[Gloucs] SSH forwarding without a shell
Glyn Davies
glynd at walmore.com
Mon Jul 2 23:42:07 BST 2007
Matthew Booth wrote:
> On Mon, 2007-07-02 at 22:40 +0100, Glyn Davies wrote:
>
>> Can anyone think of a way of doing this.
>>
>> I need to let someone in behind my firewall to a VNC server. Rather than
>> expose the VNC port to the Internet, I'd rather tunnel the VNC session
>> over SSH and let the SSH server be responsible for the security side of
>> things. The final thing is I want the user connecting in to only be able
>> to tunnel a VNC session to the chosen VNC server and nothing else (i.e.
>> no getting a shell on the SSH server, etc). OK, once inside on the VNC
>> server it's open season on the network, but at least the server will be
>> 'safe'. If it's not clear from the above, the Linux box running SSH and
>> the Windows box (boo!) runing VNC server are seperate machines.
>>
>
> For pt 1, have a look in 'man vncviewer' at the -via option. Pt 2 will
> require me to setup VNC to play with options ;)
>
> Matt
>
Hmmm. Not seen the -via option before. However, given the client is
Windows that option may or may not be available. But cheers. Learn
something new etc etc.
I think Pt 2 is more to do with the SSH server rather than VNC server.
The best I can think of so far is a restricted account.
--
Best Regards
Glyn Davies
More information about the gloucs
mailing list