SSH tunneling of VNC not working...

Questions about cabled networking
Forum rules
Before you post please read how to get help
Post Reply
garion
Level 1
Level 1
Posts: 6
Joined: Tue Mar 13, 2007 8:56 am

SSH tunneling of VNC not working...

Post by garion » Fri Mar 16, 2007 8:33 am

I recently installed Mint on a machine that used to run Ubuntu Dapper. I couldn't get the SSH tunneling to work again unfortunately.

I was using just openssh server and the gnome remote desktop vnc. In the past I could just run "ssh -L 590x:remotehost:5900 user@remotehost", and then connect to "localhost:x" in vnc client. But now, when I do that I got this message on the ssh console "channel 2: open failed: connect failed: Connection refused". I found some similar cases with google, but couldn't find a good explanation and solution. Anyone has an idea of how to fix this?

Thanks!

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Fri Mar 16, 2007 10:36 am

Are you running any firewall or something like that? And are you sure you can connect to both machines without troubles? Did you test that already?

garion
Level 1
Level 1
Posts: 6
Joined: Tue Mar 13, 2007 8:56 am

Post by garion » Sat Mar 17, 2007 4:09 am

Well, interesting enough, after some random fiddling, the connection started to mysterically work today. But now I am left with a new set of questions...

1. I can't seem to turn off the direct port 5900 vnc path. I used hosts.allow with "ALL: 127.0.0.1" and "sshd: ALL", and then hosts.deny with "ALL: ALL". Again that's something that used to work before... but not anymore. I can ALWAYS direct vnc to port 5900, but this is not supposed to happen when I am denying everything and only allowing local access and sshd. Well, I know that the hosts.allow/deny files partially work in the sense that if I take out the "sshd: ALL", ssh stops working. Really odd...

2. Somehow the tcp ports don't shutdown properly sometimes when vnc clients or ssh tunnel shuts down. For instance, I can tunnel to 5908 for a while but then all of a sudden it stopped working, and ssh -v shows "

debug1: Local forwarding listening on 127.0.0.1 port 5908.
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 5908
Could not request local forwarding.

I could always switch to another port, say 5901, but then same thing happens after a few reconnections...

Any idea why? Thanks!



scorp123 wrote:Are you running any firewall or something like that? And are you sure you can connect to both machines without troubles? Did you test that already?

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Sat Mar 17, 2007 4:54 am

Can you tell us more about the two machines that try to connect to each other here, e.g. their IP addresses? Or are you doing everything on the same machine??

garion
Level 1
Level 1
Posts: 6
Joined: Tue Mar 13, 2007 8:56 am

Post by garion » Sat Mar 17, 2007 5:13 am

Alright, I take back the second problem listed in my post above, that turned out to be a problem with my cygwin, I rebooted the computer and it seems to be okay now.

The first problem, using hosts.allow/deny to limit access to the machine only through ssh, still remains.

So my remote host is just a desktop running Mint Linux on a public IP (no firewall). I've tried running clients off my laptop from office (public IP) and home (behind a router), under Mint Linux or Windows cygwin. Same thing, I can always directly connect with vncviewer to the remote host without using ssh tunneling, even though I have written the hosts.allow/deny files on the remote machine as described in my previous post trying to disable that.




scorp123 wrote:Can you tell us more about the two machines that try to connect to each other here, e.g. their IP addresses? Or are you doing everything on the same machine??

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Sat Mar 17, 2007 7:09 am

EDIT: I wrote something stupid here ... should have read more closely what you wrote. Sorry about that ...


I wonder if it would even work like that (I mean just by using hosts.deny)? You probably need a firewall, something like "Firestarter" I guess?

Please check this thread ... I posted some links there:
http://www.linuxmint.com/forum/viewtopi ... =9006#9006

garion
Level 1
Level 1
Posts: 6
Joined: Tue Mar 13, 2007 8:56 am

Post by garion » Sat Mar 17, 2007 10:57 pm

Well, I don't know... it used to work on my old dapper box (i think at least). And the current hosts files definite works for ssh itself... like I said, if i take out the "sshd: ALL" line, then ssh won't connect anymore.

But thanks for the advice, I guess if nothing works out I would have to install firestarter. I certainly don't feel like having my 5900 port opening to the world with just a password.



scorp123 wrote:EDIT: I wrote something stupid here ... should have read more closely what you wrote. Sorry about that ...


I wonder if it would even work like that (I mean just by using hosts.deny)? You probably need a firewall, something like "Firestarter" I guess?

Please check this thread ... I posted some links there:
http://www.linuxmint.com/forum/viewtopi ... =9006#9006

garion
Level 1
Level 1
Posts: 6
Joined: Tue Mar 13, 2007 8:56 am

Post by garion » Sun Mar 18, 2007 2:48 am

well, giving up for now... but firestarter works fine for this purpose. thanks :)


scorp123 wrote:EDIT: I wrote something stupid here ... should have read more closely what you wrote. Sorry about that ...


I wonder if it would even work like that (I mean just by using hosts.deny)? You probably need a firewall, something like "Firestarter" I guess?

Please check this thread ... I posted some links there:
http://www.linuxmint.com/forum/viewtopi ... =9006#9006

Post Reply

Return to “Ethernet”