home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20010921-20020314
/
000376_alex.bochannek@fluxcontrol.com_Mon Feb 18 09:54:27 EST 2002.msg
< prev
next >
Wrap
Text File
|
2002-03-13
|
3KB
|
87 lines
Article: 13220 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!panix!news-out.cwix.com!newsfeed.cwix.com!news.maxwell.syr.edu!sn-xit-03!sn-post-01!supernews.com!news.supernews.com!not-for-mail
From: "Alex Bochannek" <alex.bochannek@fluxcontrol.com>
Newsgroups: comp.protocols.kermit.misc
Subject: Using SSH Forwarding in K95 1.1.21 Beta to secure VNC.
Date: Sun, 17 Feb 2002 23:09:36 -0800
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <u71a8fltdma0c3@news.supernews.com>
X-Newsreader: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
X-Complaints-To: newsabuse@supernews.com
Lines: 72
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:13220
Using SSH Forwarding in K95 1.1.21 Beta to secure VNC
=====================================================
o Background
VNC ("Virtual Network Computing") is a popular remote framebuffer technology
freely available from http://www.uk.research.att.com/vnc/ for different
platforms. It implements a client-server architecture and a proprietary
protocol, which is used as a remote control tool similar to pcAnywhere or
Timbuktu to the primary display (MacOS, Microsoft Windows) or a virtual
display (X Window System) of the server. Since VNC only supports a simple
challenge-response password scheme for authentication and no encryption at
all, tunneling the protocol over SSH has been an easy way to add the lacking
security features. SSH's compression additionally benefits VNC.
o Usage
The SSH protocol and K95's implementation of it in version 1.1.21 Beta
support a number of different forwarding services, of which X11 forwarding
is probably the best known. The generic local and remote port forwarding
service allows to secure a wide range of protocols and local forwarding at
the K95 side is what's needed for VNC.
The VNC server maps each display session to a TCP port number with a base
port of 5900. For X11 the virtual display :1 served by the server will
therefore map to port 5901, while the port used for a Windows server would
always be 5900.
Using K95 to forward the local VNC client's connection to the remote server
only requires the following command before establishing the SSH connection
to the remote host:
ssh add local-port-forward 5900 <remotehost> <remotedisplay# + 5900>
The local VNC client simply connects to localhost:0 (port 5900) to attach to
the session on the remote host. Several forwarding directives can be
configured to connect to different remote displays via localhost:1,
localhost:2, etc. As with any other SSH session, chaining of connections can
be done to connect to remote VNC servers several hops away.
Additional information about the interaction of VNC and SSH can be found at
the VNC Web site listed above. An alternative approach to secure VNC is
through Zebeedee (ZVNC). A tool to use VNC to connect to an X11 :0 display
is x0rfbserver.
Alex Bochannek
Flux Control, Inc.
alex.bochannek@fluxcontrol.com