Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

vnc over multiple ssh tunnels?

16 views
Skip to first unread message

Wes

unread,
Aug 1, 2009, 6:49:15 PM8/1/09
to
I have two windows boxes I'd like to get to using vnc. From where I want to access them
port 22 is open but most other ports I've tried are closed. Some of the typical open
ports, I already have tied up.

Anyway, can I port tunnel to one box on my home network and then tunnel again to another
box on my home network so I can use port 22 for any box on the network.

I am using tightvnc, have cygwin on all boxes, and usually use Putty to tunnel.

Thanks,

Wes

Todd H.

unread,
Aug 3, 2009, 2:56:57 AM8/3/09
to
Wes <clu...@lycos.com> writes:

> I have two windows boxes I'd like to get to using vnc. From where I want to access them
> port 22 is open but most other ports I've tried are closed.

Could you clarify this statement? I'm going to assume you're talkin
gabout what traffic is allowed out of the network that you're trying
to connect from to get home?

> Some of the typical open ports, I already have tied up.

such as 80 and 443, assumably.

> Anyway, can I port tunnel to one box on my home network and then
> tunnel again to another box on my home network so I can use port 22
> for any box on the network.
>
> I am using tightvnc, have cygwin on all boxes, and usually use Putty
> to tunnel.

If I understand your problem statement correctly, you wish to be able
to get to 2 boxes at home from some network away from home where you
know that outbound traffic destined for port 22 is allowed through
their outbound firewall?

For the sake of argument, let's call
o home box A 10.0.0.20 and
o home box B 10.0.0.21
o let's call the machine you'll be using as the ssh client on the
awayfromhome network "awayfromhome" and let's assume you have
openssh installed on it (via cygwin if it's a windows box)

If that's the case, you'll want:
o to set the router on your home network do port forwarding of
incoming port 22 on your home router to a box on your network
that runs sshd. That box needn't be box A or B, but it could be
if you wanted.
o prepare for large scale brute force attacks against your ssh
server if it lives on port 22. I'd probably disable password
based auth entirely and use public key.

then to set up yer 2 tunnels, this command should do it:

o awayfromhome$ ssh -p22 -L5900:10.0.0.20:5900 \
-L5901:10.0.0.21:5900 user@HOMEIP

then to connect via VNC, point the vnc viewer at the local listening
ports that are magically forwarded to the A and B boxes:

o point tightvnc to 127.0.0.1 port 5900 to get to box A's vnc server
o point tight vnc to 127.0.0.1 port 5901 to get to box B's vnc server.

--
Todd H.
http://www.toddh.net/

Mike

unread,
Aug 6, 2009, 4:31:57 PM8/6/09
to
First, what you'll need to do is set up both windows boxes with 2 different
ports for VNC. Make one port 5900 and the other port 5901.

I assume you have a ssh server set up at home (you must have this set up).
Then issue the following commands from your box at work (I used plink for
the example):

plink -N -PW MyPa$$w0rd -L 127.0.0.1:5900:127.0.0.1:5900
UserName@my_ssh_server_IP
plink -N -PW MyPa$$w0rd -L 127.0.0.1:5901:127.0.0.1:5901
UserName@my_ssh_server_IP

This will create two separate tunnels and you can connect to both of your
windows boxes at home (at the same time if you want to). On your VNC app,
for the IP address, you'd type:

youripaddress::5900

and

youripaddress::5901

"Wes" <clu...@lycos.com> wrote in message
news:VC3dm.477132$4p1.3...@en-nntp-03.dc1.easynews.com...

Mike

unread,
Aug 6, 2009, 5:01:21 PM8/6/09
to
Oops let me correct the plink command, it would be:

> plink -N -PW MyPa$$w0rd -L 127.0.0.1:5900:windowsbox1ip:5900
> UserName@my_ssh_server_IP
> plink -N -PW MyPa$$w0rd -L 127.0.0.1:5901:windowsbox2ip:5901
> UserName@my_ssh_server_IP


"Mike" <mike.m...@verizon.net> wrote in message
news:15Hem.888$nh...@nwrddc02.gnilink.net...

Wes

unread,
Aug 9, 2009, 6:02:01 PM8/9/09
to
comp...@toddh.net (Todd H.) wrote:

> o prepare for large scale brute force attacks against your ssh
> server if it lives on port 22. I'd probably disable password
> based auth entirely and use public key.


Thanks for the info. I'm reading yours and Mikes suggestion and it is slowly making sense
to me.

My sshd server is on a windows boxes using cygwin to provide the sshd server. I also use
tcp-wrappers to restrict access to only certain ip's. To deal with being at an ip I've
never been at before, I also have a netbsd shell account somewhere that I allow to
connect. So to connect from a new place, I log into the shell account somewhere, ssh into
my box from there to add the ip I'll be using to the hosts.allow file.

Then I can use ssh to connect from the foreign site.

Mike, thanks for the plink mention, I'm using putty on a U3 usb key to run tightvnc from.
Didn't know there was a command line interface to putty up to now.

Thanks,

Wes

0 new messages