RE: VNC-SSH Help

From: Ben Voigt <bvoigt_at_**********.***>
Date: Mon Dec 29 2003 - 02:47:35 EST

No, your connection is not secure. This is because the java client always
connects using the IP address it was accessed from.

In order to use the java client, you should do
'ssh -T -L5900:server1:5900 -L5800:server1:5800 -C -N username@server1'
and connect using http://localhost:5800

Then the java client will be downloaded through the tunnel, and subsequently
connect to VNC at localhost:5900 (also tunnelled and secure).

To verify, use 'netstat -a' and make sure that the only TCP connection to
the remote computer is ssh to port 22. There should NOT be any TCP
connections from the viewer to port 5900 on the server, as these would be
unencrypted.

****************************

Ben Voigt
University of Pennsylvania
Electrical Engineering PhD Student

voigt@seas.upenn.edu <mailto:voigt@seas.upenn.edu>
BVoigt@kas.com <mailto:BVoigt@kas.com>

Support a Constitutional Amendment to protect the Pledge of Allegiance and
National Motto.
Click here for more information. <http://www.wepledge.com/>

****************************

-----Original Message-----
From: ssh-l-bounces@erdelynet.com [mailto:ssh-l-bounces@erdelynet.com]On
Behalf Of Neil
Sent: Friday, December 26, 2003 4:27 AM
To: ssh-l@erdelynet.com
Subject: VNC-SSH Help

Hi,

I have been using VNC for remotely administering a NT server, 'Server1'. I
wanted to make it more secure. I followed the documents and installed
Cygwin, configured 'sshd' (on the same VNC server). Started the service by
using 'cygrunsrv -S sshd'. From another command prompt I ran 'ssh -T -L
5901:server1:5900 -C -N username@server1'.
After entering the password, that screen does not give any message. I am
connecting to VNC server from a client's browser using
'http://server1:5800'.
Is my connection secure now? How do I find out that VNC transactions are
through SSH? Sorry, I am new to ssh.

TIA 

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to
http://tech.erdelynet.com/mailman/options/ssh-l#subscribers
and enter your email address at the bottom.
If you don't know your password, have it emailed to you. Then unsubscribe.
---
--- Incoming mail is certified Virus Free by AVG ---
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.555 / Virus Database: 347 - Release Date: 12/23/2003
--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/options/ssh-l#subscribers
and enter your email address at the bottom.
If you don't know your password, have it emailed to you. Then unsubscribe.
Received on Mon Dec 29 03:00:23 2003

This archive was generated by hypermail 2.1.8 : Fri Jul 29 2005 - 17:34:04 EDT