Accessing multiple VNC servers using only one SSH port?

Ehud Karni ehud@unix.mvs.co.il
Wed Nov 20 12:26:02 2002 

On Mon, 18 Nov 2002 13:11:51 -0800, Bruce Atherton <bruce@callenish.com> wrote:
> 
> I'm trying to figure out a way to use a single open port on a firewall to 
> connect to one of several VNC servers. Something like this (apologies to 
> the proportional font crowd):
> 
>                                              -- VNC Server 1
>                                              |
>    Client -> Internet -> Firewall -> SSH  ---|- VNC Server 2
>                          port 22    Server   |
>                                              -- VNC Server 3

This works perfectly well from M$Windows or UNIX (Linux).

Lets assume the SSH server Internet address is ssh.server,
and the VNC servers addresses (AS SEEN from the SSH server - not
the client !!) are vnc1, vnc2 and vnc3. Also, let's assume that
the vnc displays are vnc1:0 (listening on port 5900), vnc2:0,
and vnc3:20 (==> port 5920).

You should forward 3 DIFFERENT ports from the client (local) to
the remote VNC servers. The easiest way is to have configuration
file (i.e. ~/.ssh/config) for UNIX (or Cygwin), if you use putty
(http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
for the M$Windows than the definition is interactive.

The relevant part of ~/.ssh/config is (line with # are comments):

# select an easy to remember host name
Host *vnc*                         
# You can put the dotted IP instead of name
HostName  ssh.server

# for VNC it is best to use ports 59XX 
LocalForward   5910  vnc1:5900
LocalForward   5911  vnc2:5900
LocalForward   5912  vnc3:5920

# other ports forward (example: telnet)
LocalForward    23   login-srvr:23

User   your-user-name


You run the ssh like this: ssh [-v] vnc
The -v is verbose (debug) flag, It will show you important information
(especially if the connection fails).

After the ssh is successful you use the vncviewr to view like this:
vncviewr localhost:11 (to see vnc2, 10 for vnc1, 12 for vnc3).

Of course you can forward other ports as well (e.g. 110 for pop, 23 
for telnet, 25 for smtp, see above)

I use configuration like this every day (I connect from a PC running 
XP/W98, using Cygwin's open ssh) for over 2 years now. I used it with
my laptop around the world and it performed well even with dial-up.

Ehud.


-- 
 Ehud Karni           Tel: +972-3-7966-561  /"\
 Mivtach - Simon      Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 mailto:ehud@unix.mvs.co.il                  Better  Safe  Than  Sorry