At the company I work for, we run services such as SSH, FTP, VNC, etc. on non-standard ports for security reasons. I frequently use client applications that allow me to connect to these services, but have a limitation of only being able to connect on standard ports. A way to get around this limitation is to use SSH’s port forwarding functionality.
Note: This tip will work on UNIX, Linux, and Mac OS X straight from the command line because they come with SSH clients out of the box. For Windows, another application such as PuTTY will be required.
So, let’s say that you want to be able to VNC into a remote system with a host name of my.host.com that runs VNC on port 9999, but your VNC client will only send traffic on the standard VNC port (5900). Provided that the remote system runs SSH on the standard port (to keep it simple for this example), you can run the following command:
ssh -L5900:my.host.com:9999 me@my.host.com
Next, the remote system should promt you for your password. After you’ve authenticated, a tunnel should be established. Then, just point your VNC client at your local machine (localhost or 127.0.0.1) on the standard VNC port (5900) and it will forward to the remote machine on port 9999.
You may not be running SSH on the server you wish to connect to, or the server may not be externally accessible. But, if you are running SSH on a machine that has access to the one you wish to connect to, here’s another option:
ssh -L5900:192.168.10.50:9999 me@my.host.com
In this example, the machine running the VNC server (192.168.10.50) is not accessible from outside of the network, but my.host.com is externally accessible and can communicate with 192.168.10.50 (because it’s on the same network). So, what we are actually doing is: 1) establishing an SSH tunnel to my.host.com and 2) forwarding the local port 5900 to 192.168.10.50’s port 9999 through the tunnel to my.host.com.
Hopefully you’ll get as much use out of this as I have.
Comments
Leave a Reply