Which command is used to establish ssh tunnel in windows?

ssh ssh-tunnel vnc
8,513

I sense confusion and a possible misunderstanding.

When you establish a SSH tunnel with:

ssh user@server -L 5900:localhost:5900

...the following things happen:

  • a SSH connection is established and authenticated, of course.
  • the SSH client will set up a TCP port forwarding tunnel that listens for incoming connections on your local client system (-L)
  • the listening side of the tunnel will be on port 5900 on your system (= the first 5900)
  • the encrypted tunnel will go from your local client system to the server system
  • the output end of the tunnel on the server system will again pass the traffic onwards in its original unencrypted form, to localhost:5900 as the server system sees it. This is not the localhost of your local system, but localhost of the server system.

This is why your sentence "But I only have a Server and a client so cannot use forwarding" makes no sense. You can always forward things from your local system's localhost to the remote system's localhost (or vice versa, using -R instead of -L).

Port forwarding is the reason why SSH can be used to protect other programs that have no built-in support for SSH nor any kind of a special interface to it.

To successfully use the tunnel, you must understand that you can now reach the server's port 5900 by connecting to your client system's local port 5900. Or in other words, you must tell the VNC client to connect to localhost:5900 to connect to the server using the encrypted tunnel. If you tell the VNC client to connect to server:5900 instead, you are telling it to bypass the tunnel you set up for it, and just connect directly without the benefit of SSH encryption.

You also said that you don't want to use port forwarding. Well, then whatever your VNC (or any other) client is, must have some more elaborate way to use the tunnel provided by SSH. As far as I know, there are two possibilities:

  • a SOCKS4/SOCKS5 proxy support: you establish a SSH connection with

    ssh user@server -D 1234

Now, the SSH client will set up a SOCKS proxy in port 1234 of your local system. All the traffic entering that proxy will first pass through the encrypted SSH tunnel to the server system, and from there (again in unencrypted form) to whatever destination the VNC (or other) client requested. Of course, the VNC (or other) client must be configurable to support SOCKS4 or SOCKS5, and you must configure it to use a SOCKS proxy at localhost:1234 to use the SSH tunnel.

  • The other alternative is a full integration to the SSH client. In order to use SSH tunnels without any kind of proxy or port forwarding, the VNC (or other) client must include the SSH functionality, so that it can utilize the SSH tunnels directly from within its own program code, and effectively use the remote sshd server as an extender of itself, to establish network connections from there to anywhere.
Share:
8,513

Related videos on Youtube

Verma
Author by

Verma

Updated on September 18, 2022

Comments

  • Verma
    Verma over 1 year

    I wish to establish a ssh tunnel between windows server and client without port forwarding.

    I know the command to use to establish tunnel with port forwarding, But i only have a Server and a client so cannot use forwarding.

    ssh user@serverip -L 5900:localhost:5900

    When I use this command, my vnc session does not go through the tunnel. Hence I wish to avoid using port forwarding.

    I have been referring this guide and according to it my vnc should go through the tunnel.https://websistent.com/how-to-use-putty-to-create-a-ssh-tunnel/

    But i wish to do the same without port forwarding.

    With the above command i am facing loopback interface.

    Thanks!!

  • Verma
    Verma over 6 years
    I am directing my vnc client to localhost:5900 only. Maybe i got confused between local forwarding and remote forwarding. Now i used -R instead o -L and followed he same steps. So now vnc client is unable to connect to vnc server and says 'connection is declined by host computer'. I turned the firewall off on both the systems bu still go the same error. As i am logged in both the systems with same user name and password, could is be one of the reasons for this error?
  • Verma
    Verma over 6 years
    I would also like to ask that both my server and client are on the same network so which type of forwarding shall be used??
  • telcoM
    telcoM over 6 years
    I think you got the local vs. remote forwarding exactly right originally. If you want to tunnel a connection from your local system to the remote system or some other system near the remote system, use local forwarding. If you want to tunnel a connection from the remote system back to your local system, use remote forwarding.
  • Verma
    Verma over 6 years
    In that case, i should stick to -L only. Now the question arises is why the vnc connection not going through the tunnel even after the tunnel is established.?
  • telcoM
    telcoM over 6 years
    Is the SSH server configured to allow port forwarding? Is the VNC server running for sure?
  • Verma
    Verma over 6 years
    Vnc server is running as i am able to connect to it . This is the configuration of my sshd which i used Port 22 Protocol 2 LogLevel DEBUG3 PermitRootLogin yes StrictModes no AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication yes AllowAgentForwarding yes AllowTcpForwarding yes X11Forwarding yes PrintMotd no PrintLastLog yes TCPKeepAlive yes PermitTunnel yes Subsystem sftp sftp-server.exe hostkeyagent \\.\pipe\openssh-ssh-agent
  • telcoM
    telcoM over 6 years
    Wait... since this is a Windows sshd, I must ask which one exactly? Is it the one available as a developer option in the latest major update of Windows 10, or is it the Microsoft Win32-OpenSSH for PowerShell, or is it one of the third-party implementations? If it's the developer option one, I know it has some features stripped, but I have not found whether port forwarding is implemented or not.
  • Verma
    Verma over 6 years
    This one is the Win32-OpenSSH for powershell. Now i tried using putty as ssh client giving Host Name - localhost, Port - 5900 ,SSH-> tunnels -> Source port - 5900 , Destination - localhost:5900, It gives conection rfused error
  • telcoM
    telcoM over 6 years
    Now I noticed: you're telling PuTTY to connect to localhost, port 5900. If your local system doesn't have a SSH server in port 5900, that won't work. And if it had, then port 5900 would be occupied by it and the tunnel set-up would fail because port 5900 is already in use.
  • Verma
    Verma over 6 years
    Yes, you are right. 2 processes sshd and ssh-agent were running in the background and were occupying port 22 on client system. I ended those processes so that port 22 is free to listen and then tried but still faced the same.
  • Verma
    Verma over 6 years
    Although i dont think ssh will use port 5900 as it uses port 22 by default
  • telcoM
    telcoM over 6 years
    But if you put 5900 in the Port field on the Session page, you are telling PuTTY that the destination sshd is in non-default port 5900. In other words, in the PuTTY settings you listed, the Port - 5900 does not seem correct.
  • telcoM
    telcoM over 6 years
    Then what was Host Name - localhost, Port - 5900 in your PuTTY settings comment?
  • Verma
    Verma over 6 years
    Hostname - server ip, port - 22

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using a vnc client through ssh tunnel
VNC via SSH tunnel: channel 3: open failed: connect failed: No route to host
VNC connection via SSH proxy machine
Failing to reconnect to an NX session with the error: "error in locking authority file"
How to use Node.js to make a SSH tunneling connection to a MongoDB database
Jsch session Configuration
Port forwarding using SSH with different users: how to debug connection problems?
SSH: Permission denied, please try again. While tryng to connect to remote 12.04 server
using x11 forwarding with ssh and vnc?
SSH and x11vnc with multiple users