchains, to no avail:
>
> "-A input -s 0/0 -d 192.168.1.0/24 5900:5900 -p TCP -y -j ACCEPT"
>
> So what am I missing?
> Thanks a million!
>
> -Terence Van Hise

Using SSH, all communication goes over the SSH port, so having port 5900
open to 192.168.1.0/24 on your Linux machine doesn't matter. As long as you
can talk to the SSH server, and you don't have any ipchains blocking the
localhost access to your VNC server, you should be OK.

--
William Hooper

On Wed, Oct 29, 2003 at 12:46:28PM +0000, Matthew Earwicker wrote:
>I'm sure this must be quite simple really, but I am
>not sure what figures to use where.
>
>Scenario:
>Windows 2k computer running VNCserver, internal IP
>address 192.168.0.1
>
>Redhat 9 proxy running sshd internal IP address
>192.168.0.254
>
>Firewall/router allowing incoming traffic to IP
>address PUBLICIP on port 5900 to be forwarded to
>internal IP 192.168.0.254 on port 5900.
>
>Redhat 8 desktop with ADSL connection to internet.
>
>What commands should I use to view Windows server on
>Redhat 8.
>
>Presumably ssh -l ...
>and then vncviewer ...
>
>But I'm not quite sure which IP address goes where
>(btw, if I dialin to the server I need to use the
>internal IP address rather than the name for my VNC
>connection).
>
>Any help gratefully received.

It's all right here, from the FAQ on the RealVNC web page.

http://www.uk.research.att.com/archive/vnc/sshvnc.html

HTH.

--
Michael

Matthew Earwicker said:
> I'm sure this must be quite simple really, but I am
> not sure what figures to use where.
>
> Scenario:
> Windows 2k computer running VNCserver, internal IP
> address 192.168.0.1
>
> Redhat 9 proxy running sshd internal IP address
> 192.168.0.254
>
> Firewall/router allowing incoming traffic to IP
> address PUBLICIP on port 5900 to be forwarded to
> internal IP 192.168.0.254 on port 5900.

If you are going to use an SSH tunnel you don't need these ports. You
just need the SSH port forwarded to your SSH server (192.168.0.254).

> Redhat 8 desktop with ADSL connection to internet.
>
> What commands should I use to view Windows server on
> Redhat 8.
>
> Presumably ssh -l ...
> and then vncviewer ...
>
> But I'm not quite sure which IP address goes where
> (btw, if I dialin to the server I need to use the
> internal IP address rather than the name for my VNC
> connection).

You are doing the "More advanced use" section of
http://www.uk.research.att.com/archive/vnc/sshvnc.html

ssh -L 5901:192.168.0.1:5900 externalIP

then

vncviewer localhost:1

The big thing you have to remember is the tunnel is created on the SSH
server, so any addresses used in the "5901:192.168.0.1:5900" part are
coming from the SSH server. As an example "5901:localhost:5900" would
open a tunnel to the SSH server's (it is localhost) port 5900.

The other thing to keep in mind (though it may not matter in your case) is
that communication from the SSH server to the VNC server in not encrypted,
communication from the Viewer to the SSH server is.

--
William Hooper

On Wed, 2003-10-29 at 15:01, William Hooper wrote:
> Matthew Earwicker said:
> > I'm sure this must be quite simple really, but I am
> > not sure what figures to use where.
> >
> > Scenario:
> > Windows 2k computer running VNCserver, internal IP
> > address 192.168.0.1
> >
> > Redhat 9 proxy running sshd internal IP address
> > 192.168.0.254
> >
> > Firewall/router allowing incoming traffic to IP
> > address PUBLICIP on port 5900 to be forwarded to
> > internal IP 192.168.0.254 on port 5900.
>
> If you are going to use an SSH tunnel you don't need these ports. You
> just need the SSH port forwarded to your SSH server (192.168.0.254).

Sorry, not sure which the port SSH uses (the main reason for the
question, actually since I read the FAQ first). Are you saying that the
ports 5900/5901 are only related to the two machines within the network,
and not to the connection between the remote computer and the network?

