metho Posted May 17, 2009 Posted May 17, 2009 hi Guys, I have not made many posts on this forum before, but i have been watching the episodes regularly which have been very helpful and informative. i have a problem which i cant get my head around. VNC over SSH, i am sure many of yous have done it in past or are familiar with the concept. I have two (windows XP) PCs (just for testing purposes, but this project involves doing it on more PCs which i will outline later). i want to control my other PC through VNC (LAN) but i want to secure the traffic with SSH using FREESSHD server. tightvnc, freesshd and putty are the three software i need. the way i understand so far is that, i need to install freesshd and tightvnc server on the machine which i want to control and vnc viewer and putty which will be controlling the other pc. how do i do that what configurations do i require, why do i need the putty client for etc. can i set freesshd server on a separete pc which will on all the time, is yes, how do i configure the putty or vnc server to talk to freesshd server for encryption! any help would be appreciated, i am noob so take it easy, lol! -metho Quote
wetelectric Posted May 18, 2009 Posted May 18, 2009 hi Guys, I have not made many posts on this forum before, but i have been watching the episodes regularly which have been very helpful and informative. i have a problem which i cant get my head around. VNC over SSH, i am sure many of yous have done it in past or are familiar with the concept. I have two (windows XP) PCs (just for testing purposes, but this project involves doing it on more PCs which i will outline later). i want to control my other PC through VNC (LAN) but i want to secure the traffic with SSH using FREESSHD server. tightvnc, freesshd and putty are the three software i need. the way i understand so far is that, i need to install freesshd and tightvnc server on the machine which i want to control and vnc viewer and putty which will be controlling the other pc. how do i do that what configurations do i require, why do i need the putty client for etc. can i set freesshd server on a separete pc which will on all the time, is yes, how do i configure the putty or vnc server to talk to freesshd server for encryption! any help would be appreciated, i am noob so take it easy, lol! -metho From ssh machine 1 to machine 2: ssh user@xpmachine2.com -p22 -L 5970:127.0.0.1:5900 On machine 1: You will be able to view machine 2 over an ssh connection vncviewer 127.0.0.1:70 You are first creating an ssh session from machine 1 to machine 2 via the default ssh port of 22. I'm assuming the vncserver is running on the default port (5900) on machine 2. The "-L" bit: You are forwarding everything that occurs onport 5900 on machine 2 to the port 5970 on machine 1. This is your 'tunnel'. Since you have created the tunnel, just run vncviewer on the port on machine 1 - localhost. crap explanation, I know, but im sure other people will chime in. There's another way to to it with ssh, but I used the above because you get more of an idea of what is happening (I hope!). Quote
taiyed14 Posted May 18, 2009 Posted May 18, 2009 vncviewer 127.0.0.1:70 i think you mean vncviewer 127.0.0.1:5970 other than that, yes this is how it's done. all traffic generated and destined to VNCViewer will be directed to localhost port 5970, normally this would go nowhere, but the ssh connection listens for any connections to 127.0.0.1:5970 and forwards them to the remote ssh server. Quote
wetelectric Posted May 18, 2009 Posted May 18, 2009 i think you mean vncviewer 127.0.0.1:5970 Works for me. I have a mixed environment, usually linux to windows though. Quote
taiyed14 Posted May 18, 2009 Posted May 18, 2009 Works for me. I have a mixed environment, usually linux to windows though. i wasn't sure if 127.0.0.1:70 was a typo and you meant to put 127.0.0.1:5970 Quote
metho Posted May 19, 2009 Author Posted May 19, 2009 thanks very much for the reply.... ;) i installed freesshd and vnc server on my PC1. i can secure the traffic using putty (well, i think i can) by logging into shell. the next part is giving me hassle which is vncviewer, by default it should allow me to use 127.0.0.1(:5900) but i doesnt work instead i have to use the IP address of the host pc to connect, but i am sure it doesnt secure the traffic (or does it?, if i use the its ip address rather than localhost etc). could u tell me if i am doing something wrong! here is what i done! PC1 (22, 5900 are opened in the firewall) TightVnc Server allow loopback freesshd one user created PC2 (22, 5900 are opened in the firewall) Putty > Tunnel > 5900 127.0.0.1:5900 Login using host's ip address (works fine) type the user name of the FreeSShd user (works fine) next part vncviewer ( does not work 127.0.0.1 or 127.0.0.1:5900) but works with the host IP address!! what i am doing wrong?? Quote
taiyed14 Posted May 19, 2009 Posted May 19, 2009 where to start... you do not need port 5900 or 22 open on PC2 (the client) and im pretty sure dont need port 5900 open on PC1 (the server). That is the point of tunneling. if you connect to the vnc server with the servers IP address then you are not tunneling the traffic and it is not secured. Did you configure putty for an ssh tunnel, if so, what is the configuration? you shouldnt be connecting to localhost:5900, it should be something different, like localhost:5970. have you tried asking google for VNC over SSH with Putty guides? Quote
shawty Posted May 25, 2009 Posted May 25, 2009 ok, here's how my set-up works: I have an Ubuntu server that has a port opened on my router/firewall. This port is forwarded straight to the Ubuntu server, where SSH is served by OpenSSH on the standard port of 22, on my router I've opened port 8000 and forwarded that to the internal IP of my ubuntu server on 22. That gives us the following: |-------------| | Router | |---------------| 8000 ->> | | -->>> 22 --->>> | Ubuntu box | | 10.10.17.1 | |---------------| |--------------| (Sorry if the ascii gets messed up) At this point, you now have to remember 2 things. A) The ubuntu box can already see any other machine in your network, so you do NOT need to open extra ports on the firewall to get to those machines. B) The ONLY machine you need to connect to is your SSH, what port you open on your FW/Router and how is entirely up to you. Ok.. now you need to install VNC server onto the windows machines that you wish to remote, then have it active and running in service mode, check all is ok by running VNC viewer on one machine internal to your network and checking you can connect to the others. Once this works your good to go. From your remote machine (outside your network) fire up Putty, set up your connection params as required and save them, then in the putty options go down to SSH->Tunnels in the connection section. In the source port, put the port address you wish to use for your connection on the PC that you are currently sat in front of, bear in mind that it does NOT have to be 5900, it can be any port you want assuming that the machine your using gives you privileges to open ports (EG: your root, admin, or a user with those rights etc) In the destination box put the IP (or domain name) of the machine inside your network you want to connect to followed by : and the port number. So EG: if you installed VNC on the standard port of 5900 and your win-pc was called mywinbox, then you would enter mywinbox:5900 Click the add button. You will then see this entry get added to the tunnel list. At this point, you can connect to your SSH, enter your user name/password then minimise the putty window. Fire up VNC and connect to the local port you added above, and you should see your remote desktop. You can add as many tunnels to as many different hosts as you like, and give them all different local addresses, but tunnel them all through the same SSH session. For more info see the article i wrote on the subject for "Enterprise IT Planet" which you can find at http://www.enterpriseitplanet.com/networki...cle.php/3798541 Quote
wetelectric Posted May 26, 2009 Posted May 26, 2009 snippage http://www.enterpriseitplanet.com/networki...cle.php/3798541 Listen, install copSSH and use the command line. You will kick yourself when you find out how easy it is. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.