RE: Rod Boyce: TightVNC over SSH?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> -----Original Message-----
> From: ben...@us... [mailto:ben...@us...]
> 
> Your recent email to the list suggested that you may be tunneling VNC 

The procedure for tunnelling VNC traffic over TLS is the same as any other
TCP protocol, thankfully.

> over SSH.  If so, do you have an easy, step-by-step FAQ on how to get 

I found quite a lot of information by googling:
http://www.google.com/search?q=putty+%22port+forward%22

LJ had a two-part article on VNC:
http://www.linuxjournal.com/article.php?sid=5499 and
http://www.linuxjournal.com/article.php?sid=5560 that would probably help
you out.

> it running?  I know I sound like a dunce, but I've been up 36 
> straight 
> hours trying to set up a secure network...:)

I'll reiterate my suggestion to use IPSec -- that'll create a true "secure
network."  The best part is that once you have it working, it's completely
effortless -- ALL IP traffic between here and there is encrypted.

> I'm running a RedHat Linux 7.3 system as the vnc server, and 
> a windows 
> 2000 Pro workstation as the client.  I have the link working 
> just fine 
> unencrypted, but my brain is a bit slow on getting the tunneling 
> working.  I'd like to use the sshd that installs with the RedHat, and 
> I'm currently useing PuTTY 0.51 on the windows client.

I'll try to explain this in general terms, so you're not tied down to any
specific software.  First, you'll want to establish a TLS/SSL tunnel between
the two hosts.  One endpoint of the tunnel should forward a local port (or
range of ports) through the tunnel, and the other should forward traffic
emerging from the tunnel to a local port (or range).

So, in your example, you have Xvnc (vncserver) running on :1, which is
listening on TCP port (5900 + n) = 5901.  You have a vncviewer running that
will look on your local TCP port 5901 (it doesn't have to correspond, but
for simplicity's sake) for a VNC server.  That much I assume you already
understand.  So, to establish a TLS tunnel, you should configure PuTTY to
forward your local TCP port 5901 to the endpoint's port 5901 (described in
detail in PuTTY's online documentation
http://the.earth.li/~sgtatham/putty/0.52/htmldoc/Chapter3.html#3.5).  Then,
once you log in you can just point the vncviewer to "localhost:1".

The OP seemed to be asking about an easier way to do the same, I assume that
he wanted an unauthenticated tunnel between the two hosts.  This would allow
him to establish a VNC session over TLS without logging in and keeping a
shell open (I feel his pain, especially with shell inactivity timeouts).
stunnel is probably your app of choice if that's what you're interested in
(http://www.stunnel.org/).

-Brian