logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Webmaster Tools & Utilities View previous topic :: View next topic
Reply to topic   Topic: Tunneling VNC & RDP through SSH
Author
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Mon 23 Oct '06 17:46    Post subject: Tunneling VNC & RDP through SSH Reply with quote

I have been using PuTTY as an SSH Client for some time, but it never has allowed me to scroll back in the DOS style window, not on any machine I have ever used it on.

I have installed the latest Bitvise SSH server software on a few machines and as far as I can tell, not being a Linux guy, this implementation of SSH is outstanding, at least as far as Windows is concerned. In a nutshell I can do anything from the command line that I want to with SSH on Windows. It doesn't seem that tough, after all SSH is just a server application, right? What could be so difficult about that.

Okay, so for even easier management of my servers I wanted a GUI, and the first thought that came to mind was VNC. Yes in deed you can tunnel VNC, ummmmm if you have a VNC server that allows all traffic on a single Port. RealVNC has a version that allows you to run all connection on a single port, so if VNC is your desired solution, this it the program you want.

With SSH and RealVNC you can marry the two by tunneling the rather non-secure VNC connection through the incredibly secure SSH Tunnel, and it's pretty easy to do, there are plenty of tutorials out there. The problem though is that VNC is burdonsome on the remote / server connection. In fact the page file I am seeing on my busiest server is down from over 1GB to about 800 MB or less since killing the RealVNC Server service. No kidding, it was absolutley thrashing my system resources even at an idle.

Next, I looked into RDP, from the command line you type mstsc.exe and it will open the Remote Desktop connection manager. By default RDP is not forced to be secure, though it can be quite secure when group policies are set properly on the remote machine, you can require 128 bit key strength and the use of RSA RC4 encryption.

Still though, it is possible to further encrypt and secure your connection with an SSH Tunnel.

I used PuTTY for a long time becuase it is so easy to set up, and very easy to set up an SSH Tunnel for RDP. I am now using Bitvise's Tunnelier application because it comes standard with a far superior command line windows that does allow scroll back, and it also offers a reasonable acceptable SFTP client.

Tunneling via the Bitvise Tunnelier however is not quite so easy, it took a little digging and after some frustration I figured it out without that documentation, though I went back and acutally the answers were right there, LOL.

So now with the Tunnelier, free for personal use mind you, you can use SFTP, command line, and tunnel RDP into the remote host that already has the SSH server on it. I have not tried any other SSH servers, and since the solution from Bitvise is working so solidly for me, I see no need to experiment.

If you wish to learn how to tunnel SSH, you can check out these sites:

http://www.bitvise.com/index.html Bitvise SSH Server and Tunnelier application

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html PuTTY client software

I'd be happy to help further, just don't want to spend a lot of time on screen shots, tutorials, and so on if there is no interest. Do consider this, if you are on a Cable Modem connection to the internet, you are not in a secure environment. It would be easy for anyone with just a little time on their hands and a bit of technical know-how to figure out how to packet sniff the node, and with that it would be amazingly easy for them to pick up on any traffic that is sent to and from your IP.

I personally would not RDP into any server I manage without using at a minimum 128 bit (high) encryption strength. And with VNC, I'd always tunnel it after seeing what some folks have been able to capture through the mis-use of otherwise legal software (HPING for example).
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Mon 23 Oct '06 19:07    Post subject: Reply with quote

Hm, the free Version of VNC has no encryption.
How did you marry the SSH and VNC?

Is there any freeware you have tested?
Back to top
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Mon 23 Oct '06 19:39    Post subject: Reply with quote

Did I say Marry? I meant, as should have been obvious, I tunnelled VNC through SSH, as this was the nature of the post. You cannot tunnel to the best of my knowledge any of the "FREE" VNC's (i.e. TightVNC) thorugh SSH since they require two ports. I do not know how to tunnel two ports through a single SSH connection.

Next, yes indeed VNC encrypts the login portion of the data transfer, but do take a closer look at what occurs post login.

Example: http://www.tightvnc.com/faq.html#howsecure

http://www.tightvnc.com/faq.html#howsecure wrote:
Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.

In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks.


I don't see how it is possible to tunnel TightVNC through OpenSSH ... but then I have not attempted to do so. Perhaps someone else can try this. I too like free software, and use plenty of it, but not everything worth having is going to be free.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 16 Mar '07 16:24    Post subject: Reply with quote

Ok, I used realVNC(.com) so I didn't know that tool, yet.

-----
edit
-----

I found a great example. It does not work with the current beta of freeSSHd only with 1.0.10
Negative.. the articel is in german Embarassed

http://www.rpg-domain.de/VNC/index.htm
Back to top
JanetKellman



Joined: 09 Jul 2007
Posts: 2

PostPosted: Mon 09 Jul '07 22:55    Post subject: Reply with quote

Here is some instructions with images Smile about tunneling vnc & rdp through ssh
http://martybugs.net/smoothwall/puttyvnc.cgi
http://ubuntu-tutorials.com/2007/06/12/vnc-over-ssh-securing-the-remote-desktop/
Back to top


Reply to topic   Topic: Tunneling VNC & RDP through SSH View previous topic :: View next topic
Post new topic   Forum Index -> Webmaster Tools & Utilities