Matt

Matthew Earwicker said:
>> > Firewall/router allowing incoming traffic to IP
>> > address PUBLICIP on port 5900 to be forwarded to
>> > internal IP 192.168.0.254 on port 5900.
>>
>> If you are going to use an SSH tunnel you don't need these ports. You
>> just need the SSH port forwarded to your SSH server (192.168.0.254).
>
> Sorry, not sure which the port SSH uses (the main reason for the
> question, actually since I read the FAQ first).

By default port 22. man sshd:
" -p port
Specifies the port on which the server listens for connections
(default 22). Multiple port options are permitted. Ports
specified in the configuration file are ignored when a
command-line port is specified."

> Are you saying that the
> ports 5900/5901 are only related to the two machines within the network,
> and not to the connection between the remote computer and the network?

Using an SSH tunnel, yes. All traffic goes over the SSH port.

--
William Hooper

Siva,

You may find it easier to use VNC Enterprise Edition
(http://www.realvnc.com/products/enterprise), since this eliminates the need
for SSH tunnelling and allows the Java viewer to be served on the same port
as VNC connections if required.

Regards,

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin@realvnc.com
> [mailto:vnc-list-admin@realvnc.com] On Behalf Of GOKAVARAPU, Siva
> Sent: 03 April 2006 16:02
> To: vnc-list@realvnc.com
> Subject: VNC Over SSH
>
> Hi,
>
> We access VNC through browser to start and stop our
> application remotely
> .Currently we have provided VNC access via Firewall over
> 5800-5805 ports.
> However due to security constraints we were asked to tunnel
> VNC via SSH over
> port 22. I would like to check if we can access VNC via
> browser if we tunnel
> VNC via SSH? Do we need to have any SSH specific clients to
> access VNC or is
> it enough if the server on which VNC is started has SSH enabled.
>
> Please clarify.
>
> Thanks,
> Siva
>
> ********************************************************************
> Important.
> Confidentiality: This communication is intended for the above-named
> person(s) and may be confidential and/or legally privileged.
> Any opinions expressed in this communication are not necessarily
> those of the company. If it has come to you in error you must
> take no action based on it, nor must you copy or show it to anyone;
> please delete/destroy and inform the sender immediately.
>
> Monitoring/Viruses.
> Orange may monitor all incoming and outgoing emails in line with
> current legislation. Although we have taken steps to ensure that
> this email and attachments are free from any virus, we advise that
> in keeping with good computing practice the recipient should ensure
> they are actually virus free.
>
> Orange Personal Communications Services Limited is a subsidiary of
> Orange SA and is registered in England No 2178917,
> with its address at St James Court, Great Park Road,
> Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
>
> Orange Retail Limited is a subsidiary of Orange SA and is registered
> in England No 2439104, with its address at St James Court,
> Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
> ********************************************************************
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

GOKAVARAPU, Siva wrote on :

> Hi,
>
> We access VNC through browser to start and stop our
> application remotely
> .Currently we have provided VNC access via Firewall over
> 5800-5805 ports. However due to security constraints we
> were asked to tunnel
> VNC via SSH over
> port 22. I would like to check if we can access VNC via
> browser if we tunnel
> VNC via SSH? Do we need to have any SSH specific clients
> to
> access VNC or is
> it enough if the server on which VNC is started has SSH
> enabled.
>
Theoretically, if you port-forward (in SSH) both ports 580x and 590x it
should allow you to access through a browser. I don't know if anyone has
tried it, though... I know *I* have not, since I use the VNC viewer
application to connect to my desktop at home.

Second, unless you plan on having a "gateway" server on the outside of your
firewall and port-forward from there over SSH (which kind of defeates the
purpose of using SSH in the first place) you will have to have some sort of
SSH client on the viewer PC. I recommend PuTTY myself since it's so easy to
set up. Also, there are now versions of PuTTY which do not write to the
registry. Here's a link to one of them: http://socialistsushi.com/portaputty
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

On the mac, once ssh is up and before you connect with vnc, open up a console and use netstat to view waiting tcp services....do you see you local tunnelled tcp port waiting on 127.0.0.1?

