-Lredirection to an internal host (e.g. "
-L 5900:otherhost:5900") the VNC traffic inside the firewall is not encrypted and you have to manually log into
otherhostto start x11vnc. Kyle Amon shows a method where you chain two ssh's together that encrypts all network traffic and also automatically starts up x11vnc on the internal workstation:
#!/bin/sh # gateway="example.com" # or "firstname.lastname@example.org" host="labyrinth" # or "user@hostname" user="kyle" # Need to sleep long enough for all of the passwords and x11vnc to start up. # The </dev/null below makes the vncviewer prompt for passwd via popup window. # (sleep 10; vncviewer -encodings "copyrect tight zrle zlib hextile" \ localhost:0 </dev/null >/dev/null) & # Chain the vnc connection thru 2 ssh's, and connect x11vnc to user's display: # exec /usr/bin/ssh -t -L 5900:localhost:5900 $gateway \ /usr/bin/ssh -t -L 5900:localhost:5900 $host \ sudo /usr/bin/x11vnc -localhost -auth /home/$user/.Xauthority \ -rfbauth .vnc/passwd -display :0Also note the use of
sudo(1)to switch to root so that the different user's
.Xauthorityfile can be accessed. See the
visudo(8)manpage for details on how to set this up (remove the sudo if you do not want to do this). One can also chain together ssh's for reverse connections with vncviewers using the
-listenoption. For this case
-Rwould replace the
-L(and 5500 the 5900, see the #2 example script above). If the gateway machine's
sshdis configured with
GatewayPorts=no(the default) then the double chaining of "
ssh -R ..." will be required for reverse connections to work.
A user reports that SSVNC works properly in remote helpdesk mode using UltraVNC Single-click in Windows Vista.