4064 Views 3 Replies Latest reply: Mar 30, 2011 11:15 AM by BobHarris
The ssh tunnel should look like:
ssh -N -L 22590:localhost:5900 firstname.lastname@example.org
If you were really using 1234, then you were most likely trying to use a privileged port without being root. I think the current privileged port range is 1-4096 (I could be wrong).
Instead of laptopmac use localhost.
Then connect using:
Or in Chicken specify Host: localhost, and port as 22590.
NOTE: 22590 can be any port greater than the privileged port range. I choose the 22 to remind me it is associated with ssh, and the 590 to remind me it is related to the 5900 VNC port. You can choose any high numbered port as long as it is not a privileged port and does not steal a port that is currently in use on your local system.
The first port number is the port for the client system's end of the tunnel (eg. 22590).
The localhost:5900 pair are sent to the ubuntu system, where they are resolved.
The reason for localhost:5900 being passed to the ubuntu system is that ssh allows the ubuntu system to be a gateway to a 3rd system. So you could have said -L 22590:system.visible.to.ubuntu:5900, which would allow the ubuntu system to forward your tunnel traffic to a system that is only visible to the ubuntu system. However, if the ubuntu system is the destination for the tunnel traffic, then you specify 'localhost' so that the ubuntu system passes your port 5900 traffic to itself.
So the vnc://localhost:22590 'localhost' is NOT the same as the -L 22590:localhost:5900 'localhost' The first is being resolved on the client system so that your VNC client will talk to the local end of your tunnel. The second tells the ubuntu system that tunnel traffic it receives should be sent to its own port 5900, and not to some 3rd system.
By the way, Terminal, Unix, X11, and command line command, ssh, rsync, etc... questions are best asked in the Mac OS X Technologies > Unix Forum
Seems to be working. Thanks a bunch. This will be so cool to do. I shall remember to post about these kinds of topics in those forums from now on. So this is a secure way of doing it, correct? If I were to command-k then enter
it would be using the localhost tunnel end, right? Either way is just as secure? You're saying I could have my Ubuntu system go into yet another system? VNC within VNC or something? Crazy. Sorry about the questions. It's working. I'll test a few different areas and see if it stays working.
So this is a secure way of doing it, correct?
If I were to command-k then enter
it would be using the localhost tunnel end, right?
You can also (from a 2nd terminal session window) enter
Either way is just as secure?
You're saying I could have my Ubuntu system go into yet another system? VNC within VNC or something? Crazy.
The Ubuntu system can be a gateway to a 3rd system. But NOT VNC within VNC. Rather using
ssh -L 22590:3rd.system.address:5900 email@example.com
Will create a secure tunnel between you and the ubuntu system. As your VNC packets come out of the remote end of the tunnel, the ubuntu system will forward those packets to the 3rd.system.address port 5900. From the ubuntu system to the 3rd.system.address these packets will NOT be in the tunnel. They will be just ordinary packets on the network from ubuntu to 3rd.system.address.
The use of this gateway configuration is when the middle system is acting as a gateway between the public network and systems not normally visible, and it is assumed that the network between the gateway system and the 3rd system is in a secure environment (that is to say, everyone behind the gateway is trusted, just like you would trust the other members of your family at home).
Sorry about the questions. It's working. I'll test a few different areas and see if it stays working.