SSH port forwarding/tunneling question

Before I waste a lot of time trying, I'm wondering if what I want is
even possible. I want to connect via TightVNC from my home Linux system
to my Win2k system at work. Unfortunately my work system is behind a
firewall which filters out incoming ssh, so running an ssh server
on the Win2k system at work won't fly. So my question is, is it
possible to set up an ssh connection from a client machine (Win2k)
to a server machine (my Linux box), then run VNC over it with
the ssh client being the VNC server, and the ssh server being the
VNC client? I'm hoping I can just set up a putty connection at
work connected to home, then go home and run VNC back to it. Does
that sound possible? If not, any other solutions to the problem?

Thanks

--
Remove _nospam to reply.

Assuming your Corporate Security approves what you are trying to do,
you can accomplish by using the -R option.

Wes Gray ((E-Mail Removed)) wrote:
: Before I waste a lot of time trying, I'm wondering if what I want is
: even possible. I want to connect via TightVNC from my home Linux system
: to my Win2k system at work. Unfortunately my work system is behind a
: firewall which filters out incoming ssh, so running an ssh server
: on the Win2k system at work won't fly. So my question is, is it
: possible to set up an ssh connection from a client machine (Win2k)
: to a server machine (my Linux box), then run VNC over it with
: the ssh client being the VNC server, and the ssh server being the
: VNC client? I'm hoping I can just set up a putty connection at
: work connected to home, then go home and run VNC back to it. Does
: that sound possible? If not, any other solutions to the problem?

: Thanks

Wes Gray wrote:
> Before I waste a lot of time trying, I'm wondering if what I want is
> even possible. I want to connect via TightVNC from my home Linux system
> to my Win2k system at work. Unfortunately my work system is behind a
> firewall which filters out incoming ssh, so running an ssh server
> on the Win2k system at work won't fly. So my question is, is it
> possible to set up an ssh connection from a client machine (Win2k)
> to a server machine (my Linux box), then run VNC over it with
> the ssh client being the VNC server, and the ssh server being the
> VNC client? I'm hoping I can just set up a putty connection at
> work connected to home, then go home and run VNC back to it. Does
> that sound possible? If not, any other solutions to the problem?
>

from ssh manpage:

-R port:host:hostport
Specifies that the given port on the remote (server) host
is to be forwarded to the given host and port on the local side.


however: your solution has two big flaws:

* your company IT-stuff might kill you
* as soon as your connection breaks for a short period, the tunnel is
broken.

so the much better way is to ssh-connect the firewall using the
"-L"-switch to tunnel to your work-machine behind the firewall. For this
you need a ssh-login at the firewall (which must *not* necessarily
invoke a shell).
If this is not possible, you would need a watchdog on your
office-machine that restarts the tunnel when it breaks which invokes
password-free ssh-keys ...

completely different solution (which does not solve the killing-problem
would be a VPN from your office-machine to your linux-machine. VPN
(based on pptp) is deeply implemented in windows and therefore offers
support for reconnect and all that stuff and will offer you a full
ip-connection through the firewall, including vnc-protocol and smb.
(http://www2.goldfisch.at/knowledge/195)

best,
peter

--
http://www2.goldfisch.at/know_list
http://leblogsportif.sportnation.at

peter pilsl wrote:
> Wes Gray wrote:
>
>> Before I waste a lot of time trying, I'm wondering if what I want is
>> even possible. I want to connect via TightVNC from my home Linux system
>> to my Win2k system at work. Unfortunately my work system is behind a
>> firewall which filters out incoming ssh, so running an ssh server
>> on the Win2k system at work won't fly.

2 questions here.

Do you know how the firewall is filtering the ssh traffic?

Why don't you ask your sys. admin at work?
Just ask if you can have remote access to your home system.

If I were in charge of security, I would definately not appreciate you
running a server without approval.


