I'm not very familiar with VNC (I've never actually installed it).
However, it sounds like you could use local firewall features (IPFW) to
restrict access to the VNC server port to connections from localhost [the
SSH server].
On a related application, the SSH Secure Shell for Workstations (the
commercial Windows client, available from www.ssh.com) includes a
command-line client that fully supports piping stdin/stdout through the
SSH client on Windows. Most of our Windows developers use it
with WinCVS to securely use a Unix-based CVS server (that of course
has SSH server running).
I'm not sure if the same setup can be used with VNC, but it might be worth
giving a thought as well.
Tatu
--
SSH Communications Security http://www.ssh.com/
SSH IPSEC Toolkit http://www.ipsec.com/
SSH(R) Secure Shell(TM) http://www.ssh.com/ssh
On Mon, 5 Feb 2001, lafleur wrote:
> Hi,
>
> I am relatively new to ssh and I'd like to know if it is possible to do
> the following:
>
> I want to force the VNC server to only accept connection thru an ssh
> secure pipe.
>
> By following the instructions on the VNC site I was able to establish a
> secure pipe to my server from a windows machine then connect to an open
> VNC session using the secure pipe, but the session is still available
> for regular TCP connections. In other words I wat to do the following:
>
>
> ------------|
> |--------------------
> LINUX BOX
> |
> | A Windows 9X client
> running VNC
> |
> | running VNC client and
> |
> |
> | |
> v
> |
> | v
> SSH<------------>some insecure network<----------------ssh-client
>
> |
> |
> ------------|
> |---------------------
>
>
> The right-hand side of the drawing I have sorted out. The server side is
> still a mystery. How do I convince VNC to only use and ssh pipe and
> refuse connection from any other tcp port?
>
> Thank you,
>
> MGL
>
>
