||08-18-2004 10:29 PM
tightvnc using ssh tunnelling
i got TightVNC working on my box using this HOWTO
everything is working except for the last part, where the author explains how to use ssh tunnelling to add encryption to the TightVNC session
You can/should use ssh (or other encryption) as tightvnc does not encrypt the connection (major security risk).
You can make a secure ssh tunnel for your vnc connection between client port 4961 and server port 5916:
ssh -C -L 4961:localhost:5961 my.dns-name.com
You will be asked for your home password. This makes an encrypted connection between my.dyndns-name.com:5961 and localhost:4961.
Add you@ in front of the domain (ssh -C -L 4961:localhost:5961 email@example.com) to use a different username on the server.
Now, on the client, start a vncviewer and connect:
vncviewer -encodings "tight copyrect" -quality 3 localhost:4961
i guess this just isn't verbose enough for me, as i'm still enough and have never used ssh beyond the basics of using it to get a command prompt on a remote server. what does the "ssh -C -L 4961:localhost:5961 my.dns-name.com" command do, and should i issue that on the client or server? what ports do i have to open on the VNC server? if the client in Windows, can this still be done, how? what port do i tell the client to connect to?