How do to bind x11vnc to localhost only and tunnel through SSH?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
 addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.




ssh-tunneling vnc




share|improve this question






















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34














up vote
0
down vote

favorite
1












There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
 addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.




ssh-tunneling vnc




share|improve this question






















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34












up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
 addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.




ssh-tunneling vnc




share|improve this question














There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
 addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.





ssh-tunneling vnc





share|improve this question













share|improve this question




share|improve this question








edited Jan 30 at 20:36

























asked Jan 30 at 20:16









lumbric

186310




186310











  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34
















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34















why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
– thrig
Jan 30 at 20:26




why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
– thrig
Jan 30 at 20:26












@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
– lumbric
Jan 30 at 20:34




@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
– lumbric
Jan 30 at 20:34










1 Answer
1






active

oldest

votes

















up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f420786%2fhow-do-to-bind-x11vnc-to-localhost-only-and-tunnel-through-ssh%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41














up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41












up vote
4
down vote










up vote
4
down vote









Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer














Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost






share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 4 at 16:43









Jeff Schaller

31.4k846105




31.4k846105










answered Jan 30 at 20:36









lumbric

186310




186310











  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41
















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41















Thanks for answering your own question when you got it to work. This helps all of us.
– jc__
Jan 31 at 14:41




Thanks for answering your own question when you got it to work. This helps all of us.
– jc__
Jan 31 at 14:41












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f420786%2fhow-do-to-bind-x11vnc-to-localhost-only-and-tunnel-through-ssh%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more