Re: Port Forwarding -- Checking to be sure I understand it

Chuck wrote:

I'm not sure I follow exactly what you're trying to do. You say you're
providing support for friends/relatives but you want them logging in to
your system. It usually goes the other way around. They run an ssh
server and VNC service. You set up a tunnel from your client to their
server. If you want to run the tunnel over some port other than 22 (the
ssh default) you need to specify the alternate port either in the
ssh_config file, or with the -p option on the command line. The server
must be listening on the same port so that would require a similar
modification to the sshd_config file on the server. This should all be
documented in the sshd man page, or you can just read the comments in
the ssh config files.

The problem is I have three behind a firewall that is rather restrictive and
we can't connect with an incoming (to them) connection.  My parents are on
a dynamic IP and don't want me doing anything to their system, router, or
anything else, so, again, it is easier to use an outbound connection.  With
them, I have a script that starts RealVNC as a server then adds my domain as a client and it connects to me.  In the long run, I
may try to use this with clients, so I have that in the back of my mind,
but it isn't an issue now.  However, I have two friends and a sister behind
restrictive firewalls that deny all incoming connections and block most
ports.  We tried using RealVNC on port 80, but it was blocked, so my best
guess is that firewall (and the others) don't just block ports, but check
the data on them.  I know those firewalls allow HTTPS connections, so I
figure they should allow ssh over port 443, since, from what little I know,
their firewalls won't be able to tell the difference between that and their
browser going to a secure site.

For example, say you connect to a VNC server (port 5800 IIRC) on using port 443 (to get through someone's firewall).
You would first run the VNC and sshd services on the machine your
connecting to and on the client run

ssh -p 443 -L 5800:localhost:5800 userID@xxxxxxxxxxxxxxxxxxx

IIRC there's an option you need to set on RealVNC to allow connections
from localhost too. I use UltraVNC had to do that.

That's what I'm working with now -- or trying to set up.  If I do that, and
my friend/relative logs in on their own account, I should still get the
forwarded data stream if I'm running a program on my account, right?


BTW I would recommend CopSSH instead of sshWindows. The latter hasn't
been updated for close to a year. CopSSH is updated regularly. They're
both free.

I've also discovered PuTTY and PLINK, and may go with the latter.  What I'd
like is one they can run to tunnel/forward the data without them actually
having to log in.  I've looked at stunnel, but this is where the long term
comes in: I'd really like to use the same program on Windows and Linux and
stunnel isn't always an easy compile on Linux and isn't always easy to
install by a package manager (saw a case of RPM hell with it).  PuTTY and
PLINK are close enough to SSH that if I can't use the exact same program, I
still am using the same backend.

I'll look at CopSSH.  I've never heard of it before, but it's worth a look.

Thanks for the help and info!