[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Questions on SSH tunnel setup for 'tightvnc'

John Mills <johnmills at speakeasy.net> writes:

> ALErs -
> I'm setting up 'tightvnc' access to my RH-7.3 Linux box ("host") from
> another Linux system ("client" - Slack-9.1 over a laughably poor dial-up
> link) and have a couple of questions.
> When host and client are both running in my LAN I can VNC-connect no 
> problem without using SSH. I come in on host:5901 and the local viewer 
> connects me with an Xvnc instance I left running on host.
> Looking at the LTSP FAQ "VNC ssh port forwarding howto" by 
> <stevn.bartley at ints.com>, I'm losing track at a couple of points.
> Q1. FAQ example exports an 'xdm' login screen and seems to use xinetd and
> the client's connection to a designated port to start and (presumably)
> stop an instance of Xvnc, rather than connecting to an Xvnc started by a
> user. Is that correct?
> The FAQ example connects an arbitrary client port to the host port 
> assigned for vnc with the command:
>  % ssh -C -g -L <localport>:<host_IP>:<host_vnc_port> <host_IP>
>  followed by:
>  % vncviewer localhost:<localport>
> Q2. Where is the host told to expect 'ssh' at the port to which is will 
> connect Xvnc?

That's what the << -L <localport>:<host_IP>:<host_vnc_port> >> is for.
It makes connections to localhost:localport equivalent to connections
to host_IP:host_vnc_port, but pipes the data thru the ssh
connection. (Of course, sshd doesn't need to listen on host_vnc_port;
VNC does.) If you've already got a VNC server running on host_IP and
listening at host_vnc_port, the two commands above should get you
connected (securely).

> Q3. Do I need to start any task in host's rc.local to activate the xdm 
> login on <host_vnc_port>?

I think you just put entries in /etc/inetd.conf to tell inetd to start
VNC when it sees a connection to whatever port you want to connect
on. Disclaimer: I haven't ever actually done that; explicitly starting
a VNC session in rc.local works for me. The nice thing about doing it
via inetd is that you can have any number of VNC clients connected at
the same port, to different server instances (I believe).

> Thanks to anyone for wading through all that and helping me understand 
> what is being set up, or for further pointers.



-- Joe Knapka

(let ((antichrist 'me) (anarchist 'me))) -- the sexp-pistols.
If you really want to get my attention, don't reply to this;
instead, send mail to "jknapka .at. kneuro .dot. net."