vnc over ssh

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hi all

Following the steps outlined at: on a redhat 9
server which I'm building for a client.

On the server vncserver is setup on display 1, firewall allowing inbound
tcp 5900 & 5800 (ie '<host_name>:1' connects successfully). Can also ssh
into server and run vncviewer successfully.

So, to test, I removed tcp 5900 & 5800 from the firewall. Now running
vncviewer from the local machine doesn't connect (to be expected) but ssh
to the server and run vncviewer from that remote session works

So if I can connect to the remote machine by ssh and start a vnc session
from there (and have it appear on my local display) why would I want to
use the method outlined on that web page?

I can get it to work both ways but, in my mind, starting the vnc session
from the ssh connection (and being able to remove the well-known ports
5800, 5801, 5900 or 5901 from the firewall) must be more secure.

Finally, why with only 5800 and 5900 open was I able to connect directly
to display 1 using <host_name>:1 ? From what I've read that should require
5901:tcp to be open.



Site Timeline