6

I would like to make a VNC connection from home to a Windows machine at work. The Windows machine is not accessible from the outside, but there is a Linux box that does have port 22 open, so it would seem that this can be done.

I suspect it's just a command that "forwards" connections to port 22 on the Linux machine to the Windows machine? Just can't find an example that does exactly this though

Thanks in advance!

pufferfish
  • 2,660
  • 9
  • 37
  • 40

2 Answers2

10

ssh -L 5902:[vnc host]:5901 [ssh host]

then: vncviewer localhost:2

from: http://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html

Sirex
  • 5,447
  • 2
  • 32
  • 54
  • Beautiful answer: terse, precise, answers the question exactly, and well-referenced (though I fixed the link for you, which was slightly wrong). Bravo! – MadHatter Dec 29 '10 at 11:01
  • I think something is missing. Is this command meant to run on the inbetween Linux box? Remember, only port 22 is open to the outside. – pufferfish Dec 29 '10 at 11:07
  • On the machine which is being used to connect to the ssh machine. you basically connect to the ssh server like normal, but with these flags on the command, and it'll let you connect to vnc @ localhost, by forwarding the port through the tunnel you just made by logging into the ssh server. – Sirex Dec 29 '10 at 11:17
  • Got it. Ok, when I run ssh 2.2.2.2 -L 5902:localhost:5901 3.3.3.3, It authenticates but then I get the message "3.3.3.3: command not found" – pufferfish Dec 29 '10 at 11:48
  • sorry, total brain meltdown. Try ssh -L 5902:[vnc host]:5901 [ssh host] – Sirex Dec 29 '10 at 12:04
  • 1
    need to make sure your account on the ssh server is not locked down to prevent port forwarding as well. may want to add : ssh -L 5902:[vnc host]:5901 [remoteuser]@[ssh host] – Jimsmithkka Dec 29 '10 at 13:36
  • Great, it worked between 3 machines on the inside, so if I battle from outside it's another issue. Thanks! – pufferfish Dec 30 '10 at 16:49
1

If you're connecting from a Linux machine at home, you can simply use the '-via' flag on vncviewer, like this:

vncviewer host-at-work.corp.com -via user@ssh-host.corp.com

and you'll either get a) the SSH password prompt or b) direct login via keys, and once you've authenticated your SSH session, you should see the vncviewer password window as if you were on the local network.

For a good GUI application, look at Remmina:

http://remmina.sourceforge.net/

Remmia allows you to set-up a connection that uses an SSH tunnel through a bastion host. I have used it in the past to do exactly what you're attempting.

Ken
  • 116
  • 2