Thanks again for spending time on this... IPv6 is enabled by default on Macs; I turned it off. It's not enabled on the CEntOS box.
So I ssh into my server, and here's what I get from netstat: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:909 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5906 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5907 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::6000 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 640 ::ffff:10.16.0.136:22 ::ffff:10.16.0.36:56455 ESTABLISHED (I omitted a bunch of this last time -- wasn't sure what was actually pertinent.) I think I get the gist of what you're saying, but am clueless as to how to "set your ssh client up to forward say port 12345 to socket 127.0.0.1:5900 on the VNC target." Okay, little Google, little ssh man page, and guess what? It worked a treat! I'm VNC'd in to my CEntOS box, and: bveale$ netstat -nt | grep 10.16.0.136 tcp4 0 0 10.16.0.36.56522 10.16.0.136.22 ESTABLISHED Thanks so much. It would be easier if VNC didn't flake out on me, but hey, now I can securely connect to my server from my Mac (not to start a flame war, but I try to avoid using the PC as much as possible), and learned about ssh tunneling in the process... Have a good one, -Byron Byron Veale Webmaster The New Jersey State Library -----Original Message----- From: John Serink [mailto:john_ser...@trimble.com] Sent: Wednesday, March 03, 2010 8:03 PM To: Byron Veale; vnc-list@realvnc.com Subject: RE: VNC over SSH Hi: You appear to be running IPV6. Is that you intention? Ok, BEFORE you connect VNC and after ssh is up, you need to make sure that you have your tunnel up. You need to tell nestat to show you all running services waiting for connections. What you have shown me below is the connection between your sshd and the client machine bos-jstevens.tmng.com. Here is the command you need: netstat -a -n -t Which is telling netstat, show me all ports, connected and those waiting for connections (-a), shown me only ip addresses not the domain names (-n) and show me only tcp ports (-t), don't show unix domain sockets or udp sockets. Now, when you run that on your Mac, if you set your ssh client up to forward say port 12345 to socket 127.0.0.1:5900 on the VNC target, then after you connect with ssh you should see a tcp server on the mac on the socket 127.0.0.1:12345. You then connect to this socket with vnc, vncviewer 127.0.0.1:12345 and it will send you to your Linux box's VNC server. To confirm that you are going through the ssh tunnel, do this: Netstat -t -n | grep "IpAddress of you Linux Box" You should see a single connection from your mac to the ssh port (22) of you linus box even though you are connected to vnc and to ssh at the same time. This means the vnc connection (to your locahost on 12345) is actually going through the ssh tunnel. Make sense? Cheers, John -----Original Message----- From: Byron Veale [mailto:bve...@njstatelib.org] Sent: Wednesday, March 03, 2010 10:12 PM To: John Serink; vnc-list@realvnc.com Subject: RE: VNC over SSH Yes, it seems to be so, this is what I get: Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 ::ffff:10.16.0.136:ssh bos-jstevens.tmng.com:52357 ESTABLISHED For what it's worth, I can ssh & scp into the box fine from the mac; it's only when I add "localhost" to the VNC connection that I get the error. Thanks, -Byron Byron Veale Webmaster The New Jersey State Library -----Original Message----- From: John Serink [mailto:john_ser...@trimble.com] Sent: Saturday, February 27, 2010 8:23 AM To: Byron Veale; vnc-list@realvnc.com Subject: Re: VNC over SSH On the mac, once ssh is up and before you connect with vnc, open up a console and use netstat to view waiting tcp services....do you see you local tunnelled tcp port waiting on 127.0.0.1? Cheers, John ----- Original Message ----- From: vnc-list-boun...@realvnc.com <vnc-list-boun...@realvnc.com> To: vnc-list@realvnc.com <vnc-list@realvnc.com> Sent: Sat Feb 27 05:28:53 2010 Subject: VNC over SSH Hello there, I've got a question about connecting to my VNC server over SSH from a Macintosh. I've got my VNC server running on a CEntOS 5.4 box. If I just enter the IP address & firewall port (i.e. 10.16.0.136:7) I can connect fine using Real VNC's "VNC Viewer Enterprise Edition" version E4.5.2 client software from my Mac (OS X 10.5.8), or using the "VNC Viewer Free Edition" version 4.1.2 on my PC (XP). However, problems arise when I try to initiate a connection over SSH (i.e. 10.16.0.136 localhost:7). On the PC, it seems to work fine -- although, is there a way to verify that the connection is indeed over SSH? The connection info panel doesn't seem to indicate either way. On the Mac, when I try to connect over SSH, I get this error: "getaddrinfo: nodename nor servname provided, or not known (8)" A Google search turned up articles pointing to Apple's implementation of OpenSSL. I was just curious if anyone else had this same problem. Thanks, -Byron Byron Veale Webmaster The New Jersey State Library _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
