Screen Sharing to Vine Server over SSH with different port #

barefootguru · May 8, 2008, 9:11pm

First I’d like to thank Redstone for making Vine Server freely available. It’s great for connecting to a machine as a ‘background’ user while someone else is at the screen.

I’m wanting to connect Leopard’s Screen Sharing app to Vine Server over a secure connection (I assume it’s not secure by default as Screen Sharing comes up with a warning). I’m not using the default ports for additional security (and got tired of seeing SSH hacking attempts in the log).

Feel free to point me to an answer, I’ve searched and not been able to find a working solution.

Setup

Vine Server 3.0 is running on my Leopard 10.5.2 server (port 5900)
the firewall has been configured
the router is mapping 64022 to 22 and 69900 to 5900

Test

I can connect to my server with vnc://x.y.z:69900 (with security warning)
I can SSH to my server with ssh -p 64022 x.y.z (no signin required, I’ve set up keys)

But

I run ssh -p 64022 -L 69900:localhost:69900 x.y.z
I also tried running ssh -p 64022 x.y.z in a second terminal window for good measure

Both commands execute fine, but when I try to connect to vnc://localhost:69900 Screen Sharing says ‘Connection failed to “localhost”’ and the terminal window from (1) reports ‘channel 3: open failed: connect failed: Connection refused’

What have I missed?

Thanks.

JonathanOSX · May 9, 2008, 12:28pm

You are so close… I think the only thing you need to change is

1. ssh -p 64022 -L 69900:localhost:5900 x.y.z

You are already past the firewall at that point and so it’s the local port (not the router port) that you want to connect to.
Also, since you are coming in through SSH then you shouldn’t need the VNC port forwarded at all (on your router) just SSH.

barefootguru · May 9, 2008, 5:51pm

Brilliant, thanks Jonathan.

And you’re correct, it works with just SSH open on the router.

Screen Sharing still warns ‘The computer ?localhost? is running a VNC server that does not support Screen Sharing keystroke encryption.’

I assume since I’m running over SSH this is bogus?

Also I have ‘Encrypt all network data’ selected, but I’m thinking I shouldn’t need that either as SSH will protect me?

JonathanOSX · May 9, 2008, 6:47pm

Yeah that’s bogus. They are referring to the lack of proprietary Apple ARD encryption for their commercial product.

For what it’s worth an agent ON the machine itself (either client or server) could be intercepting your network packets before/after the SSH but everything between there is encrypted.

I’m pretty sure the “Encrypt all network data” is doing nothing because again that would only be for the proprietary ARD format.

barefootguru · May 9, 2008, 10:01pm

Cool, thanks again.

Yeah, it’s VNC over the Internet I’m worried about, not local stuff.

Cheers