Thread: A couple more SSH / VNC questions
View Single Post
jldiaz's Avatar
jldiaz is offline jldiaz
2008-04-09 , 09:51
Posts: 48 | Thanked: 40 times | Joined on Apr 2008 @ Spain
#30
Originally Posted by cmdowns View Post
If I'm getting this right (and there's probably at least 50 50 odds), then jldiaz's diagram clearly illustrates the four machines.
In fact, in my diagram only two machines are depicted, but you are right, each of the four processes depicted could be running in a different machine.

For example, you could have two secure LANs, but an insecure WAN connecting the two LANs. You can use ssh/sshd to provide a secure tunnel through the WAN, and thus allowing a secure communication between any machine on the first LAN with any machine on the second LAN.

The following convolved example is not really neccesary, but for the sake of the completness, let me elaborate it.

Llet us assume that you have a secure LAN at your home, with two machines, with IPs: 145.24.12.10 and 145.24.12.11, The first one is a WindowsXP in which you have installed Cygwin/sshd. The second one is an old Windows98, without any ssh software installed, but with a VNC server running on display 0.

At your work, you have a secure LAN, in which it is your desktop PC, running Windows2000, with IP 220.30.140.100. You have a VNC client in this PC, but no ssh software. You would like to connect this VNC client in the Windows2000 machine, with the VNC server of your Windows98 PC, at home. However, the insecure WAN connecting the two LANs is intimidating you...

Fortunately, you have your Nokia n810 with you, in which you have a ssh client installed. You connect your n810 to the LAN of your office (and it gots the IP 220.30.140.101), and then you use the ssh in your nokia to make a tunnel to your Windows98 machine at home. Then, you connect the VNC client of your Windows2000 through this tunnel, and you got the desired and secured connection.

How could this be done? I left it as an exercise to the reader.. :-)

Originally Posted by cmdowns View Post
Finally, I think I understand this.
Yes, you got it. You should be able to solve the above exercise.

Originally Posted by cmdowns View Post
But for some reason I can't make it work.
The only possible reason, IMHO, is that your VNC server forbides clients coming from localhost. Check the options of the server. The router cannot interfere, because, as you realized, you got the ssh/sshd connection.

Originally Posted by cmdowns View Post
And if I can connect to the VNC server, directly, and insecurely, does that mean that any damn computer on the internet with a VNC client can connect to my XP box directly and insecurely? Or does it just work for me because I my nokia and XP box happen to be on the same wlan.
Most likely anyone can connect to your XP box directly, unless your router is blocking port 5900. This is why is a good idea to configure your VNC server either for asking a password, or alternatively for accepting only clients coming from localhost (i.e., in our case, coming from the ssh tunnel).
__________________
--ル Diaz
Last edited by jldiaz; 2008-04-09 at 10:00.
 

The Following User Says Thank You to jldiaz For This Useful Post: