Re: SSH newbie

• Previous message: Darren Tucker: "Re: SMTP over SSH Tunnel error using putty: Corrupted MAC on Input"
• In reply to: Richard E. Silverman: "Re: SSH newbie"
• Next in thread: dsmcd: "Re: SSH newbie"
• Reply: dsmcd: "Re: SSH newbie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Mar 2005 07:28:39 +0000 (UTC)

In article <m2r7ipfqrf.fsf@darwin.oankali.net> Richard E. Silverman
<res@qoxp.net> writes:
>>
>> Hello...
>> Am I correct that SSH eliminates the need for port forwarding? or am I
>way off
>> base on this one? Thinking of using SSH in conjunction with VNC.
>
>Port forwarding is one of the features SSH *provides*.

I found the question pretty puzzling too:-), but I assume it uses "port
forwarding" to refer to a firewall doing DNAT. I.e. in the case of VNC,
you could set up the firewall to forward <public-IP>:5900 to
<private-IP>:5900 by changing the IP address in the packets going by,

So, to the OP: SSH can certainly be a very good alternative to this
practice, even though "eliminate the need" would be an exaggeration -
e.g. it requires that the user can and does run a SSH client and has a
SSH server inside (or possibly on) the firewall to connect to. On the
plus side you can have port forwarding to any number of different (e.g.)
internal VNC servers without any firewall config beyond letting port 22
through - and the communication is encrypted of course, which is
particularly important for VNC which would otherwise send
username/password in the clear IIRC. (The "TightVNC" implementation even
has a builtin capability to fire up a port forwarding SSH session.)

--Per Hedeland
per@hedeland.org

• Previous message: Darren Tucker: "Re: SMTP over SSH Tunnel error using putty: Corrupted MAC on Input"
• In reply to: Richard E. Silverman: "Re: SSH newbie"
• Next in thread: dsmcd: "Re: SSH newbie"
• Reply: dsmcd: "Re: SSH newbie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]