Re: SSH port forwarding/tunneling question

From: peter pilsl (
Date: 06/25/04

Date: Fri, 25 Jun 2004 15:23:33 +0200

Wes Gray wrote:
> Before I waste a lot of time trying, I'm wondering if what I want is
> even possible. I want to connect via TightVNC from my home Linux system
> to my Win2k system at work. Unfortunately my work system is behind a
> firewall which filters out incoming ssh, so running an ssh server
> on the Win2k system at work won't fly. So my question is, is it
> possible to set up an ssh connection from a client machine (Win2k)
> to a server machine (my Linux box), then run VNC over it with
> the ssh client being the VNC server, and the ssh server being the
> VNC client? I'm hoping I can just set up a putty connection at
> work connected to home, then go home and run VNC back to it. Does
> that sound possible? If not, any other solutions to the problem?

from ssh manpage:

    -R port:host:hostport
              Specifies that the given port on the remote (server) host
is to be forwarded to the given host and port on the local side.

however: your solution has two big flaws:

* your company IT-stuff might kill you :)
* as soon as your connection breaks for a short period, the tunnel is

so the much better way is to ssh-connect the firewall using the
"-L"-switch to tunnel to your work-machine behind the firewall. For this
  you need a ssh-login at the firewall (which must *not* necessarily
invoke a shell).
If this is not possible, you would need a watchdog on your
office-machine that restarts the tunnel when it breaks which invokes
password-free ssh-keys ...

completely different solution (which does not solve the killing-problem
:) would be a VPN from your office-machine to your linux-machine. VPN
(based on pptp) is deeply implemented in windows and therefore offers
support for reconnect and all that stuff and will offer you a full
ip-connection through the firewall, including vnc-protocol and smb.