How do to bind x11vnc to localhost only and tunnel through SSH?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.







share|improve this question






















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34














up vote
0
down vote

favorite
1












There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.







share|improve this question






















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34












up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.







share|improve this question














There are many good answers on how to tunnel VNC traffic using SSH. When doing something like...



ssh user@host -L 5900:localhost:5900 x11vnc


...you can connect to the SSH tunnel on localhost:5900 (on the client side) to the SSH. But isn't host:5900 also open for attackers? How can I make x11vnc listening only to the traffic comming from the SSH tunnel?



I'd prefer something temporary and not messing around with iptables or so.



I think the -listen parameter is not what I need, because it listens to the interface with the given IP address:



-listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too.


...copied from here.









share|improve this question













share|improve this question




share|improve this question








edited Jan 30 at 20:36

























asked Jan 30 at 20:16









lumbric

186310




186310











  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34
















  • why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
    – thrig
    Jan 30 at 20:26










  • @thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
    – lumbric
    Jan 30 at 20:34















why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
– thrig
Jan 30 at 20:26




why not have x11vnc listen on the loopback IP addres of 127.0.0.1 ?
– thrig
Jan 30 at 20:26












@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
– lumbric
Jan 30 at 20:34




@thrig uhh yes... Thank you! I forgot that this was a separate interface... I tried it out and noticed 5900 was open from outside. But actually there was a x11vnc process still running without -listen localhost.
– lumbric
Jan 30 at 20:34










1 Answer
1






active

oldest

votes

















up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f420786%2fhow-do-to-bind-x11vnc-to-localhost-only-and-tunnel-through-ssh%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41














up vote
4
down vote













Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer






















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41












up vote
4
down vote










up vote
4
down vote









Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost





share|improve this answer














Turns out that -listen is what I need. By listening to the device with addr localhost it listens only to the loopback device:



ssh user@host -L 5900:localhost:5900 x11vnc -listen localhost






share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 4 at 16:43









Jeff Schaller

31.4k846105




31.4k846105










answered Jan 30 at 20:36









lumbric

186310




186310











  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41
















  • Thanks for answering your own question when you got it to work. This helps all of us.
    – jc__
    Jan 31 at 14:41















Thanks for answering your own question when you got it to work. This helps all of us.
– jc__
Jan 31 at 14:41




Thanks for answering your own question when you got it to work. This helps all of us.
– jc__
Jan 31 at 14:41












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f420786%2fhow-do-to-bind-x11vnc-to-localhost-only-and-tunnel-through-ssh%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?