From: Cain Brian-B. <Bri...@mo...> - 2002-08-21 15:52:50
|
> -----Original Message----- > From: ben...@us... [mailto:ben...@us...] > > Your recent email to the list suggested that you may be tunneling VNC The procedure for tunnelling VNC traffic over TLS is the same as any other TCP protocol, thankfully. > over SSH. If so, do you have an easy, step-by-step FAQ on how to get I found quite a lot of information by googling: http://www.google.com/search?q=putty+%22port+forward%22 LJ had a two-part article on VNC: http://www.linuxjournal.com/article.php?sid=5499 and http://www.linuxjournal.com/article.php?sid=5560 that would probably help you out. > it running? I know I sound like a dunce, but I've been up 36 > straight > hours trying to set up a secure network...:) I'll reiterate my suggestion to use IPSec -- that'll create a true "secure network." The best part is that once you have it working, it's completely effortless -- ALL IP traffic between here and there is encrypted. > I'm running a RedHat Linux 7.3 system as the vnc server, and > a windows > 2000 Pro workstation as the client. I have the link working > just fine > unencrypted, but my brain is a bit slow on getting the tunneling > working. I'd like to use the sshd that installs with the RedHat, and > I'm currently useing PuTTY 0.51 on the windows client. I'll try to explain this in general terms, so you're not tied down to any specific software. First, you'll want to establish a TLS/SSL tunnel between the two hosts. One endpoint of the tunnel should forward a local port (or range of ports) through the tunnel, and the other should forward traffic emerging from the tunnel to a local port (or range). So, in your example, you have Xvnc (vncserver) running on :1, which is listening on TCP port (5900 + n) = 5901. You have a vncviewer running that will look on your local TCP port 5901 (it doesn't have to correspond, but for simplicity's sake) for a VNC server. That much I assume you already understand. So, to establish a TLS tunnel, you should configure PuTTY to forward your local TCP port 5901 to the endpoint's port 5901 (described in detail in PuTTY's online documentation http://the.earth.li/~sgtatham/putty/0.52/htmldoc/Chapter3.html#3.5). Then, once you log in you can just point the vncviewer to "localhost:1". The OP seemed to be asking about an easier way to do the same, I assume that he wanted an unauthenticated tunnel between the two hosts. This would allow him to establish a VNC session over TLS without logging in and keeping a shell open (I feel his pain, especially with shell inactivity timeouts). stunnel is probably your app of choice if that's what you're interested in (http://www.stunnel.org/). -Brian |