![]() ![]() All the traffic entering that proxy will first pass through the encrypted SSH tunnel to the server system, and from there (again in unencrypted form) to whatever destination the VNC (or other) client requested. Now, the SSH client will set up a SOCKS proxy in port 1234 of your local system. As far as I know, there are two possibilities:Ī SOCKS4/SOCKS5 proxy support: you establish a SSH connection with ![]() Well, then whatever your VNC (or any other) client is, must have some more elaborate way to use the tunnel provided by SSH. You also said that you don't want to use port forwarding. If you tell the VNC client to connect to server:5900 instead, you are telling it to bypass the tunnel you set up for it, and just connect directly without the benefit of SSH encryption. Or in other words, you must tell the VNC client to connect to localhost:5900 to connect to the server using the encrypted tunnel. To successfully use the tunnel, you must understand that you can now reach the server's port 5900 by connecting to your client system's local port 5900. Port forwarding is the reason why SSH can be used to protect other programs that have no built-in support for SSH nor any kind of a special interface to it. You can always forward things from your local system's localhost to the remote system's localhost (or vice versa, using -R instead of -L). This is why your sentence "But I only have a Server and a client so cannot use forwarding" makes no sense. This is not the localhost of your local system, but localhost of the server system. the output end of the tunnel on the server system will again pass the traffic onwards in its original unencrypted form, to localhost:5900 as the server system sees it.the encrypted tunnel will go from your local client system to the server system.the listening side of the tunnel will be on port 5900 on your system (= the first 5900).the SSH client will set up a TCP port forwarding tunnel that listens for incoming connections on your local client system ( -L).a SSH connection is established and authenticated, of course.When you establish a SSH tunnel with: ssh -L 5900:localhost:5900 I sense confusion and a possible misunderstanding. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |