ssh and vnc port forwarding

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Ok, I have been all over the net and it seems this trick has been tried
and can succeed.

I am trying to tunnel a VNC session through a secure shell. What I have
are 2 windows XP boxes and a linux server in the middle for the shell.

I establish a tunnel for the server localhost:5900 and tell it to
forward to 5900 on the linux machine. Client Establishes an outbound
tunnel to 5900 on linux machine:

vncserver (listen 5900) <---linux (listen 5900) <-- vncclient (5900)

Here is what blows my mind: I could easily believe I misconfigured
something if it wasn't for the fact that I can

telnet localhost 5900

And I actually get VNC connection handshaking (RFB 003.003)!

Obviously the tunnel is working correctly.
One more thing to point out: when I try and use the viewer to  connect
to loopback:0 (or 127.) I get an error telling me loopbac is disabled.

What am I missing?


Re: ssh and vnc port forwarding

Quoted text here. Click to load it

You have to edit a registry entry before the Windows VNC viewer will
accept to talk to its own machine.  I forget the details, so read
the online help.

Alternative:  try tunnelling (windows tcp:5901) to (linux tcp:5900)
and run the VNC viewer to "localhost:1".  That may work without
a registry tweak.

pa at panix dot com

Re: ssh and vnc port forwarding

There is an older step by step guide in PDF format at the link below.  I
think it covers the loopback settings.  You definitely need to check that
setting as it sounds like that is all you are missing.

You can also read my article on hotspot tunneling in the latest 2600
magazine that covers the concepts behind routing through the ssh tunnel.
Good for protecting your traffic when on public hotspots.

Quoted text here. Click to load it

Re: ssh and vnc port forwarding

Quoted text here. Click to load it

On certain VNC version loopback connections are disabled for some
reasons. I have seen a VNC installation recursivly reconnecting to it's
own server, which is not really what you want.

I am reguarly using TightVNC V1.3dev5 (unstable) on my XP-NB, and
nearly every day, i'm tunneling VNC thru firewalls, and it really works


  for the above mentionened, i'm using this type of tunnel:

    "ssh -L 5900:remote-vnc-machine:5900 user@remote-server-host".

Site Timeline