SSH command line syntax - port redirection

Some time ago I set up SSH on my dad's three computers so I could
assist him remotely if needed. For some time afterwards, everything
worked fine: I could work on the command shell, and also could tunnel
VNC through SSH for remote control. I've set up an account on each of
the machines, belonging to the Administrators group, which I can use
to connect. I've written two batch files, one to enable and start VNC,
SSH and my account, and one to stop and disable VNC, SSH and my
account, and put shortcuts on his desktop for those batch files, for
ease of use.

VNC tunnelling through SSH has stopped working, and I'm mystified. To
be fair, it's entirely possible that it's down to user error (and by
user I mean me rather than my dad) and I may have forgotten the magic
syntax to redirect a port, since it has been quite some time since I
last had to render assistance to the old man.

I'm using this command:

ssh -p 22 -L 5900:127.0.0.1:5900 -l <username> <Dad's IP address>

I get the familiar SSH login screen and can authenticate and work on
the command line. At the point of authentication I get an error
message that the shell could not change to /home/username due to
"access denied". I've checked the permissions on my profile directory
and my user account has Full Control, as has the System special
context. I don't know if this is related to my problem, or if it's
merely a minor annoyance.

When I try to connect to 127.0.0.1, VNC Viewer refuses to connect.
Checking for open ports shows that nothing is listening on port 5900
on my machine.

Conversely, on Dad's machine, VNC is listening on TCP port 5900 and so
is sshd. If I exit from the SSH console, sshd stops listening to port
5900. I'm mystified why two different applications are listening on
the same TCP port. I was under the distinct impression only one
application could use a given port at a time. I don't know if this is
relevant.

With regard to specifying the -p port number, Dad's three machines are
behind a NAT device. I've set ports, 22, 23, and 24 to forward to his
three machines, and configured sshd to listen to the appropriate port
on each machine. As indicated earlier, I can get a console session up
on all three systems. It's just tunnelled VNC I can't get working any
more.

I tried changing the -L parameter to 5901:127.0.0.1:5900 and
5900:127.0.0.1:5901. The latter choice prompted sshd to listen on port
5901 on Dad's machine.

Surely sshd should not be listening for connections on the remote
machine, but instead ssh should be listening on my machine, ready to
pass encrypted data to sshd on the remote host, whereupon sshd can
then make a local connection to 5900, opened by the VNC server?

All machines are running Windows XP. In case my own machine was acting
cranky I set up a spare machine to test; I get the same behaviour
regardless of which machine I use.

So, have I botched the command syntax somehow, or could something else
be causing the problem?

--
Alex
--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com