2

I want to replace TeamViewer with a FOSS solution. I need to support some remote computers. I have a working SSH tunnel set up between two computers using a middleman server like this:

Kubuntu_laptop--->nat_fw--->Debian_Server<--nat_fw<--Kubuntu_desktop

This SSH tunnel is working now.

Next I want to connect to the desktop on "Kubuntu_desktop" from "Kubuntu_laptop" using the SSH tunnel.

Regarding the connection for this leg:

Debian_Server<--nat_fw<--Kubuntu_desktop

Here is how it is established:

autossh -M 5234 -N -f -R 1234:localhost:22 [email protected] -p 22

I cannot change the existing monitoring port (5234) or the remote (- R) port number (1234 in this example). Can vnc tunnel over this existing SSH connection? UPDATE: the answer is no; I need to set up a new SSH tunnel for use with vnc as described here.

Regarding the connection for this leg:

Kubuntu_laptop--->nat_fw--->Debian_Server

I can use any SSH parameters required.

I cannot open up any ports on the routers/firewalls.

x11vnc server was recommended to me, so I'm testing with that. It is running on the desktop and listening on port 5900. However, I did not use any command line options when starting x11vnc, so it probably isn't configured correctly yet.

Will vnc work over this existing SSH connection? Notice that there are no ports 5900 defined. And note that I cannot change the port number for the -R option as I mentioned above.

I have a lot of questions about how to get this working, but one is whether vnc can listen on the existing port (-R 1234 in the example above). And if so, can I still ssh into that box as I do now?

Here's what I tried so far:

On remote desktop (where x11vnc server is installed):

tester@Kubuntu_desktop:~> autossh -M 5234 -i ~/.ssh/my_id_rsa -fNR 1234:localhost:5901 [email protected]

make sure x11vnc server is running on port 5901:

tester@Kubuntu_desktop:~> x11vnc -autoport 5901

On my laptop:

sudo ssh -NL 5901:localhost:1234 -i ~/.ssh/admin_id_rsa [email protected]

connect local vnc client to localhost port 5901

Open KRDC in Kubuntu_laptop and connect to (vnc)

localhost:5901

I'm getting a failed connection - server not found.

2 Answers 2

1

It sounds like you currently have a default ssh connection between the laptop and server:

Kubuntu_laptop--->nat_fw--->Debian_Server

Modify the parameters to the ssh connection so you have

-fNL [localIP:]localPort:remoteIP:remotePort

For example:

-fNL 5900:localhost:1234

If your laptop used VNC on the default port of 5900 then you would tell your laptop to vnc to localhost which would then send the VNC traffic on port 5900 to the server on port 1234.

Next you need to catch the traffic arriving on port 1234 server side and forward that to the desktop:

Debian_Server<--nat_fw<--Kubuntu_desktop

Modify the parameters to the desktop ssh connection to include

-fNR [remoteIP:]remotePort:localIP:localPort

For example:

-fNR 1234:localhost:5900

All traffic sent to port 1234 on the localhost of the server will now be transported to the desktop and arrive on port 5900 where the VNC server is hopefully listening.

Change port 5900 to be appropriate for the protocol you are using. Could be 3389 for RDP or 5901 for VNC since 5900 might be in use. Also, I just picked port 1234 randomly for use on the server.

*Some notes in response to your updated question:

  1. the default port for ssh is 22, so the -p 22 is redundant since it overrides the default and sets it to 22
  2. the settings that look like localPort:remoteIP:remotePort have nothing to do with the port that ssh is using for the tunnel which is still 22 unless you override it on the client with a -p and override the port on the ssh server as well. So all of the previously mentioned ssh commands are using port 22 and you can confirm this by looking at your listening and established network connections. You will not need to open any additional ports on a firewall. The previous commands were correct.
  3. based on what you added in the update, the command for the desktop should be autossh -M 5234 -fNR 1234:localhost:5900 [email protected]
  4. sorry, I have no suggestions as far as a VNC client is concerned. You'll have to open a separate question for that, however I'm guessing it will be down-voted since it is an opinion question.
10
  • In my question I said, "I cannot change the port numbers used for the SSH tunnel." However, I can change some things. But the leg from Debian_Server<--nat_fw<--Kubuntu_desktop is not something I think I can change. (I don't know how.) That leg looks like this: autossh -M <mport> -N -f -R <port>:localhost:<port> [email protected] -p <server-port> Commented Jul 9, 2013 at 0:05
  • 1
    I will update my question with more info... Commented Jul 9, 2013 at 0:06
  • I updated my answer Commented Jul 9, 2013 at 4:50
  • In your point #3, when I change the command from autossh -M 5234 -fNR 1234:localhost:22 [email protected] to autossh -M 5234 -fNR 1234:localhost:5900 [email protected] my ssh tunnel is broken. Are you saying that I need two SSH connections? One to be used to connect to a shell on Kubuntu_desktop (using port 22) and the other to connect to vncserver on Kubuntu_desktop (using port 5900)? Sorry I don't understand yet. Commented Jul 9, 2013 at 5:59
  • More info: x11vnc: The VNC desktop is: Kubuntu_desktop.site:0 PORT=5900 Commented Jul 9, 2013 at 6:04
0

I verified the mechanism described and worked for me. The only difference was that I used 127.0.0.1::PORT as VNC client parameter, because :N references the X Window display number N; to use an explicit port we have to put double colon as separator.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.