Rich Lafferty ()
Tue, 13 Jul 1999 15:02:50 -0400
Quoting Angel Martin Alganza () from Tue, Jul 13, 1999 at 07:47:12PM +0200:
> On Tue, 13 Jul 1999, Rich Lafferty wrote:
>
> > with the speed, I tried sending it over a compressed SSH tunnel.
>
> How does one do so? Is there any documentation on how to set it up?
>
> Thanks,
> Angel
There's "man ssh", of course. But here's what I did...
There are three machines involved -- joshu, my home Linux box (and the
VNC client machine); bofh, my work Mac (and the VNC server machine),
and alcor, a Unix system on the same Ethernet network as bofh.
SSH allows for compressed and encrypted tunnels to be set up alongside
its terminal connections. Since there's no SSH server on the Mac, I
set up a compressed, encrypted tunnel between joshu (on an insecure
public dialup) and alcor, and then connected from alcor to bofh with
a normal connection. In other words,
joshu--->joshu==============>alcor--->bofh
where --- is unencrypted and uncompressed, and ==== is encrypted and
compressed. Note that the first uncompressed link is on the loopback
interface (ie, "localhost"), so can be considered secure and is
negligible in terms of speed, and that the last uncompressed link is
within my organization, so is on a fast network and is relatively
secure. The unsecure and slow link between joshu and alcor (over a
modem) is where SSH comes in handy, encrypting the link and
compressing the data sent over it.
The VNC server would be running on bofh, on port 5900 (for display 0).
On joshu, I'd do the following commands:
joshu:~$ ssh -C -L5901:bofh:5900 alcor
(which says, set up a compressed (-C) local ssh tunnel (-L) from local
port 5901 to alcor, and have alcor connect to bofh's port 5900.)
Then, since we're using port 5901 locally (which is display 1 to VNC),
joshu:~$ vncviewer localhost:5901
and up comes bofh's VNC display 0, compressed and encrypted along the way.
(The behavior of the -L option is sort of nonintuitive; it might help
to think of it as a way to make it so that the network(s) between the
client machine (joshu) and the machine to which the ssh connection is
made (alcor) can be discounted, so that connecting to the specified
port on joshu from joshu is equivalent to connecting to the specified
port on bofh from alcor.)
If you were doing a unix-to-unix VNC connection (or, for that matter,
any machine-with-ssh-client to machine-with-ssh-server VNC connection),
you could do "ssh -C -L5901:remotehost:5900 remotehost" and eliminate
unencrypted channels entirely.
-Rich
-- ------------------------------ Rich Lafferty --------------------------- Sysadmin/Programmer, Information and Instructional Technology Services Concordia University, Montreal, QC (514) 848-7600 ------------------------- ------------------------------------------------------------------------------------------- The VNC mailing list - see ---------------------------------------------------------------------
This archive was generated by on Sun Aug 01 1999 - 23:40:14 BST