# SSH, Putty,Tightvnc and Tunneling questions[solved]

## zoe

Hello everyone,

yesterday i finished setting up my vnc server.i emerged tightvnc server and viewer and after a basic configuration of the files i'am able within my server to connet using 

 *Quote:*   

> 
> 
> vncviewer localhost:1
> 
> 

 

 and get a minimum environment.if i login from another pc within my Lan like using

 *Quote:*   

> 
> 
> vncviewer <ip address>:1
> 
> 

 

i can also see the same thing.so this is what i want to do.i want to connect from my job's xp machine through tightvnc in my home gentoo.i undertand after some reading that i have to set a secure connection (ssh) with putty for example and use some kind of tunneling and then just give a localhost in tightvnc and login with a minimum gui.i've opened a port in my router,for example 5901 but i still can't find a way to connect.i also understand that i should give a command like this

 *Quote:*   

> 
> 
> ssh -f -N -L localPort:vncServer:vncServerPort username@vncServerPort
> 
> 

  where localport is 5901 ,vncserver is user.domain.com but i don't understand what is this vncserver port??it would be something like 5900 and should i forward that port  too??and it would be perfect if someone done it with putty and give some specific instructions on how he did it.i've tried many combinations but i can't understand how to do it

please if anyone has any idea plz post it

thanks in advanceLast edited by zoe on Wed Aug 05, 2009 5:47 am; edited 1 time in total

----------

## cach0rr0

Ahhh, SSH tunnels. A firewall admin's worst nightmare, my best friend!

So, no specific example for VNC, but I do something similar - i have a tinyproxy instance listening on :8888 at my house. 

I forward that listener to localhost:8000 on my machine at work, and configure my browser to use *it* instead of going out directly, so that all my non-work web browsing is encrypted. 

the command I use for that is:

```

ssh -L 8000:localhost:8888 user@mydomain.com

```

Breaking it down:

8000 == the port I want the listener to be on, on my office computer. 

8888 == the port where tinyproxy is listening on my server at home

In your case, you'll want to:

-SSH in, using whichever user whose desktop it is you want to connect to using vnc, using the format described above. Then start vncserver as that user. 

-verify which port your new VNC instance is using on the server. 

-connect your vnc client to whichever port you've forwarded (e.g. the second port number in the above SSH example)

-for bonus points, add an .xinitrc so you get a *real* desktop like gnome or enlightenment rather than the minimal one

There may be some other switches you need to throw at your ssh command in order for it to do the X forwarding - not sure, I've usually done this through PuTTY, which just has a couple of tick boxes  :Smile: 

----------

## Cyker

On mine, I have my router forwarding port 22 on the external IP to port 22 on my server, and a vncserver running under my account (Started with just "vncserver").

Once that's in place, on the other machine I use this command to tunnel VNC through SSH:

```
ssh <mylogin>@<externalIP> -L 5900:localhost:5901
```

And then I run:

```
krdc localhost
```

And there you go!  :Very Happy: 

I use 5900 as the local port so I don't need to use "krdc localhost:1", but because vncserver under Linux does the :1, :2 etc thing, you need to forward it to 5901, 5902 etc.

You won't need any X forwarding stuff with VNC; It's nicely self-contained  :Smile: 

----------

## zoe

thanks both of you for your time ,really good explanation but i can't seem to understand some things.

 *Quote:*   

> 
> 
> I have my router forwarding port 22 on the external IP to port 22 on my server

 

What does this mean?i also opened my port 22 for for ssh in my ip 10.0.0.3.i also forward my 5961 port in the previous address in my pc at home(which runs the ftp,mysql,vncserver etc).

I understand the commands that you gave but i have a problem applying them in putty.also will i have to open a local port in my job pc?

sorry about all these questions but i can't understand how to use tunneling.Also when i was configuring my home vnc server i saw that i had to add port 177 in my /etc/kde/kdm/kdmrc,has this anything to do with port forwarding?

finally what do you mean

 *Quote:*   

> 
> 
> 8000 == the port I want the listener to be on, on my office computer.
> 
> 8888 == the port where tinyproxy is listening on my server at home 
> ...

 

how can i make my vncserver listen in a specific port,through port forwarding??

thanks again

----------

## cach0rr0

in putty, under the SSH Tunnels section

-tick the box beside "Local"

-enter in x.x.x.x:portyouwanttoforward

(example: if server at home is 192.168.1.100 and has VNC listening on 5900, you put in 192.168.1.100:5900)

-in the box that only accepts a port, key in the port you want VNC to listen on on your machine at work. 

-hit "Add"

with regards to what he mentions on the external 22 and internal 22 - all he means, is that he has port forwarding set up on his router, so that traffic coming into the public IP (which happens to be the external interface on his router!) gets forward to his server's NAT IP on 22. Standard stuff. 

In terms of what other ports you need to forward on the router/firewall, there should be *zero*. All of the other daemons' traffic should be encapsulated within an SSH stream. You only need access to port 22 (or whichever port your SSH listens on if using an alternate port of course!!) in order to do forwarding for VNC.

