Re: SSH port forwarding/tunneling question

From: peter pilsl (pilsl_at_goldfisch.at)
Date: 06/25/04 

Date: Fri, 25 Jun 2004 15:23:33 +0200

Wes Gray wrote:
> Before I waste a lot of time trying, I'm wondering if what I want is
> even possible. I want to connect via TightVNC from my home Linux system
> to my Win2k system at work. Unfortunately my work system is behind a
> firewall which filters out incoming ssh, so running an ssh server
> on the Win2k system at work won't fly. So my question is, is it
> possible to set up an ssh connection from a client machine (Win2k)
> to a server machine (my Linux box), then run VNC over it with
> the ssh client being the VNC server, and the ssh server being the
> VNC client? I'm hoping I can just set up a putty connection at
> work connected to home, then go home and run VNC back to it. Does
> that sound possible? If not, any other solutions to the problem?
>

from ssh manpage:

    -R port:host:hostport
              Specifies that the given port on the remote (server) host
is to be forwarded to the given host and port on the local side.

however: your solution has two big flaws:

* your company IT-stuff might kill you :)
* as soon as your connection breaks for a short period, the tunnel is
broken.

so the much better way is to ssh-connect the firewall using the
"-L"-switch to tunnel to your work-machine behind the firewall. For this
  you need a ssh-login at the firewall (which must *not* necessarily
invoke a shell).
If this is not possible, you would need a watchdog on your
office-machine that restarts the tunnel when it breaks which invokes
password-free ssh-keys ...

completely different solution (which does not solve the killing-problem
:) would be a VPN from your office-machine to your linux-machine. VPN
(based on pptp) is deeply implemented in windows and therefore offers
support for reconnect and all that stuff and will offer you a full
ip-connection through the firewall, including vnc-protocol and smb.
(http://www2.goldfisch.at/knowledge/195)

best,
peter 

-- 
http://www2.goldfisch.at/know_list
http://leblogsportif.sportnation.at

Relevant Pages

  • Re: Remote Desktop Connection
    ... You can try a free two user version of SSL-Explorer to try it out. ... SSL-Explorer also supports a web based RDC and VNC access to desktop PCs on your network. ... OpenVPN is completely free like SSH. ... What if i have a linkys WiFi router, and does not have vpn feature, how could i secure the connection? ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH tunneling/port forwarding and stateful packet inspection
    ... You wrote, several times, that your "packet showed it was SSL" traffic. ... firewall could not see inside the stream because it was encrypted by SSL, ... connection somewhere in this scenario, so I was making sure you understood ... -- then the answer is of course, no. SSH ...
    (comp.security.ssh)
  • Re: FC3 Security
    ... When I said I would eliminate ssh, then they said that they don't ... >>gives out IP addresses and actually owns the network. ... >of services which could be handled by one server and a firewall. ... This is an always-on cellular connection - not ...
    (Fedora)
  • Re: Remote access PC support
    ... >>You can always tunnel the VNC connection through SSH. ... Naturally, if you do not have a firewall box to SSH into first, ... Double click PuTTY and enter the hostname or IP of your firewall ...
    (Debian-User)
  • Re: Remote access
    ... company firewall, which I have no control over, that I wish to gain access ... What I'm thinking is using ssh to forward a port, 3389, to another computer ... like to have the remote Fedora system connection to the middle man computer ...
    (Fedora)