Thread: A couple more SSH / VNC questions
View Single Post
Benson's Avatar
Benson is offline Benson
2008-04-09 , 03:26
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#29
Originally Posted by cmdowns View Post
Thanks again to everyone for contributing to this thread. I'm learning a lot.

Okay, what jldiaz wrote really has started to make all this info come together for me. It particularly clarifies what Benson meant when he said

<stuff that vaguely made sense as I skimmed it quite hastily>

Finally, I think I understand this.
I think you got it.

But for some reason I can't make it work.
Uh-oh

I can set up the ssh session. xterm takes the command, and then prompts me with the CLI prompt appropriate for the Cygwin terminal. It really seems like the session is set up appropriately.

But VNC won't do anything with 127.0.0.1:1

I can connect to the XP box's VNC server directly at my.XP.box's.IP.address But that's not what we're shooting for.
I assume that's my.XP.box.IP:0 ? If it's a different display, then that would cause problems (you'd need to change which port you forward to).
If my ssh client is listening to the VNC client on 5901, then it should be able to send the VNC info through port 22 to the sshd server which can send it through port 5900 to the VNC server.

Could this be a problem with my router? I've tried setting up port forwarding, but I can't make anything work. But that doesn't seem right. If I can connect the ssh between the nokia and the XP box on port 22, and I can connect the VNC between the nokia and the XP box on port 5901, then how could the router interfere with the nokia's port 5900 ability to talk to the nokia's port 22 to talk to the xp box's port 22 which finally sends it to the XP box's 5900.
Exactly; if the SSH link is getting through, the router cannot impede a connection tunneled through. It's not the router.

And if I can connect to the VNC server, directly, and insecurely, does that mean that any damn computer on the internet with a VNC client can connect to my XP box directly and insecurely? Or does it just work for me because I my nokia and XP box happen to be on the same wlan.
Hopefully just cause you're on the same LAN. The question is which ports are you forwarding? If you're only forwarding the port you're using for ssh (presumably 22), and still blocking stuff like port 5900, you should be safe against other (outside) people; still vulnerable to anyone on your WLAN. WPA makes that hard, but why even allow it at all? We'll get to that later, but until you get things working through ssh, it's good to leave it (that far) open as a troubleshooting aid.


The most likely explanation at the moment seems to be that your XP box's VNC is not set up right.
If that's the case, you're in luck, cause we're both running tightVNC. I should be able to point you exactly to the relevant settings:
Double-click the tightVNC logo in the system tray to bring up the config dialog. On the Administration tab, there's a box with three checkboxes:
  • Disable empty passwords
  • Allow loopback connections
  • Allow only loopback connections
The first one should be unchecked if you want to be able to use an empty password (not no password, just a password of zero length; there's a difference.). Doesn't really matter.

The second one must be checked. It's off by default, to spare you from VNCing into your console from your console (heap bad medicine), and resulting pointer freeze and such. But the way the ssh tunnel ends on the local machine means that the outcoming VNC connection is indeed a loopback connection, and we must allow that.

The third one blocks all normal connection; then all that can get through is screen-grabbing horrors (don't do those) and VNC tunneled connections. It's probably wise to enable this at some point, but not necessary.

Those are the only relevant options I'm aware of.

G'luck in your struggles!
 

The Following User Says Thank You to Benson For This Useful Post: