I understand the concept of SSH Tunneling and forwarding, but I can't get it to work! I have read a few resources on the internet but I cannot seem to get it to work.

For example, I tried connecting to a simple VNC server following the below instructions from the website:

http://martybugs.net/smoothwall/puttyvnc.cgi

It doesn't work.

My set up is this:

Windows XP -> Linux (Ubuntu) -> Windows 2000 (vnc server)

I'm a little confused because is the tunnel only being created for the PuTTY application, meaning I cannot launch external applications to use the SSH tunnel?

My VNC server is working 100% fine as I am able to VPN into my remote office and launch the vnc client.

You'll want a professional view too, but as I understand it, the SSH program takes use of the tunnelling, and programs launched from the SSH session use the SSH tunnelling. This is because I often run programs like Mathematica over SSH, and X11 forwarding works; ok, you probably mean other kind of port forwardings/tunnellings, but it's an example.

I want to basically VNC into my computer at home behind a router through a Linux computer.

Work computer (Windows 2000) -> Linux computer (gateway) -> VNC computer (Windows XP)

Is this possible to do? I am using PuTTY

It is very possible to do, if it is failing you must have some misconfiguration.

In short, the security comes from the fact that you're onto your home network through SSH, so all traffic is encrypted, which is beautiful. Putty gets configured so that anything hitting port 5901 on localhost (the machine running putty) gets bounced through the SSH tunnel and comes out the other side, redirected from port 5901 to a given IP address (on the home LAN) at port 5900.

A simple way to test would be to open a cmd prompt on the client with putty running, and type telnet localhost 5901. if all is configured well, you'll get a response from the VNC server on your LAN. It will look something like this:That was done to a real server running VNC without the benefit of going through a SSH tunnel, so I telneted direct to 5900. In your case, you would want to test it at 5901.

If you don't get that RFB something code on the telnet, then the part on the webpage with red circles 5, 6, and 7 is the issue. You need to have the syntax exact. The localport should be 5901, and the destination (say the VNC server is 192.168.1.10) must be 192.168.1.10:5900.

Write back if the problems persist, and we'll get it fixed.

Peace,
JimBass

JimBass, I am still getting confused about SSH tunneling. I gave up on the VNC idea and switched to using Remote Desktop Connection. The physical topology has not changed and I am trying to do this with Putty and it's not working.

I set up a tunnel in Putty.

Soure Port: 3389
destination: 192.168.1.2:3389

Then when I SSH to the remote linux server, I fire up up RDP on my local Windows XP and connect to the address: 192.168.1.2. But of course, it just times out. When I use OpenVPN it works fine.

Ok, the problem is in that address. You can't remote desktop to the the address 192.168.1.2, because that address is outside the network stack's ability to handle.

If you follow his instructions (on the martybugs.net page), you wouldn't connect to 192.168.1.2, you'd connect to localhost! Also, as there is some issue with rdp being crappy, which is why he posts the thing about using 127.0.0.2 for rpd.

You never point the client on your machine (regardless of it is it VNC or rdp) at the actual address of the farside machine, you always point it at localhost, and allow putty to reach it to 192.168.1.2 on its own.

VNC is easier, but again, you don't tell VNC to connect to 192.168.1.2, you tell it to connect to localhost:1, which maps to 5901, which goes across the tunnel, comes out the other side at 192.168.1.2 at port 5900, and all is well. You're basically putting the cart before the horse, and wondering why the cart doesn't pull the horse.

Peace,
JimBass

I still can't get it to work. Are my settings in Putty correct (just following that website's instructions)?

Tunneling:
source port: 127.0.0.2:3389
destination: 192.168.1.2:3389

In RDP I tried:
127.0.0.2 and 127.0.0.2:3389 but it still connects me to my local computer.

There are additional Putty settings like:
LOCAL, REMOTE, DYNAMIC
AUTO, IPv4, IPv6

(check box) Local Ports accept connections from other hosts
(check box) Remote ports do the same (SSH-2 Only)

Are you connected to the firewall/router machine through putty? That would be the only problem I can see. I would suggest trying vnc, just to see if it makes any difference.

Peace,
JimBass

use an unused port, 33890 or something. you can't reuse a port that's already in use. i habitually use 1234 for the sake of it.

Great news is that VNC works with the tunneling in PuTTy. I got RDP to work with this webpage:

http://www.me.ucsb.edu/MECS/home/faq.php?expand=202

Turns out you need to enable COMPRESSION in putty. Without it, for some reason, RDP will not go through.

Now, is there any way to tunnel so I can map a network drive through SSH tunnel?

I'm not familiar with RDP from windows. Do you have the ability to send the client to a different port? If so, do exactly what acid kewpie wrote, set the port to 1234, and use the tunnel within putty to map 1234 at localhost to 192.168.1.2 port 3379.

If you can't control the port for rdp, you're probably out of luck. I did notice that the martybugs page is from early 2006, so it is possible that the people at microsoft changed something in the execution of rdp to make using it across a ssh tunnel impossible, although that seems like much work for little if any gain on their part.

If you can control the port that the rdp client tries to connect to, set it to connect to localhost:1234, and let putty translate that across the tunnel to 192.168.1.2:3379, and you should be in business.

Just for my own curiosity, why rdp over vnc? Is rdp in any way superior? The few times I have seen it used it seems just like vnc.

Peace,
JimBass

JimBass, I got it working (you must've caught me after my edit).

I like RDP because it is secure and encrypted, plus it is already installed on all my Windows XP workstations. I just ask the remote user to click a checkbox that allows me remote access. I know that VNC can be encrypted and I was doing that for awhile using UltraVNC with the RC4 encryption.

Yes, I did catch you in between post and edit.

I don't know how feasible it would be to map a drive across the tunnel. I suppose you could map the port across the ssh link, but I think the performance across the public net portion of the connection would make using it tough.

Peace,
JimBass

you can just specifiy a port number on the command line, 192.168.1.1:1234 easy enough. i use rdp as it's there ready and waiting, and within linux find the rdesktop client vastly nicer than the standard vncclient and such like. i've also never had to enable compression or anything in theat vein...

Whoops, you are correct! You don't need compression. I just followed that one website's guide and it told me to enable compression. Is there any downside to enabling compression and saving on bandwidth? The remote site I use has a slow 384Kbps DSL connection.