So my question is, is it
>> possible to set up an ssh connection from a client machine (Win2k)
>> to a server machine (my Linux box), then run VNC over it with
>> the ssh client being the VNC server, and the ssh server being the
>> VNC client? I'm hoping I can just set up a putty connection at
>> work connected to home, then go home and run VNC back to it. Does
>> that sound possible? If not, any other solutions to the problem?
>>
>
> from ssh manpage:
>
> -R port:host:hostport
> Specifies that the given port on the remote (server) host
> is to be forwarded to the given host and port on the local side.
>
>
> however: your solution has two big flaws:
>
> * your company IT-stuff might kill you
> * as soon as your connection breaks for a short period, the tunnel is
> broken.
>
> so the much better way is to ssh-connect the firewall using the
> "-L"-switch to tunnel to your work-machine behind the firewall. For this
> you need a ssh-login at the firewall (which must *not* necessarily
> invoke a shell).
> If this is not possible, you would need a watchdog on your
> office-machine that restarts the tunnel when it breaks which invokes
> password-free ssh-keys ...
>
> completely different solution (which does not solve the killing-problem
> would be a VPN from your office-machine to your linux-machine. VPN
> (based on pptp) is deeply implemented in windows and therefore offers
> support for reconnect and all that stuff and will offer you a full
> ip-connection through the firewall, including vnc-protocol and smb.
> (http://www2.goldfisch.at/knowledge/195)
>
> best,
> peter
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking peter pilsl <(E-Mail Removed)> suggested:
> Wes Gray wrote:
>> Before I waste a lot of time trying, I'm wondering if what I want is
>> even possible. I want to connect via TightVNC from my home Linux system
>> to my Win2k system at work. Unfortunately my work system is behind a
[..]

Ask your IT stuff to provide you with a secure (VPN or alike)
solution.

> -R port:host:hostport
> Specifies that the given port on the remote (server) host
> is to be forwarded to the given host and port on the local side.
[..]

> * your company IT-stuff might kill you

That is quite likely and there's not much doubt he'll get serious
problems.

> * as soon as your connection breaks for a short period, the tunnel is
> broken.

> so the much better way is to ssh-connect the firewall using the
> "-L"-switch to tunnel to your work-machine behind the firewall. For this
> you need a ssh-login at the firewall (which must *not* necessarily
> invoke a shell).

It's quite unlikely that a corporate firewall offers sshd on the
outside interfaces to the rest of the world.

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA3GziAkPEju3Se5QRAiPyAJ9TO/VI6CpbnXqlUaHESWEzaAK9vACguF08
rfoMpiEfQtL4xEaO6ssxn9c=
=891H
-----END PGP SIGNATURE-----

I solved that type of problem by using HTTPTUNNEL which establishes an http
tunnel between
my home and the office on port 80 (goes through firewall) . I then establish
an incoming VNC ssh tunnel inside that http tunnel
This eanables me to have a permanent connection to the office . Works great!

Pic


"Randy Ramsdell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> peter pilsl wrote:
> > Wes Gray wrote:
> >
> >> Before I waste a lot of time trying, I'm wondering if what I want is
> >> even possible. I want to connect via TightVNC from my home Linux
system
> >> to my Win2k system at work. Unfortunately my work system is behind a
> >> firewall which filters out incoming ssh, so running an ssh server
> >> on the Win2k system at work won't fly.
>
> 2 questions here.
>
> Do you know how the firewall is filtering the ssh traffic?
>
> Why don't you ask your sys. admin at work?
> Just ask if you can have remote access to your home system.
>
> If I were in charge of security, I would definately not appreciate you
> running a server without approval.
>
>
> So my question is, is it
> >> possible to set up an ssh connection from a client machine (Win2k)
> >> to a server machine (my Linux box), then run VNC over it with
> >> the ssh client being the VNC server, and the ssh server being the
> >> VNC client? I'm hoping I can just set up a putty connection at
> >> work connected to home, then go home and run VNC back to it. Does
> >> that sound possible? If not, any other solutions to the problem?
> >>
> >
> > from ssh manpage:
> >
> > -R port:host:hostport
> > Specifies that the given port on the remote (server) host
> > is to be forwarded to the given host and port on the local side.
> >
> >
> > however: your solution has two big flaws:
> >
> > * your company IT-stuff might kill you
> > * as soon as your connection breaks for a short period, the tunnel is
> > broken.
> >
> > so the much better way is to ssh-connect the firewall using the
> > "-L"-switch to tunnel to your work-machine behind the firewall. For this
> > you need a ssh-login at the firewall (which must *not* necessarily
> > invoke a shell).
> > If this is not possible, you would need a watchdog on your
> > office-machine that restarts the tunnel when it breaks which invokes
> > password-free ssh-keys ...
> >
> > completely different solution (which does not solve the killing-problem
> > would be a VPN from your office-machine to your linux-machine. VPN
> > (based on pptp) is deeply implemented in windows and therefore offers
> > support for reconnect and all that stuff and will offer you a full
> > ip-connection through the firewall, including vnc-protocol and smb.
> > (http://www2.goldfisch.at/knowledge/195)
> >
> > best,
> > peter
> >
>