Article:  |
Control Your Mac from Afar | |
| Subject: | Great article, but there's a better downside to VNC | |
| Date: | 2003-09-20 19:01:24 | |
| From: | anonymous2 | |
|
Response to: Great article, but there's a better downside to VNC
|
||
|
Charles -- Please, would you write that article, so that we can all learn to tunnel -- Pick it up, right from here. and, in the same style and 'weight'. please?
|
||
Showing messages 1 through 3 of 3.
-
Great article, but there's a better downside to VNC
2004-01-13 22:58:48 anonymous2 [View]
-
VNC via SSH
2003-09-23 15:48:49 tychay [View]
Here are two .command scripts that will start and stop your an SSH VNC tunnel:
#!/bin/sh
USERNAME=<username on remote machine>
HOSTNAME=<ip address of remote machine>
BINDPORT=<local port to bind to: VNC # + 5900>
VNCPORT=<remote port to bind to: VNC # + 5900>
VNCSESSION=<path to VNCSession file>
ssh -c blowfish -l $USERNAME $HOSTNAME -L $BINDPORT:localhost:$VNCPORT -f -N
open $VNCSESSION
Obviously you have to customize the first part. The first VNC port is the bind port you have on your VNC client (for instance 1->5901 and you are binding to localhost:5901 in your VNC session file. The first line contains the syntax to set up the tunnel and the secibd line opens your VNC session file that is bound to localhost:6901--NOTE: I use VNCDimension not ChickenOfTheVNC so YMMV! Note also that this does not start the VNCServer running on the remote computer/Mac. You have to use OSXvnc or "Share My Desktop" to do that and there is the caveat that if you logout of VNC your session is killed and needs to be restarted! Note also that this script isn't automated since it will ask you for a password (your password on the remote machine). To fix this you have to follow a hint which I won't give (it's in the OReilly Mac OS X hacks book as many other places) and use an SSH keychain tool. For the cheap among you, do a lookup of "ssh-agent" and Mac clients for it as well as passwordless ssh login for tutorials on the web.
To close the script down....
#!/bin/sh
BINDPORT=<local port to bind to: VNC # + 5900>
VNCPORT=<remote port to bind to: VNC # + 5900>
for X in `ps xww | grep $BINDPORT:localhost:$VNCPORT | grep -v grep | awk '{ print $1 }'`; do
kill $X;
done
This will destroy your tunnel but it leaves the VNC server running on the remote machine.
Write these as text files with the name "start.command" and "stop.command" (or whatever) and then turn on executable (with get info) and double click. Obviously with AppleScript Studio and the AppleScript basics provided in this article, you can roll your own interface. :)
Note, I should mention that on LANs this is not much of an issue. VNC uses a challenge/response password verification system that will protect the password from being hacked so the only thing you are transmitting out in the open are the VNC controls.
Take care and happy hacking,
terry
-
Great article, but there's a better downside to VNC
2003-09-22 14:44:20 csoto [View]
I'm pretty sure there's an article somewhere on tunneling using SSH. I'll look and post the URL of what I find.
OK. Found one, right here on Oranet:
http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html
Simply follow the instructions, but instead of connecting via VNC to the remote host, connect to localhost, on the port that you have forwarded. The VNC team has a "Making VNC more secure with SSH" page at:
http://www.uk.research.att.com/archive/vnc/sshvnc.html
SSH is super useful. I just hope Apple gets off their tuckus and patches the current vulnerability!
Charles
SSH Tunnel Manager
http://www.versiontracker.com/dyn/moreinfo/macosx/16840
i wrote an ariticle about using ssh tunnels to secure email (pop and smtp):
http://www.macosxhints.com/article.php?story=20030721022245232