Remote Desktop over ssh tunnel

This is a quick little post to show off some of the capabilities of an ssh tunnel. So, the back story. Earlier today, i was having a problem. There is a server on lcsd2.org that i needed gui (Apple Remote Desktop) access to. In the past, there is an ipsec based vpn i could use that was as simple as a single mouse click. Unfortunately, UW has decided, for whatever reason, that outbound ipsec tunnels shouldn’t be allowed. I can’t connect. However, i do have ssh access to a server on the inside of the network, and thats how this works.

So, to start you need ssh access to a server on the network you want access to. Check

Now you need to know the port of the service on the remote machine you need access to.ARD uses port 5900 for control/observe. Check.

Now, you just need to forward the port like so

ssh -L 9999/10.1.32.25/5900 helios.lcsd2.org

I’ll break that down a bit.

-L 9999/10.1.32.25/5900

The -L requests that port 9999 on the local machine be bound to a secure tunnel over ssh to the remote machine. 10.1.32.25 is the machine that i am trying to access ultimately and 5900 is the port that i want.

helios.lcsd2.org

This is the remote machine i am ssh’ing to. This is the one i have access to outside the network that i use to connect to the computer i want access to inside the network.

So, to recap. I establish a secure connection to helios.lcsd2.org. I choose a local port on the local machine that i want to use to access that secure tunnel. I choose the machine and the port and the end of the tunnel that i want access to. Now all thats left is to connect.

I am assuming here that you are running leopard. In Finder, go to the “Go” menu and choose “Connect to Server”

connect-to-server

Now, in the “Connect to Server” box, enter vnc://localhost:9999.

connect-to-server-2

Now, if all is well, you should see a prompt asking for a username and password on the remote machine. Just enter in your credentials and your done! You should now see the screen of the remote machine and have full access to it.

I should point out that this basic technique can applied to just about anything. I used to use it to access my router configuration page when i was away. Just change the ip address to the router and the port to 80 and your good. You could also use this to access internal websites at your company, school, whatever.

Enjoy! Please leave a comment if this was helpful.

Related Posts