[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: VNC through SSH tunnelling problem

Have just tried a packet sniff with tcpdump. No results for a sniff on the loopback interface, but results on eth0! So ssh seems to be the problem. 

output:

login as: <username>
<username>@<ip address>'s password:
Last login: Fri Dec 12 09:36:54 2003 from <remote ip>
Have a lot of fun...
Directory: /home/<username>
Have a lot of fun...
Directory: /home/<username>
Fri Dec 12 10:18:48 GMT 2003
ferrret /home/<username>> lsof -Pai -c Xvnc
COMMAND  PID       USER   FD   TYPE DEVICE SIZE NODE NAME
Xvnc    3133 <username>    0u  IPv4  22463       TCP *:6004 (LISTEN)
Xvnc    3133 <username>    3u  IPv4  22484       TCP *:5904 (LISTEN)
Xvnc    3133 <username>    4u  IPv4  22485       TCP *:5804 (LISTEN)
ferrret /home/<username>> netstat -ptan | grep Xvnc
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:5804 0.0.0.0:* LISTEN 3133/Xvnc tcp 0 0 0.0.0.0:5904 0.0.0.0:* LISTEN 3133/Xvnc tcp 0 0 0.0.0.0:6004 0.0.0.0:* LISTEN 3133/Xvnc 
ferrret /home/<username>> tcpdump port 5904
tcpdump: no suitable device found
ferrret /home/<username>> su
Password:
ferrret:/home/<username> # tcpdump  port 5904
tcpdump: listening on eth0
10:23:22.086336 <host>.<net>.samd > <router>.5904: S 632357250:632357250(0) win 5840 <mss 1460,sackOK,timestamp 913883 0,nop,wscale 0> (DF) 10:23:22.087366 <router>.5904 > <host>.<net>.samd: R 0:0(0) ack 632357251 win 0
This is produced when I use VNC on the client machine to connect to localhost:1 or 127.0.0.1:1. As I said tcpdump listening on loopback doesn't produce any output. Suggestions appreciated. 

Cheers,
Neil


Neil Anderson wrote:


Johannes Franken wrote:


* Neil Anderson <cleidh_mor@xxxxxxxxxxxxxxx> [2003-12-09 21:46 +0100]:

I SSH to my Linux box ok, start a VNC server ok and can do a
"straight" VNC into the linux box.  However, if I try to use the VNC
viewer to set up a connection to localhost on the Windoze machine (to
use port forwarding) nothing happens and if I look in PuTTY's event
log it has the error "server refused forwarded connection".



Just some ideas:

1.) The server's /etc/ssh/sshd_config doesn't contain
"AllowTcpForwarding=no", does it?
Nope - my sshd config didn't have anything about TCP forwarding in it so I explicitly enabled it with AllowTcpForwarding=yes 


2.) Are there any "no-port-forwarding" or "permitopen" options in your
~/.ssh/authorized_keys ?

There is no authorized_keys file (aha?)


3.) Are you forwarding to the right port?
 "lsof -Pai -c Xvnc" and
 "netstat -ptan|grep Xvnc"
can find out the port of the vncserver, like
 "*:5901 (LISTEN)" or
 "0.0.0.0:5901"
(mind the ip address before the colon: it must be wildcard or localhost)
Yes I am sure it is the right port that is being forwarded - I am forwarding the client port 5901 to server port 5904 where the vnc server is intialised on display 4 


4.) Are you forwarding to the right host?
Try 127.0.0.1 instead of "localhost" or any hostname.

I'm fairly sure I have tried this, but I'll try again


5.) Can you locally connect to the vncserver? Check with
"nc -v localhost 5901" or "telnet localhost 5901" from the server's
shell. It must print a line starting with "RFB".

Yes, this works ok


6.) Is the server's /etc/hosts missing the line "127.0.0.1 localhost"?

No, this line is present


7.) If this all doesn't help, I'd next try to trace the server's
loopback interface by running "tcpdump -i lo port 5901" as root.
Yeh, am swiftly reaching the conclusion that I'll have to do a packet sniff on the server to see what's going on. I still don't understand why it works on the LAN but not over the internet! 

Thanks for you suggestions - much appreciated,
Neil






--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here