How do to bind x11vnc to localhost only and tunnel through SSH?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...
ssh user@host -L 5900:localhost:5900 x11vnc
...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?
I'd prefer something temporary and not messing around with iptables or so.
I think the -listen
parameter is not what I need, because it listens to the interface with the given IP address:
-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.
...copied from here.
ssh-tunneling vnc
add a comment |Â
up vote
0
down vote
favorite
There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...
ssh user@host -L 5900:localhost:5900 x11vnc
...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?
I'd prefer something temporary and not messing around with iptables or so.
I think the -listen
parameter is not what I need, because it listens to the interface with the given IP address:
-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.
...copied from here.
ssh-tunneling vnc
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without-listen localhost
.
â lumbric
Jan 30 at 20:34
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...
ssh user@host -L 5900:localhost:5900 x11vnc
...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?
I'd prefer something temporary and not messing around with iptables or so.
I think the -listen
parameter is not what I need, because it listens to the interface with the given IP address:
-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.
...copied from here.
ssh-tunneling vnc
There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...
ssh user@host -L 5900:localhost:5900 x11vnc
...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?
I'd prefer something temporary and not messing around with iptables or so.
I think the -listen
parameter is not what I need, because it listens to the interface with the given IP address:
-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.
...copied from here.
ssh-tunneling vnc
edited Jan 30 at 20:36
asked Jan 30 at 20:16
lumbric
186310
186310
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without-listen localhost
.
â lumbric
Jan 30 at 20:34
add a comment |Â
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without-listen localhost
.
â lumbric
Jan 30 at 20:34
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without
-listen localhost
.â lumbric
Jan 30 at 20:34
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without
-listen localhost
.â lumbric
Jan 30 at 20:34
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
Turns out that -listen
is what I need. By listening to the device with addr localhost
it listens only to the loopback device:
ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
Turns out that -listen
is what I need. By listening to the device with addr localhost
it listens only to the loopback device:
ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
add a comment |Â
up vote
4
down vote
Turns out that -listen
is what I need. By listening to the device with addr localhost
it listens only to the loopback device:
ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Turns out that -listen
is what I need. By listening to the device with addr localhost
it listens only to the loopback device:
ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost
Turns out that -listen
is what I need. By listening to the device with addr localhost
it listens only to the loopback device:
ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost
edited Feb 4 at 16:43
Jeff Schaller
31.4k846105
31.4k846105
answered Jan 30 at 20:36
lumbric
186310
186310
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
add a comment |Â
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
Thanks for answering your own question when you got it to work. This helps all of us.
â jc__
Jan 31 at 14:41
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f420786%2fhow-do-to-bind-x11vnc-to-localhost-only-and-tunnel-through-ssh%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
â thrig
Jan 30 at 20:26
@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without
-listen localhost
.â lumbric
Jan 30 at 20:34