[vox-tech] Tunneling vnc over ssh

Alex Mandel tech_dev at wildintellect.com
Fri Dec 8 13:12:20 PST 2006 

Henry House wrote:
> I normally do this to connect to my VNC session from a remote host with
> tunneling through ssh:
> 
> ssh wotan.hajhouse.org cat .vnc/passwd > .vnc/passwd
> ssh -CNf wotan.hajhouse.org -L 5902:wotan.hajhouse.org:5902
> xtightvncviewer :2 -passwd .vnc/passwd \
>    -encodings 'copyrect tight hextile zlib corre rre raw'
> 
> Surely there must be a more automatic way to set up the ssh tunnel and
> authenticate to the VNC server. I have looked at gnome-rdp and KDE's
> remote-desktop client, but neither has apparently any concept of vnc
> tunneled over ssh. In xtightvncviewer there is an option -via that
> appears to do what I want (setting up an ssh tunnel automatically), but
> my best effort at using it, 
> 
> sudo xtightvncviewer wotan.hajhouse.org:2 -via \
> hajhouse at wotan.hajhouse.org -passwd .vnc/passwd
> 
> did not work (the process hung, no vnc window appeared). The sudo in
> the above was necessary to allow xtightvncviewer to bind to a
> privileged port, the need for which I fail to grasp.
> 
> Has anybody used xtightvncviewer this way sucessfully?
> 
> 

Sounds like you should just write a script on your local machine to do 
these in order.

Typically I have port forward preconfigured by hostname in my .ssh file.
so I can just type:
ssh work
and it's asks me for my password and forwards 5900 to 5900 locally.
Example from http://linuxgazette.net/115/chirico.html:
## Linux Laptop .ssh/config ##
Host work
HostName 66.35.250.203
         User sporkey
         LocalForward 20000 192.168.0.66:80
         LocalForward 22000 192.168.0.66:22
         LocalForward 22139 192.168.0.8:139
         LocalForward 22110 192.168.0.5:110
(Your case) LocalForward 5902 5902
This solves the how to automate ssh.

As for the vncviewer, I have an icon setup on my toolbar that I click 
and it has all the parameters in it.(you could do this with a short 
script too)
just make a file(executable) and put
 >xtightvncviewer :2 -passwd .vnc/passwd \
 >    -encodings 'copyrect tight hextile zlib corre rre raw'

I'm not familiar with the password stuff you're doing but to be honest 
my vncserver isn't running by default. I actually turn it on once I'm in 
via ssh and then connect to the vnc.
Call it a little extra paranoia.

Alex

More information about the vox-tech mailing list