0

I'm getting myself very confused trying to figure out how to connect to a VNC server on windows from a remote windows machine via a tunnel to a linux server local to the VNC server.

I'm not looking to have an SSH client on the Windows machine. Being on the same local network as the linux box I should be able to trust communication between the two.

What I'm effectively asking is, can I create an SSH tunnel so that port 5091 on a local windows machine will connect to a VNC server on another Windows machine via a linux box local to the VNC destination?

Can anyone point me in the right direction?

Windows client
      |
      v
  <internet>
      | SSH
      v
  Linux box (Ex IP: 192.0.2.1)
      | LAN
      v
Windows VNC server (Int IP: 192.168.1.1)
Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
lewiswalsh
  • 103
  • 3

2 Answers2

2

In general, you need something like this:

vncviewer -via 192.0.2.1 192.168.1.1

(which works with e.g. tigervnc in Linux). It builds an SSH tunnel automatically.

But you can build this tunnel by hand. First of all, you build a tunnel:

ssh -L 5901:192.168.1.1:5900 192.0.2.1

This will work with Windows's SSH Client feature installed (which is OpenSSH). If you use Putty, you can add this tunnel via session configuration GUI. This will make SSH client to listen on localhost:5901.

Second, you connect with vncviewer to the display localhost:1, to this SSH socket, and if the target destination is working correctly it will tunnel you to the target server's VNC. The target will see you as connecting from 192.0.2.1's local IP (it might be 192.168.1.2 or something like this).

A slight explanation about numbers: in VNC terminology the number after colon means "display number" and not "TCP port number". It gets added to 5900, so display #1 is on the port 5901. If you want to specify port number directly, you use double colon ::. I know, this is confusing, also some VNC clients don't use this scheme or relax these rules (e.g. if port 11801 doesn't answer they try 5901).

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
0

Thanks to @nikita-kipriyanov I was able to figure out how to do it:

ssh -L :5900:<windows VNC server local IP>:5900 <linux box public IP> -l <ssh user> -N
lewiswalsh
  • 103
  • 3