SSH tunnel and VNC

So I had to figure this out this week, and it's quite cool.

Mac OSX comes with SSH, so setting it up wasn't too hard, and I found a new VNC viewer JollyVNC that is really top notch. The author also has a really inrteresting VNC based product called "screenrecycler" that turns any spare computer/display in to an extra monitor.

Setting up the SSH Server

This site has a great overview

http://www.stocksy.co.uk/articles/Mac/ssh_on_mac_os_x/

and Redhat Magazine has details on customizing your setup, just ignore some of the paths they reference for linux, all of the Mac OSX config files are in /etc/ .

Basically, you just enable Remote Login and OSX turns on the SSH server. Make sure your firewall will forward this port.

Edit the sshd_config file found in the /etc/ directory to suite your servers needs. Recommended security, set "AllowRootAccess no" and "AllowUsers " to only allow users that have a strong password, also you can change the SSH port number from the defualt 22 to something more obscure in the "services" file. See Adam Knight's Blog on Mac Geekery for more security tips.

Tip: sshd_config is the server side config file and ssh_config is the client side config file.

Setting up the VNC server

I use Vine VNC server, it's opensource, free and is easy to setup. Set a Password and a Port, and you're good to go.

Configure The Setup

I had a couple of VNC servers behind my firewall, so I setup one of them as the SSH server. After you tunnel in you can connect to any of the computers behind the firewall. It can be very helpful to define a ssh_config (local client) config file for your remote network to streamline your Tunneling. You can then run it using "ssh -F CUSTOM_CONFIG_FILE_HERE RemoteHost"

The config file below will define a remote host, and then define the relationshp between a few local ports, and remote computers behind the firewall. This same setup can be used for any server/port on your network not just VNC.

#Define tunnel to Remote Machine
Host RemoteMachine
    #Define Remote Host
    #SSH Server to Initiate Tunnel
    HostName ssh.XXX.net
    Port 22
    User SECUREUSER

    # Forward Local Ports to Remote VNC ports
    LocalForward localhost:5910 192.168.1.10:5900
    LocalForward localhost:5911 192.168.1.11:5900
    LocalForward localhost:5912 192.168.1.12:5900
    LocalForward localhost:5913 192.168.1.13:5900

#End Config

If you save this in a new config file, for example "homeTunnel_config" you can run "ssh -F homeTunnel_config RemoteMachine". Much simplier than running SSH on every machine and tunneling to each individually using for example "ssh -L 5910:127.0.0.1:5900 SECUREUSER@ssh.XXX.net".
To make it even easier put the config file in your user's preferences folder, and write an AppleScript to automate it all.

set PrefPath to path to preferences folder from user domain as string
set ConfigPath to POSIX path of PrefPath & "homeTunnel_config"
tell application "Terminal"
	activate
	do script "ssh -F " & ConfigPath & " RemoteMachine sleep 30"
end tell

A terminal window will popup and you enter your password, you have 30 seconds to utilize the SSH tunnel or else it will close, after the application using the tunnel quits, the connection will close.

Connecting

So, after you open the SSH tunnel, run your VNC client, since you are tunneled in and have forwarded the local ports, you just need to connect to the appropriate local port. So in your VNC client you can enter "localhost:5910" or whatever the appropriate port number is.

        
Tagged as: , , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

« Lamenting the death of an Akai S5000… not road worthy arizonatheband.com DONE! »