This morning I needed to connect securly from my Windows 2000 machine to a Windows 2000 machine behind a remote firewall.
I needed to run ssh on the command line so I downloaded a VNC package that includes it: ""VNC with ssh".
I needed an X-Server so I downloaded Win32-XFree,"an Open Source GDI/DirectX based X-server for Windows 9x/NT Operating Systems built on top of X11R6.5.1. ".
To unpack it I had to use bunzip2 from my Cygwin installation after which I edited the startx.bat batch file and fixed up the paths and screen resolution and started it up.
Then from the VNC folder, I ran the ssh command:
ssh -R6011:localhost:6000 -l name xxx.172.39.19
and logged into the remote machine.
On the remote machine I ran
export DISPLAY=localhost:11
to tell applications to send the X-Windows output to port 6011. This maps to port 6000 on my machine which is running the X-Server and so when I run a command like xclock on the far machine it shows up locally on my X-Server.
Now here's the weird part, on the remote machine I run
vncviewer xxx.168.103.34:0
which runs the vncviewer on the remote machine which displays a windows 2000 session which is running on yet another machine on my local X-Server desktop.
My question to my friendly sysadmin (i.e Sajjad) is why can't I run the VNC view locally and tunnel through the linux machine connect to the remote windows 2000 machine's vncserver. He says it's more complicated to do this but I don't know enough argue with him right now.
References: Freeware SSH and SCP for Windows 9x, NT, ME, 2000 and XP
Posted by stuartcw at September 11, 2002 11:59 AMHello Dear M-r Woodward,
I think you have a little mistake - you not need X-Server for windows at all. There is WinVNC server in the distribution. URL for RTFM:
http://www.uk.research.att.com/vnc/winvnc.html
So you just need to start it on the one machine. In this way you can see this machine from any other with installed VNC client. I have tried all cross combinations: lin-to-win, win-to-lin, win-to-win, lin-to-lin and there was OK. Also before my company had two offices - in Tokyo and Osaka, so the connection was tunneled via IPsec.
In fact I think you not need SSH at all. The VNC have pretty good encryption included, with session password etc. For SSH:
http://www.uk.research.att.com/vnc/sshvnc.html
Stoyan, you are right. Later Sajjad fixed it so that I can tunnel (to Osaka) directly. The configuration is actually win-linux-win. First we had a reverse tunnel from the linux machine back to the X-server on my win2000 machine but now we have a forward tunnel from the linux machine to the remote win2000 vnc port.
Another issue that came up was that other users couldn't connect using SHH until we set the "HOME" folder in their environment. This lead to a misleading "Unknown User" error.
Posted by: Stuart Woodward at September 13, 2002 03:41 PM