Cheers,
John

----- Original Message -----
From: vnc-list-bounces@realvnc.com <vnc-list-bounces@realvnc.com>
To: vnc-list@realvnc.com <vnc-list@realvnc.com>
Sent: Sat Feb 27 05:28:53 2010
Subject: VNC over SSH


Hello there,

I've got a question about connecting to my VNC server over SSH from a
Macintosh.

I've got my VNC server running on a CEntOS 5.4 box. If I just enter the
IP address & firewall port (i.e. 10.16.0.136:7) I can connect fine using
Real VNC's "VNC Viewer Enterprise Edition" version E4.5.2 client
software from my Mac (OS X 10.5.8), or using the "VNC Viewer Free
Edition" version 4.1.2 on my PC (XP).

However, problems arise when I try to initiate a connection over SSH
(i.e. 10.16.0.136 localhost:7). On the PC, it seems to work fine
-- although, is there a way to verify that the connection is indeed over
SSH? The connection info panel doesn't seem to indicate either way.

On the Mac, when I try to connect over SSH, I get this error:

"getaddrinfo: nodename nor servname provided, or not known (8)"

A Google search turned up articles pointing to Apple's implementation of
OpenSSL. I was just curious if anyone else had this same problem.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Yes, it seems to be so, this is what I get:

Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 ::ffff:10.16.0.136:ssh
bos-jstevens.tmng.com:52357 ESTABLISHED


For what it's worth, I can ssh & scp into the box fine from the mac;
it's only when I add "localhost" to the VNC connection that I get the
error.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library
-----Original Message-----
From: John Serink [mailto:John_Serink@Trimble.com]
Sent: Saturday, February 27, 2010 8:23 AM
To: Byron Veale; vnc-list@realvnc.com
Subject: Re: VNC over SSH

On the mac, once ssh is up and before you connect with vnc, open up a
console and use netstat to view waiting tcp services....do you see you
local tunnelled tcp port waiting on 127.0.0.1?

Cheers,
John

----- Original Message -----
From: vnc-list-bounces@realvnc.com <vnc-list-bounces@realvnc.com>
To: vnc-list@realvnc.com <vnc-list@realvnc.com>
Sent: Sat Feb 27 05:28:53 2010
Subject: VNC over SSH


Hello there,

I've got a question about connecting to my VNC server over SSH from a
Macintosh.

I've got my VNC server running on a CEntOS 5.4 box. If I just enter the
IP address & firewall port (i.e. 10.16.0.136:7) I can connect fine using
Real VNC's "VNC Viewer Enterprise Edition" version E4.5.2 client
software from my Mac (OS X 10.5.8), or using the "VNC Viewer Free
Edition" version 4.1.2 on my PC (XP).

However, problems arise when I try to initiate a connection over SSH
(i.e. 10.16.0.136 localhost:7). On the PC, it seems to work fine
-- although, is there a way to verify that the connection is indeed over
SSH? The connection info panel doesn't seem to indicate either way.

On the Mac, when I try to connect over SSH, I get this error:

"getaddrinfo: nodename nor servname provided, or not known (8)"

A Google search turned up articles pointing to Apple's implementation of
OpenSSL. I was just curious if anyone else had this same problem.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Hi:

You appear to be running IPV6. Is that you intention?

Ok, BEFORE you connect VNC and after ssh is up, you need to make sure
that you have your tunnel up. You need to tell nestat to show you all
running services waiting for connections. What you have shown me below
is the connection between your sshd and the client machine
bos-jstevens.tmng.com. Here is the command you need:
netstat -a -n -t

Which is telling netstat, show me all ports, connected and those waiting
for connections (-a), shown me only ip addresses not the domain names
(-n) and show me only tcp ports (-t), don't show unix domain sockets or
udp sockets.

