[naashraf]

I hope someone can help me out. Here is my setup:-

Office:-

PC 1 on Windows XP (fixed IP 192.168.1.11) running RealVNC server and Cygwin ssh server. The ports 5900 and 22 on this PC are configured to allow this traffic. VNC server setup to allow local connections only. Port used 5900.

PC 2 on Windows 98 SE (fixed IP 192.168.1.12) running RealVNC server. VNC server listening on port 5901 and accepting local connection only. No firewall installed on this PC.

Linksys router and it has Port 22 forwarding to 192.168.1.11 (the one running ssh server), port 5900 to 192.168.1.11 (as it is running vnc server as well listening on 5900). Port 5901 forwarding to 192.168.1.12 (that is Win 98 machine, VNC server listening on 5901).

Now, I follow Brad's steps for secure vnc connection via ssh with this following command in terminal of my PB:-

ssh -L 5900:127.0.0.1:5900 -C username@host

Then I open Chicken of VNC and type host 127.0.0.1 and Diplay 0 and I can connect without any problem to my Windows XP machine (192.168.1.11), there is no problem at all to access this PC. However, I can not connect to Windows 98 machine. Can someone please tell me what command to write in terminal?

I am typing ssh -L 5901:192.168.1.12:5901 -C username@host and then in Chicken of VNC I type 192.168.1.12 in Host and Display 1. This does not seem working. SSH server authenticates me but I might be doing something wrong with 5901:192.168.1.12:5901 part of the command

How can I connect to this 192.168.1.12 machine with VNC server at 5901 port if the SSH server is running on another Windows XP at 192.168.1.11?

If I don't use the option of accept local connection only, and in C of VNC I type public IP of my router as host and Display 1 then I can connect without any problem to this Windows 98 (192.168.1.12). But it is not secure then and I don't want to use it like that. I even opened port 5901 on my Windows XP machine but no luck.

Sorry for the long post but I guess it explains the situation well.

Thanks.

[naashraf]

OK, now I have tried this command ssh -L 5901:localhost:5901 username@host
and in Chicken of VNC I put localhost and Display 1. When I click type Chicken of VNC show this message:- Connection terminated. The server closed the connection. And in terminal window have this text channel 3: open failed: connect failed: Connection refused.

Any ideas where things might be going wrong?

[mattf]

Your ssh command needs to be ssh -L 5901:192.168.1.12:5901 -C username@host (as you have)
Then in CotVNC you need to put localhost and display 1.

You don't mention that combination above, so sorry if you've tried that already.

[naashraf]

I did try that but sorry did not mention it. Anyway I gave it one more try and got the same error as in my previous post

"Connection terminated. The server closed the connection. And in terminal window have this text channel 3: open failed: connect failed: Connection refused."

Should I disable on Windows 98 VNC server the option of "Only accept connections from the local machine". I will try this out tomorrow when I go to office tomorrow and disable this optin. I am not sure if this make my Windows 98 machine less secure.

[mattf]

Ah, I didn't see that it was local machine only. I thought it was local network.

Yes, that should be disabled.

However, you don't need to have 5900 and 5901 open on your public router. Everything will be going through the ssh tunnel, so you only need 22 open. This will make everything a bit more secure anyway.

[naashraf]

OK. Thanks. I will try that tomorrow.

[naashraf]

So I unchecked "Only accept connections from the local machine" and in the office router I also disabled 5900 and 5901 port forwarding. Then using the wifi signal of the next door office on my PB I connected without any trouble on Windows 98 machine with the above mentioned instructions by you. Thanks for the hint. Now, I guess I can access other machines as well using ssh -L 5902:192.168.1.12:5902 -C username@host and then in CotVNC localhost and display 2. I have another Windows XP machine that I plan to use with VNC server port 5902. If any problems I will be back here.

Thanks.

[mattf]

Quote:

Originally Posted by naashraf ...I connected without any trouble on Windows 98 machine with the above mentioned instructions...

Good stuff.

Quote:

Originally Posted by naashraf ...Now, I guess I can access other machines as well using ssh -L 5902:192.168.1.12:5902 -C username@host and then in CotVNC localhost and display 2...

That's correct, but changing the IP address in the port-forwarding option to be whatever the third machine is.

EDIT: One final thing. In RealVNC server it is possible to restrict which machines can connect to the server (similar to "Accept local connections only").

In the server options, go to the Connections tab and click on the Add button in the Access Control section. Now enter the ip address of the machine connecting (the ssh server). e.g., 192.168.1.11
Deleting the 590x rules from the router will stop anybody from the outside world connecting directly, but you can use this as a way of restricting the internal network.

[Banana]

*bump*

So I had an occasion to need VNC again and went to set up SSH, realizing just now that I've had changed ISP and routers & modems since so I had to review the settings.

I think I got SSH down but the weird thing is that I can't get external connection to work.

I did turn on Remote LogIn, set up the port forwarding on my modem/router. I can then verify that I can log in via SSH using localhost & LAN address. Using canyouseeme.org, I can verify that the SSH port is open, yet when I try to ssh using the actual IP at that time, I get a connection refused error. I've also checked the Firewall settings just to be sure something didn't go missing & restarted the sshd by clearing/checking the Remote LogIn to no avail.

I'm stumped. Any ideas?