[tmikkelsen]

I need some help. I don't have any experience with VNC.

Here is what used to be done to connect to a PC via VNC.

The user would ssh into a linux box using Putty on their PC. Then they would type: export DISPLAY=ip of their computer. Then they would be requested for the ip of the computer they wish to conect to.

Well the Linux box has been replaced with a Mac OS X Server box. What does it need to be running to act as a gateway to the PC Server for VNC?

If I'm missing details that would be helpful, please ask.

Thanks

[Wardy]

Originally posted by tmikkelsen:
What does it need to be running to act as a gateway to the PC Server for VNC?

I think a program called Share My Desktop might be what you're after.

Have a look. HTH.

[Mithras]

Originally posted by tmikkelsen:
The user would ssh into a linux box using Putty on their PC. Then they would type: export DISPLAY=ip of their computer. Then they would be requested for the ip of the computer they wish to conect to.

Explain your setup more thoroughly; it sounds a bit complicated.

If I understand you right, you have three computers involved:
* client PC running Windows
* Mac OS X Server
* target PC running VNC Server for Windows

You want to:
* SSH into the Mac OS X Server box
* securely relay the VNC traffic from the target PC to the client PC
* use a VNC client on the client PC to view the desktop of the target PC

Is this correct?

If it is, you'll want to set up a tunnel from the OS X Server to/from the client and the server PCs. That setup will be done using the Putty SSH client.

If you give us more info we can help.

[tmikkelsen]

Originally posted by Mithras:
Explain your setup more thoroughly; it sounds a bit complicated.

If I understand you right, you have three computers involved:
* client PC running Windows
* Mac OS X Server
* target PC running VNC Server for Windows

You want to:
* SSH into the Mac OS X Server box
* securely relay the VNC traffic from the target PC to the client PC
* use a VNC client on the client PC to view the desktop of the target PC

Is this correct?

If it is, you'll want to set up a tunnel from the OS X Server to/from the client and the server PCs. That setup will be done using the Putty SSH client.

If you give us more info we can help.

That is it. It used to be setup fine, but when they replaced the Linux box w/ the Mac one it stopped working. What info do you need and I'll get it.

Thanks again.

[diamondsw]

In Putty (or some other SSH client), you need to set up SSH tunnels. What this does is it maps a port on your machine to a remote IP/port. So, you could map localhost:5900 to RemoteVNCServerIP:5900 and then any VNC connection you send to your machine will get sent through the SSH tunnel and on to the Remote machine. It's very nice.

In more detail, when you create an SSH tunnel, any request sent to your end of the tunnel is sent via SSH to the SSH server. That server then sends your request out to whatever IP/port you specified. So in the above example, sending a request to localhost:5900 would send the request to RemoteSSHServerIP, which would then send it to RemoteVNCServerIP. The important idea is that the connection will be initiated by the SSH server, so it doesn't matter if it's behind a firewall, etc.

For instance, I have a wireless router at home hooked up to my cable modem. I have only opened port 22 (SSH) on the cable modem,and pointed it to 10.0.1.111 (my SSH server). Let's say my VNC server is at 10.0.1.222 on that local network. In Putty, I would connect to my router's WAN IP address. It would send that request on to 10.0.1.111 on the LAN. At this point, I create a tunnel from localhost:5900 to 10.0.1.222:5900. Now, from the internet 10.0.1.222 makes no sense, but to the SSH server that's forwarding the request, it's on the LAN. This way I can access any number of services on my LAN, but only ever open up port 22 on my firewall. And it keeps everything encrypted.

For those who are jut interested about SSH tunnels in general, they can also be set up in reverse, so I could connect from my client to my home network via SSH, but create a tunnel from the SSH server back to my client box. That way someone on the remote LAN could log onto my client machine. I use that when I go home for lunch and suddenly need to check something on my work machine. Normally a firewall would block me, but since I have the tunnel set up, it can send the request to the client that way.

It's all very, very slick. The only thing I recommend avoiding (if you value your sanity) is FTP over SSH (not sftp, not ftp-ssl, but plain old FP tunneled into SSH). It's a royal pain in the arse. I made it work, but ended up needing a third party FTP server thanks to bugs in the OS X one.

[diamondsw]

In Putty (or some other SSH client), you need to set up SSH tunnels. What this does is it maps a port on your machine to a remote IP/port. So, you could map localhost:5900 to RemoteVNCServerIP:5900 and then any VNC connection you send to your machine will get sent through the SSH tunnel and on to the Remote machine. It's very nice.

In more detail, when you create an SSH tunnel, any request sent to your end of the tunnel is sent via SSH to the SSH server. That server then sends your request out to whatever IP/port you specified. So in the above example, sending a request to localhost:5900 would send the request to RemoteSSHServerIP, which would then send it to RemoteVNCServerIP. The important idea is that the connection will be initiated by the SSH server, so it doesn't matter if it's behind a firewall, etc.

For instance, I have a wireless router at home hooked up to my cable modem. I have only opened port 22 (SSH) on the cable modem,and pointed it to 10.0.1.111 (my SSH server). Let's say my VNC server is at 10.0.1.222 on that local network. In Putty, I would connect to my router's WAN IP address. It would send that request on to 10.0.1.111 on the LAN. At this point, I create a tunnel from localhost:5900 to 10.0.1.222:5900. Now, from the internet 10.0.1.222 makes no sense, but to the SSH server that's forwarding the request, it's on the LAN. This way I can access any number of services on my LAN, but only ever open up port 22 on my firewall. And it keeps everything encrypted.

For those who are jut interested about SSH tunnels in general, they can also be set up in reverse, so I could connect from my client to my home network via SSH, but create a tunnel from the SSH server back to my client box. That way someone on the remote LAN could log onto my client machine. I use that when I go home for lunch and suddenly need to check something on my work machine. Normally a firewall would block me, but since I have the tunnel set up, it can send the request to the client that way.

It's all very, very slick. The only thing I recommend avoiding (if you value your sanity) is FTP over SSH (not sftp, not ftp-ssl, but plain old FP tunneled into SSH). It's a royal pain in the arse. I made it work, but ended up needing a third party FTP server thanks to bugs in the OS X one.