Women in Technology

Hear us Roar



Article:
  Control Your Mac from Afar
Subject:   Great article, but there's a better downside to VNC
Date:   2003-09-20 19:01:24
From:   anonymous2
Response to: Great article, but there's a better downside to VNC

Charles --
Please, would you write that article,
so that we can all learn to tunnel --
Pick it up, right from here. and, in
the same style and 'weight'.
please?


Main Topics Oldest First

Showing messages 1 through 3 of 3.

  • Great article, but there's a better downside to VNC
    2004-01-13 22:58:48  anonymous2 [View]

    There's a great GUI app for OSX for SSH Tunnels:
    SSH Tunnel Manager
    http://www.versiontracker.com/dyn/moreinfo/macosx/16840

    i wrote an ariticle about using ssh tunnels to secure email (pop and smtp):
    http://www.macosxhints.com/article.php?story=20030721022245232
  • VNC via SSH
    2003-09-23 15:48:49  tychay [View]

    Here are two .command scripts that will start and stop your an SSH VNC tunnel:

    #!/bin/sh
    USERNAME=<username on remote machine>
    HOSTNAME=<ip address of remote machine>
    BINDPORT=<local port to bind to: VNC # + 5900>
    VNCPORT=<remote port to bind to: VNC # + 5900>
    VNCSESSION=<path to VNCSession file>

    ssh -c blowfish -l $USERNAME $HOSTNAME -L $BINDPORT:localhost:$VNCPORT -f -N
    open $VNCSESSION


    Obviously you have to customize the first part. The first VNC port is the bind port you have on your VNC client (for instance 1->5901 and you are binding to localhost:5901 in your VNC session file. The first line contains the syntax to set up the tunnel and the secibd line opens your VNC session file that is bound to localhost:6901--NOTE: I use VNCDimension not ChickenOfTheVNC so YMMV! Note also that this does not start the VNCServer running on the remote computer/Mac. You have to use OSXvnc or "Share My Desktop" to do that and there is the caveat that if you logout of VNC your session is killed and needs to be restarted! Note also that this script isn't automated since it will ask you for a password (your password on the remote machine). To fix this you have to follow a hint which I won't give (it's in the OReilly Mac OS X hacks book as many other places) and use an SSH keychain tool. For the cheap among you, do a lookup of "ssh-agent" and Mac clients for it as well as passwordless ssh login for tutorials on the web.

    To close the script down....
    #!/bin/sh
    BINDPORT=<local port to bind to: VNC # + 5900>
    VNCPORT=<remote port to bind to: VNC # + 5900>

    for X in `ps xww | grep $BINDPORT:localhost:$VNCPORT | grep -v grep | awk '{ print $1 }'`; do
    kill $X;
    done


    This will destroy your tunnel but it leaves the VNC server running on the remote machine.

    Write these as text files with the name "start.command" and "stop.command" (or whatever) and then turn on executable (with get info) and double click. Obviously with AppleScript Studio and the AppleScript basics provided in this article, you can roll your own interface. :)

    Note, I should mention that on LANs this is not much of an issue. VNC uses a challenge/response password verification system that will protect the password from being hacked so the only thing you are transmitting out in the open are the VNC controls.

    Take care and happy hacking,

    terry
  • Great article, but there's a better downside to VNC
    2003-09-22 14:44:20  csoto [View]

    I'm pretty sure there's an article somewhere on tunneling using SSH. I'll look and post the URL of what I find.

    OK. Found one, right here on Oranet:

    http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html

    Simply follow the instructions, but instead of connecting via VNC to the remote host, connect to localhost, on the port that you have forwarded. The VNC team has a "Making VNC more secure with SSH" page at:

    http://www.uk.research.att.com/archive/vnc/sshvnc.html

    SSH is super useful. I just hope Apple gets off their tuckus and patches the current vulnerability!

    Charles