Now, when you run that on your Mac, if you set your ssh client up to
forward say port 12345 to socket 127.0.0.1:5900 on the VNC target, then
after you connect with ssh you should see a tcp server on the mac on the
socket 127.0.0.1:12345. You then connect to this socket with vnc,
vncviewer 127.0.0.1:12345 and it will send you to your Linux box's VNC
server.

To confirm that you are going through the ssh tunnel, do this:
Netstat -t -n | grep "IpAddress of you Linux Box"

You should see a single connection from your mac to the ssh port (22) of
you linus box even though you are connected to vnc and to ssh at the
same time. This means the vnc connection (to your locahost on 12345) is
actually going through the ssh tunnel.

Make sense?

Cheers,
John


-----Original Message-----
From: Byron Veale [mailto:bveale@njstatelib.org]
Sent: Wednesday, March 03, 2010 10:12 PM
To: John Serink; vnc-list@realvnc.com
Subject: RE: VNC over SSH



Yes, it seems to be so, this is what I get:

Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 ::ffff:10.16.0.136:ssh
bos-jstevens.tmng.com:52357 ESTABLISHED


For what it's worth, I can ssh & scp into the box fine from the mac;
it's only when I add "localhost" to the VNC connection that I get the
error.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library
-----Original Message-----
From: John Serink [mailto:John_Serink@Trimble.com]
Sent: Saturday, February 27, 2010 8:23 AM
To: Byron Veale; vnc-list@realvnc.com
Subject: Re: VNC over SSH

On the mac, once ssh is up and before you connect with vnc, open up a
console and use netstat to view waiting tcp services....do you see you
local tunnelled tcp port waiting on 127.0.0.1?

Cheers,
John

----- Original Message -----
From: vnc-list-bounces@realvnc.com <vnc-list-bounces@realvnc.com>
To: vnc-list@realvnc.com <vnc-list@realvnc.com>
Sent: Sat Feb 27 05:28:53 2010
Subject: VNC over SSH


Hello there,

I've got a question about connecting to my VNC server over SSH from a
Macintosh.

I've got my VNC server running on a CEntOS 5.4 box. If I just enter the
IP address & firewall port (i.e. 10.16.0.136:7) I can connect fine using
Real VNC's "VNC Viewer Enterprise Edition" version E4.5.2 client
software from my Mac (OS X 10.5.8), or using the "VNC Viewer Free
Edition" version 4.1.2 on my PC (XP).

However, problems arise when I try to initiate a connection over SSH
(i.e. 10.16.0.136 localhost:7). On the PC, it seems to work fine
-- although, is there a way to verify that the connection is indeed over
SSH? The connection info panel doesn't seem to indicate either way.

On the Mac, when I try to connect over SSH, I get this error:

"getaddrinfo: nodename nor servname provided, or not known (8)"

A Google search turned up articles pointing to Apple's implementation of
OpenSSL. I was just curious if anyone else had this same problem.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Thanks again for spending time on this...

IPv6 is enabled by default on Macs; I turned it off. It's not enabled
on the CEntOS box.

So I ssh into my server, and here's what I get from netstat:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:909 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:5906 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:5907 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
tcp 0 0 :::6000 :::*
LISTEN
tcp 0 0 :::80 :::*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 :::443 :::*
LISTEN
tcp 0 640 ::ffff:10.16.0.136:22 ::ffff:10.16.0.36:56455
ESTABLISHED

(I omitted a bunch of this last time -- wasn't sure what was actually
pertinent.)

I think I get the gist of what you're saying, but am clueless as to how
to "set your ssh client up to forward say port 12345 to socket
127.0.0.1:5900 on the VNC target."

Okay, little Google, little ssh man page, and guess what? It worked a
treat! I'm VNC'd in to my CEntOS box, and:

bveale$ netstat -nt | grep 10.16.0.136
tcp4 0 0 10.16.0.36.56522 10.16.0.136.22
ESTABLISHED

Thanks so much. It would be easier if VNC didn't flake out on me, but
hey, now I can securely connect to my server from my Mac (not to start a
flame war, but I try to avoid using the PC as much as possible), and
learned about ssh tunneling in the process...

