Robert P. J. Day wrote:
# Use "-localhost" to prevent remote VNC clients connecting except
when # doing so through a secure tunnel. See the "-via" option in
the # `man vncviewer' manual page.
i only recently noticed the "-via" option, but the man page
explanation for that is hideously uninformative in terms of explaining
what my options are for the "gateway" system. assuming i can use the
VNC client system itself as the gateway, if i'm currently connecting
using:
$ vncviewer 192.168.1.100:5901
how precisely would i extend that to add a "-via" option? that
*would* be worth adding to the recipe.
I've notice -via before, and am at least as confused as you are.
However, my LANs are small enough and my VNCs and firewalls tight enough
that i simply don't trouble myself with making it listen to a specific
IP address.
If you do that, then ssh covers you nicely:
ssh -L 5901:127.0.0.1:5901 <more options to taste> work.example.lan
and then vncviewer localhost:1
Then, if the CIA can decrypt my VPN on the fly, they then get to try ssh
as well.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
