I'm *pretty* sure I understand how to do this, but I'd like to ask just in case I'm misunderstanding something.
Switched my dad over to linux at christmas time after I found out that he had right around 100 virus & mal-ware programs on his windows system making it generally unusable (10 minute boot-up times??). Put him behind a linksys router, closed all ports except 22, ssh is set up to only accept key exchange (no password authentication), and am running an ip-tables firewall script on his box dropping everything except established/related, 127.0.0.1, and port 22 for ssh.
Obviously, I'd like his box to stay relatively secure, and I've taken up the task of admin. Occassionally, I think it would be helpful to be able to *show* him exactly what I'm talking about, rather than try to explain in an email or over the phone. krfb looks like it's exactly what I need, and I'd like to tunnel it through ssh to make sure it's secure. The pertinent information on that is here
, near the bottom under "Desktop Sharing through SSH Tunnel".
Desktop Sharing through SSH Tunnel
You need to use local port forwarding through an SSH tunnel to secure connect through a firewall to a host running KDE desktop sharing, e.g. from home to office. Assuming that krfb is running on pcXXXX.psi.ch, use the following commands to view the desktop on pcXXXX.psi.ch with a client outside of PSI:
ssh -l user_name llc.psi.ch -L 5900:pcXXXX.psi.ch:5900
vncviewer -geometry 640x400 localhost:5900
For further detail about using an SSH tunnel see Accessing VNC through SSH.
The bit I'm not exactly sure about is whether I'll need to open port 5900 on our routers and firewalls? I'd *like* to think that tunneling it through ssh would allow me to just use the currently forwarded port 22 on both our boxes, which then passes the data off to to port 5900... obviously I could stand to learn a bit more on the subject.
So, is this how it works and will I be able to do this using only port 22 open? Or am I going to have to go through the hassle of telling him how to forward port 5900 at his router?