Have a good one,

-Byron


Byron Veale
Webmaster
The New Jersey State Library
-----Original Message-----
From: John Serink [mailto:John_Serink@Trimble.com]
Sent: Wednesday, March 03, 2010 8:03 PM
To: Byron Veale; vnc-list@realvnc.com
Subject: RE: VNC over SSH

Hi:

You appear to be running IPV6. Is that you intention?

Ok, BEFORE you connect VNC and after ssh is up, you need to make sure
that you have your tunnel up. You need to tell nestat to show you all
running services waiting for connections. What you have shown me below
is the connection between your sshd and the client machine
bos-jstevens.tmng.com. Here is the command you need:
netstat -a -n -t

Which is telling netstat, show me all ports, connected and those waiting
for connections (-a), shown me only ip addresses not the domain names
(-n) and show me only tcp ports (-t), don't show unix domain sockets or
udp sockets.

Now, when you run that on your Mac, if you set your ssh client up to
forward say port 12345 to socket 127.0.0.1:5900 on the VNC target, then
after you connect with ssh you should see a tcp server on the mac on the
socket 127.0.0.1:12345. You then connect to this socket with vnc,
vncviewer 127.0.0.1:12345 and it will send you to your Linux box's VNC
server.

To confirm that you are going through the ssh tunnel, do this:
Netstat -t -n | grep "IpAddress of you Linux Box"

You should see a single connection from your mac to the ssh port (22) of
you linus box even though you are connected to vnc and to ssh at the
same time. This means the vnc connection (to your locahost on 12345) is
actually going through the ssh tunnel.

Make sense?

Cheers,
John


-----Original Message-----
From: Byron Veale [mailto:bveale@njstatelib.org]
Sent: Wednesday, March 03, 2010 10:12 PM
To: John Serink; vnc-list@realvnc.com
Subject: RE: VNC over SSH



Yes, it seems to be so, this is what I get:

Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 ::ffff:10.16.0.136:ssh
bos-jstevens.tmng.com:52357 ESTABLISHED


For what it's worth, I can ssh & scp into the box fine from the mac;
it's only when I add "localhost" to the VNC connection that I get the
error.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library
-----Original Message-----
From: John Serink [mailto:John_Serink@Trimble.com]
Sent: Saturday, February 27, 2010 8:23 AM
To: Byron Veale; vnc-list@realvnc.com
Subject: Re: VNC over SSH

On the mac, once ssh is up and before you connect with vnc, open up a
console and use netstat to view waiting tcp services....do you see you
local tunnelled tcp port waiting on 127.0.0.1?

Cheers,
John

----- Original Message -----
From: vnc-list-bounces@realvnc.com <vnc-list-bounces@realvnc.com>
To: vnc-list@realvnc.com <vnc-list@realvnc.com>
Sent: Sat Feb 27 05:28:53 2010
Subject: VNC over SSH


Hello there,

I've got a question about connecting to my VNC server over SSH from a
Macintosh.

I've got my VNC server running on a CEntOS 5.4 box. If I just enter the
IP address & firewall port (i.e. 10.16.0.136:7) I can connect fine using
Real VNC's "VNC Viewer Enterprise Edition" version E4.5.2 client
software from my Mac (OS X 10.5.8), or using the "VNC Viewer Free
Edition" version 4.1.2 on my PC (XP).

However, problems arise when I try to initiate a connection over SSH
(i.e. 10.16.0.136 localhost:7). On the PC, it seems to work fine
-- although, is there a way to verify that the connection is indeed over
SSH? The connection info panel doesn't seem to indicate either way.

On the Mac, when I try to connect over SSH, I get this error:

"getaddrinfo: nodename nor servname provided, or not known (8)"

A Google search turned up articles pointing to Apple's implementation of
OpenSSL. I was just curious if anyone else had this same problem.

Thanks,

-Byron


Byron Veale
Webmaster
The New Jersey State Library

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list