[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: VNC through SSH tunnelling problem

To: suse-security@xxxxxxxx
Subject: [suse-security] Re: VNC through SSH tunnelling problem
From: Johannes Franken <jfranken@xxxxxxxxxxx>
Date: Wed, 10 Dec 2003 22:33:52 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 10 Dec 2003 22:34:33 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <200312092047.11808.cleidh_mor@xxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mail-followup-to: suse-security@xxxxxxxx
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <200312092047.11808.cleidh_mor@xxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.4i

* Neil Anderson <cleidh_mor@xxxxxxxxxxxxxxx> [2003-12-09 21:46 +0100]:
> I SSH to my Linux box ok, start a VNC server ok and can do a
> "straight" VNC into the linux box.  However, if I try to use the VNC
> viewer to set up a connection to localhost on the Windoze machine (to
> use port forwarding) nothing happens and if I look in PuTTY's event
> log it has the error "server refused forwarded connection".

Just some ideas:

1.) The server's /etc/ssh/sshd_config doesn't contain
"AllowTcpForwarding=no", does it?

2.) Are there any "no-port-forwarding" or "permitopen" options in your
~/.ssh/authorized_keys ?

3.) Are you forwarding to the right port?
  "lsof -Pai -c Xvnc" and
  "netstat -ptan|grep Xvnc"
can find out the port of the vncserver, like
  "*:5901 (LISTEN)" or
  "0.0.0.0:5901"
(mind the ip address before the colon: it must be wildcard or localhost)

4.) Are you forwarding to the right host?
Try 127.0.0.1 instead of "localhost" or any hostname.

5.) Can you locally connect to the vncserver? Check with
"nc -v localhost 5901" or "telnet localhost 5901" from the server's
shell. It must print a line starting with "RFB".

6.) Is the server's /etc/hosts missing the line "127.0.0.1 localhost"?

7.) If this all doesn't help, I'd next try to trace the server's
loopback interface by running "tcpdump -i lo port 5901" as root.

-- 
Johannes Franken
 
Professional unix/network development
mailto:jfranken@xxxxxxxxxxx
http://www.jfranken.de/

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] Re: VNC through SSH tunnelling problem
  - From: Neil Anderson

References:
- [suse-security] VNC through SSH tunnelling problem
  - From: Neil Anderson

Prev by Date: Re: [suse-security] Hints for Frees/WAN on SuSEFirewall2-protected systems?
Next by Date: Re: [suse-security] Hints for Frees/WAN on SuSEFirewall2-protected systems?
Previous by thread: [suse-security] VNC through SSH tunnelling problem
Next by thread: Re: [suse-security] Re: VNC through SSH tunnelling problem
Index(es):
- Date
- Thread