On Tue, Jan 15, 2002 at 10:10:18AM -0500, Chuck Renner wrote: > > WinVNC on ClientWS1 ---> SSH on ClientWS1 port 5500 --> Internet --> sshd on > MYFirewall port 443 --> VNCviewer on MyWS1 port 5500 > > Have I got the idea right? If so, I should be able to do this without > recompiling VNC at all.
Yup. Of course your situation is somewhat complicated by the fact that you have no control over one of the firewalls, but the solution you described should work fine. > I just need some help with SSH in Windows and sshd on the Linux machine. I > have no idea on how to do this forwarding/tunneling with SSH. I have never > used SSH for anything but a shell window before (and SCP for file transfer). I don't know the Windows SSH tools very well, but, if you find one that behaves like OpenSSH on Unix (I think there actually is an OpenSSH for Windows too), then you would initiate the connection from the Windows box with something like: ssh -nq -i key -l vnc -p 443 -L 5500:MyWS1:5500 MYFirewall sleep 30 Where "key" is a private key file which allows sshd to authenticate the ssh client without the user typing a password, "vnc" is a user account with no privildges on your firewall setup just for this purpose (and with the public side of "key" installed), "MyWS1" is the local IP address of your VNC client, and "MYFirewall" is the public IP or FQDN of your firewall with sshd running. You can also give ssh the -C option to turn on compression, which is a huge bonus if you are using anything slower than tight encoding or zlib encoding on the VNC connection. Your sshd default configuration will probably be fine except that you need to tell it to listen on port 443. The "sleep 30" just opens up a 30 second window for the VNC connection to get started. -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