----------

## cach0rr0

as far as making your vncserver listen on a specific port, it should either tell you upon executing `vncserver`, OR

```

netstat -anp |grep vnc

```

Should show you which port VNC is listening on after you've started it up

----------

## zoe

ok this is what i'm doing and plz if you still have the time tell me why i can't connect.I open putty and in address i gine name.domain.org to port 22 and i'm going to tunnels.i check as you proposed the "local" and in destination i give 

 *Quote:*   

> name.domain.org:5961(through ssh and running netstat -lnptu in my home pc i see that Xvnc listens in 5961,80,5970)
> 
> 

 

 and in source port i give 5900

 *Quote:*   

> 
> 
> (in cmd from xp,in my work pc,and running netstat -a | find "LISTENING" - the result is this :TCP         testpc:5900        testpc:0           LISTENING).
> 
> 

 

I save my session and start it.when logged in i run tightvnc and give 

 *Quote:*   

> localhost:1

 .The result is 

 *Quote:*   

> Failed to connect to server

 

So if your're not angry(from all the questions of mine)!! already give a clue plz

thanks again

----------

## cach0rr0

the first part is likely the problem

you need your *internal* IP address, not the public one

so if you are in a NAT scenario where your hostname is hello.world.gr, your public IP is 82.x.x.x, and your private NAT'd IP is 192.168.x.x, you would use the private one. 

Your network card on the box at home has no idea what the public IP is. 

Remember, what you're doing is, telling the SSH daemon on your box at home to take port 5xxx on 192.168.x.x, and forward it to the host who is connecting on whichever port theyve specified. 

If that is unclear, post the output of `ifconfig` and I'll explain further. 

And nobody is angry, I don't think anyone minds the questions  :Smile: 

Maybe this guide would help as well - http://martybugs.net/smoothwall/puttyvnc.cgi

----------

## zoe

thanks for all the help.the output of ifconfig is this

 *Quote:*   

> 
> 
> eth0      Link encap:Ethernet  HWaddr 77:44:00:08:33:52
> 
>           inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.0.0.0
> ...

 

i understand what you are talking about (i think) but if i give 10.0.0.2 and port 22 in putty it will not understand where to go from there,unless it's all done with tunneling.i'm quite confused.and thanks for the link,i've seen it allready but he connects locally.i can connect locally too from another pc in my lan,i just give 10.0.0.2:1 in my tightvnc and i can see my server

thanks again

----------

## zoe

thanks for all the help.the output of ifconfig is this

 *Quote:*   

> 
> 
> eth0      Link encap:Ethernet  HWaddr 77:44:00:08:33:52
> 
>           inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.0.0.0
> ...

 

i understand what you are talking about (i think) but if i give 10.0.0.2 and port 22 in putty it will not understand where to go from there,unless it's all done with tunneling.i'm quite confused.and thanks for the link,i've seen it allready but he connects locally.i can connect locally too from another pc in my lan,i just give 10.0.0.2:1 in my tightvnc and i can see my server

thanks again

----------

## zoe

Ok thanks for the replies ,the help and the time.Problem is finally solved!i managed to connect and tunnel the ssh connection in order to view my home vnc server.if someone needs info about that can post here or send a pm

thanks again

----------

## cach0rr0

 *zoe wrote:*   

> 
> 
> ```
>           inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.0.0.0
> ```
> ...

 

So here's the key - 

You are correct that your SSH *client* does not know what 10.0.0.2 is

However, your SSH *server* (daemon) DOES know where 10.0.0.2 is; you are instructing the daemon to find 10.0.0.2, take whatever port you've specified (e.g. :5xxx) and forward it through an SSH tunnel to your client machine. Where on your client machine? To the port that you've specified in the top box of course! 

Hope that makes more sense

----------

## zoe

yes it does,after reading carefully your posts i understood that i had to use the name.domain.org to connect but the internal ip to understand where to tunnel the connection.i had a problem with ports but now everything works like a charm..

thanks again everyone

----------

## zoe

I have one more question but i don't know if i have to ask it here because the problem is solved or make a new post so plz tell me what's the correct to do.

i fixed my vnc and i can login from putty and tightvnc in my gentoo machine.the thing is that i want to see my desktop as it is.let me explain, the problem is that when I connect i open a new session, and when I close that session, all tasks running closes too.Is there a way to login to the session running in my server and keep it open when I close down tightvnc client, and then reconnect to that session on another time?

For now i just have fluxbox in my xstartup like that 

 *Quote:*   

> 
> 
> xrdb $HOME/ .Xrecourses
> 
> xsetroot -solid gray
> ...

 

and do my job but is there a way to make it right?

thanks in advance

EDIT:if i just add this line in my xstartup

 *Quote:*   

> 
> 
> exec /etc/init.d/xdm restart
> 
> 

 

i get a gray screen as when we where first installing beryl if you remember.though maybe because of compiz running in my home server and killed it but the same thing happens

thanks

----------

