ssh -i /home/knoppix/homeserver -l root -L 5995:192.168.0.8:5901 www.server.com
gets me an ssh connections to my server
but

knoppix@0[~]$ vncviewer localhost:5995
vncviewer: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server
knoppix@0[~]$


root@0[knoppix]# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp6 0 0 ::1:5995 :::* LISTEN
Active UNIX domain sockets (only servers)


Im testing this from inside my LAN , so the SSH is going out and then coming back in.
I can connect directly to the VNC server with

vncviewer 192.168.0.8:1

and a connection from outside with a windows client & putty (L 5900 remote 192.68.0.8:5901) works

whats wrong with the port forwarding?

ssh -i /home/knoppix/homeserver -l root -L 5995:192.168.0.8:5901 www.server.com
gets me an ssh connections to my server

Logging in to ssh as root, particularly over the internet, is never a good idea. You should disable ssh root login and use a normal account. There is no need to be root to forward those ports.




knoppix@0[~]$ vncviewer localhost:5995
vncviewer: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server
knoppix@0[~]$

You are going to kick yourself! "localhost:5995" is trying to connect to vnc display session #95 on the remote server. Recall the syntax is host:display, not host:port! You should set the forward as "-L5901:whatever_host:5901" and then "vncviewer localhost:1" to connect. Forward local port 5902 if you are already using 5901 locally and then "vncviewer localhost:2", etc.

Somehow I think you know all this and am going to exclaim a loud "Doh!" when you read this?! :D

:oops:

As ive got this setup to use private/public key login, and Ive got the only key, I reckon root is OK :roll: :?



vncviewer localhost:1 and the konsole session appears to hang. top ( in another session) doenst show vncviewer running - just some Xfree activity . Dont know if vncviewer should show up with 'top'.


vncviewer debug localhost:1 gives me the help printout as does

vncviewer -debug localhost:1
vncviewer --debug localhost:1
vncviewer -d localhost:1[img]and any other combinaion I can think of .

heres the config for ssshd


grenada ~ # cat /etc/ssh/sshd_config |grep -v '#'
Protocol 2
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys
IgnoreUserKnownHosts yes
PasswordAuthentication no
IgnoreRhosts yes
PrintMotd yes
StrictModes no
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
GatewayPorts yes
AllowTcpForwarding yes
LoginGraceTime 20
KeepAlive yes
X11Forwarding yes

grenada ~ #

Is this just because the thing is running from the CD/RAM and runs out of resources with trying to run vncviewer and the encryption for the tunnel ?
Can I fix it to give vncviewer a higher priority or get some debug output ?

:oops:
Is this just because the thing is running from the CD/RAM and runs out of resources with trying to run vncviewer and the encryption for the tunnel ?

I doubt it. Check that the tunnel is working correctly and that the remote VNC server is there by typing "telnet localhost 5901" on the client side (after the ssh tunnel is logged in and set up). You should see some kind of low-level prompt from the remote end, e.g. I get "RFB 003.003". If you see this then the problem is the vncviewer side, if you don't see it then the problem is the ssh/vncserver side.

BTW, telnet is a good tool for debugging TCP/IP connection/application issues like this and many other similar problems.