ssh tunnels

I'm using cygwin to run openssh. My goal is to set up VNC so that it runs through the ssh tunnel, but I can't figure out what I need to do.

I am using putty to connect remotely fine. I set up the tunnel w/ a source port of 5900 and the destination to be the ipaddress5900

When I open up my vnc viewer and type in localhost, it tells me it's disconnecting. I'm trying to connect to a windows machine....

Does anyone have any suggestions?

Is the VNC server on the same host as you're logging into with SSH? If so, you have to configure the destination end of your tunnel with as localhost5900. You must remember that the destination is from the perspective of the remote host (SSH server), not the local host (SSH client). So you're telling SSH to connect the local client's localhost5900 to the remote system's localhost5900. Now if the VNC server is on a [i9fffb4c138]different[/i9fffb4c138] host than the SSH server, then you would use the VNC server's IP or hostname. You would think you could also use the IP/hostname in a localhost scenario, but I've had problems with that working in the past. So I've always used localhost when my destination was on the SSH server.

Then just point your VNC viewer to localhost0 to actually login to the [i9fffb4c138]remote[/i9fffb4c138] host's localhost5900. You must specify 0 (screen number 0) if you want to connect to port 5900, because VNC uses the screen number as an offset from the base port of 5900. Now I've had VNC tunnel configurations before where I had to do some weird math such as subtracting 5900 from 65535 and using that for the screen number, but I don't recall why. Probably a screwed up tunnel config, and I figured it out by sniffing the connection attempt to see what port it was trying to use. Hopefully you don't run into that.

[quoteca0f2a1386="dmorris68"]Is the VNC server on the same host as you're logging into with SSH? If so, you have to configure the destination end of your tunnel with as localhost5900. You must remember that the destination is from the perspective of the remote host (SSH server), not the local host (SSH client). So you're telling SSH to connect the local client's localhost5900 to the remote system's localhost5900. Now if the VNC server is on a [ica0f2a1386]different[/ica0f2a1386] host than the SSH server, then you would use the VNC server's IP or hostname. You would think you could also use the IP/hostname in a localhost scenario, but I've had problems with that working in the past. So I've always used localhost when my destination was on the SSH server.

Then just point your VNC viewer to localhost0 to actually login to the [ica0f2a1386]remote[/ica0f2a1386] host's localhost5900. You must specify 0 (screen number 0) if you want to connect to port 5900, because VNC uses the screen number as an offset from the base port of 5900. Now I've had VNC tunnel configurations before where I had to do some weird math such as subtracting 5900 from 65535 and using that for the screen number, but I don't recall why. Probably a screwed up tunnel config, and I figured it out by sniffing the connection attempt to see what port it was trying to use. Hopefully you don't run into that.[/quoteca0f2a1386]
Seriously, I'm beginning to read your responses like I read Engadget. +Karma

[quotee88973729b="jwwws"][quotee88973729b="dmorris68"]Is the VNC server on the same host as you're logging into with SSH? If so, you have to configure the destination end of your tunnel with as localhost5900. You must remember that the destination is from the perspective of the remote host (SSH server), not the local host (SSH client). So you're telling SSH to connect the local client's localhost5900 to the remote system's localhost5900. Now if the VNC server is on a [ie88973729b]different[/ie88973729b] host than the SSH server, then you would use the VNC server's IP or hostname. You would think you could also use the IP/hostname in a localhost scenario, but I've had problems with that working in the past. So I've always used localhost when my destination was on the SSH server.

Then just point your VNC viewer to localhost0 to actually login to the [ie88973729b]remote[/ie88973729b] host's localhost5900. You must specify 0 (screen number 0) if you want to connect to port 5900, because VNC uses the screen number as an offset from the base port of 5900. Now I've had VNC tunnel configurations before where I had to do some weird math such as subtracting 5900 from 65535 and using that for the screen number, but I don't recall why. Probably a screwed up tunnel config, and I figured it out by sniffing the connection attempt to see what port it was trying to use. Hopefully you don't run into that.[/quotee88973729b]
Seriously, I beginning to read your responses like I read Engadget. +Karma[/quotee88973729b]

I am just trying to understand what I just read. I always feel like an idiot after he posts.

[quotec3bac99edf="dmorris68"]Is the VNC server on the same host as you're logging into with SSH? If so, you have to configure the destination end of your tunnel with as localhost5900. You must remember that the destination is from the perspective of the remote host (SSH server), not the local host (SSH client). So you're telling SSH to connect the local client's localhost5900 to the remote system's localhost5900. Now if the VNC server is on a [ic3bac99edf]different[/ic3bac99edf] host than the SSH server, then you would use the VNC server's IP or hostname. You would think you could also use the IP/hostname in a localhost scenario, but I've had problems with that working in the past. So I've always used localhost when my destination was on the SSH server.

Then just point your VNC viewer to localhost0 to actually login to the [ic3bac99edf]remote[/ic3bac99edf] host's localhost5900. You must specify 0 (screen number 0) if you want to connect to port 5900, because VNC uses the screen number as an offset from the base port of 5900. Now I've had VNC tunnel configurations before where I had to do some weird math such as subtracting 5900 from 65535 and using that for the screen number, but I don't recall why. Probably a screwed up tunnel config, and I figured it out by sniffing the connection attempt to see what port it was trying to use. Hopefully you don't run into that.[/quotec3bac99edf]

I was trying to follow but I'm getting lost. I do have the ssh server and the vnc server on the same machine. Do I need to set anything else up on the machine if I can ssh into it already?

If I'm all set on the server side then, I just need a little help getting my remote settings down. Namely things in putty. Can you tell me explicitly what I need to do? Thanks dmorris.

Make sure SSH and VNC both work, without tunneling. Is this a Windows box? Is it TightVNC or another flavor of VNC? TightVNC has a server setting to enable Looback connections, but I think the others require a registry edit on Windows. Also make sure tunneling is enabled in the SSH server configuration.

Consult this page[=http//www.trekweb.com/~jasonb/articles/vnc_ssh.shtml]this page to see if it helps.

Once you have all that figured out, create a Putty session and in the settings, go to Connection->SSH->Tunnels and type in the client port you want to connect to (say 5900) in the Source Port field. In the Destination field, enter localhost5900 (or whatever the listening port is on the VNC server). Leave the other settings at default. Click Add to create the tunnel configuration. Then every time you login via that Putty session, you'll have the tunnel created. Connect your VNC Viewer to localhost5900 (use the port you configured in the Source Port setting).

I am using tightvnc and I already did that. I need to make sure tunneling is enabled in my ssh server. The putty stuff you said is a little different than I had tried before. Thanks for the info. I will give it a try.

Do it my way. I Keep annoying my webhost everytime I need to make a change on server files Mysql configuration (my.cnf) / Apache, etc.

lol...it's more about setting up a secure way to control remote machines for family members or to access resources that I'm not within 5 minutes of driving to...Not really server stuff.

You can also try to get your hands on RealVNC Enterprise. It comes with 256bit AES encryption out of the box.

If not, I set up vnc, ftp, samba, and most other crap over ssh, so feel free to IM.