[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Re: VNC through SSH tunnelling problem
Have just tried a packet sniff with tcpdump. No results for a sniff on
the loopback interface, but results on eth0! So ssh seems to be the
login as: <username>
<username>@<ip address>'s password:
Last login: Fri Dec 12 09:36:54 2003 from <remote ip>
Have a lot of fun...
Have a lot of fun...
Fri Dec 12 10:18:48 GMT 2003
ferrret /home/<username>> lsof -Pai -c Xvnc
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xvnc 3133 <username> 0u IPv4 22463 TCP *:6004 (LISTEN)
Xvnc 3133 <username> 3u IPv4 22484 TCP *:5904 (LISTEN)
Xvnc 3133 <username> 4u IPv4 22485 TCP *:5804 (LISTEN)
ferrret /home/<username>> netstat -ptan | grep Xvnc
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:5804 0.0.0.0:*
tcp 0 0 0.0.0.0:5904 0.0.0.0:*
tcp 0 0 0.0.0.0:6004 0.0.0.0:*
ferrret /home/<username>> tcpdump port 5904
tcpdump: no suitable device found
ferrret /home/<username>> su
ferrret:/home/<username> # tcpdump port 5904
tcpdump: listening on eth0
10:23:22.086336 <host>.<net>.samd > <router>.5904: S
632357250:632357250(0) win 5840 <mss 1460,sackOK,timestamp 913883
0,nop,wscale 0> (DF)
10:23:22.087366 <router>.5904 > <host>.<net>.samd: R 0:0(0) ack
632357251 win 0
This is produced when I use VNC on the client machine to connect to
localhost:1 or 127.0.0.1:1. As I said tcpdump listening on loopback
doesn't produce any output. Suggestions appreciated.
Neil Anderson wrote:
Johannes Franken wrote:
Nope - my sshd config didn't have anything about TCP forwarding in it
so I explicitly enabled it with AllowTcpForwarding=yes
* Neil Anderson <cleidh_mor@xxxxxxxxxxxxxxx> [2003-12-09 21:46 +0100]:
I SSH to my Linux box ok, start a VNC server ok and can do a
"straight" VNC into the linux box. However, if I try to use the VNC
viewer to set up a connection to localhost on the Windoze machine (to
use port forwarding) nothing happens and if I look in PuTTY's event
log it has the error "server refused forwarded connection".
Just some ideas:
1.) The server's /etc/ssh/sshd_config doesn't contain
"AllowTcpForwarding=no", does it?
2.) Are there any "no-port-forwarding" or "permitopen" options in your
There is no authorized_keys file (aha?)
Yes I am sure it is the right port that is being forwarded - I am
forwarding the client port 5901 to server port 5904 where the vnc
server is intialised on display 4
3.) Are you forwarding to the right port?
"lsof -Pai -c Xvnc" and
"netstat -ptan|grep Xvnc"
can find out the port of the vncserver, like
"*:5901 (LISTEN)" or
(mind the ip address before the colon: it must be wildcard or localhost)
4.) Are you forwarding to the right host?
Try 127.0.0.1 instead of "localhost" or any hostname.
I'm fairly sure I have tried this, but I'll try again
5.) Can you locally connect to the vncserver? Check with
"nc -v localhost 5901" or "telnet localhost 5901" from the server's
shell. It must print a line starting with "RFB".
Yes, this works ok
6.) Is the server's /etc/hosts missing the line "127.0.0.1 localhost"?
No, this line is present
Yeh, am swiftly reaching the conclusion that I'll have to do a packet
sniff on the server to see what's going on. I still don't understand
why it works on the LAN but not over the internet!
7.) If this all doesn't help, I'd next try to trace the server's
loopback interface by running "tcpdump -i lo port 5901" as root.
Thanks for you suggestions - much appreciated,
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here