LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-24-2004, 01:07 PM   #1
bandersen
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat 9
Posts: 4

Rep: Reputation: 0
SSH and VNC


I am brand new to linux. Week 2. I am running Red Hat 9.0 with IceWM.

I have successfully installed VNC and can connect from my Windows PC at work.

Someone suggested that I use SSH, So I downloaded the Putty client and followed the instructions.

I can now ssh to my linux box, login, start VNC and launch a localhost VNC session on the forwarded port from my Windows PC at work

The only problem is I can still connect with VNC on the port that I was originally connecting to without SSH

This is the content of my /etc/sysconfig/iptables



:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:20 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 22:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT

What am I missing? What do I need to do on my Linux machine to block non tunnel access to VNC ?

thanks
 
Old 03-27-2004, 10:27 AM   #2
bandersen
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat 9
Posts: 4

Original Poster
Rep: Reputation: 0
anyone?
 
Old 03-27-2004, 10:49 AM   #3
Demonbane
LQ Guru
 
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796

Rep: Reputation: 47
There isn't much point blocking direct access to the vnc service, the ssh tunnel can only protest against "man in the middle" attacks.
 
Old 03-28-2004, 08:30 PM   #4
bandersen
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat 9
Posts: 4

Original Poster
Rep: Reputation: 0
I don't understand what that means. Can you explain?
 
Old 03-28-2004, 09:13 PM   #5
statmobile
Member
 
Registered: Aug 2003
Location: Chapel Hill, NC
Distribution: Gentoo, Windows 95 2000 & XP
Posts: 160

Rep: Reputation: 30
Hmm, I remember reading something about this in the TightVNC documentation I have bookmarked. I'll point you to the website:

http://freesco.no-ip.org/VNC/

Personally I do it through cygwin on my computer. I use the following lines in my cygwin xterm.
ssh -CL 5902:localhost:5901 <mylinuxbox>
Then at my bash prompt I start the vncserver (figure it's safer to only run this when I actually use it). I open the TightVNC viewer connecting to.
localhost:2
Bam, I'm tunneling through ssh. I finish playing in my xfce environment, and then shutdown the vncserver, and close the ssh connection.

I hope this helps.

Last edited by statmobile; 03-28-2004 at 09:15 PM.
 
Old 03-29-2004, 05:53 AM   #6
bandersen
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat 9
Posts: 4

Original Poster
Rep: Reputation: 0
ok, thanks statmobile. That's what I am doing. I guess I thought I could always leave it running and say, in your example, not be able to connect via 5901
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh with vnc Dillius Linux - Security 1 03-11-2005 04:53 PM
VNC over SSH or ????? alirezan1 Mandriva 2 01-04-2005 10:55 AM
vnc with ssh lawkh Linux - Newbie 1 02-10-2004 01:12 AM
ssh and VNC linuxnube Linux - Security 4 01-28-2004 10:12 PM
how to use vnc with ssh ? norikage Mandriva 9 08-30-2003 12:40 PM


All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration