Use VNC to SSH tunnel through bastion host to graphical OS (Red Hat)
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Here's the scenario: I have 4 hosts.
- Client/localhost
- AWS bastion host (port 22 only)
- EC2 Instance with graphical desktop (private subnet)
- EC2 Instance (no graphical) with Docker running a WebLogic Server container
Problem: I need to be able to access that WebLogic server via internet browser through the bastion host. Now I can only use port 22 to the bastion host but all outgoing connections are enabled.
My idea was to use TightVNC viewer and SSH tunnel through the bastion host to the GUI instance.
Now my issues is I don't know how to get my bastion host to forward incoming port 22 for my user to the destination port 5905, in my case. I do not have root access on the bastion host.
All of the solutions I've found so far involve SSHing via command line, not using VNC. I need the bastion to automatically forward port 22 traffic to the VNC port, for my user only if possible but not 100% required.
public public private private
[user/client] --22-->[bastion]--VNC:5905-->[VNC Server]--80/443-->[Docker/WLS]
GUI CLI GUI CLI
rhel ssh-tunneling vnc amazon-ec2 aws
edited Mar 17 at 8:14
Thomas
3,39741123
asked Mar 16 at 23:01
Greg
154
add a comment |Â
up vote
0
down vote
favorite
Here's the scenario: I have 4 hosts.
- Client/localhost
- AWS bastion host (port 22 only)
- EC2 Instance with graphical desktop (private subnet)
- EC2 Instance (no graphical) with Docker running a WebLogic Server container
Problem: I need to be able to access that WebLogic server via internet browser through the bastion host. Now I can only use port 22 to the bastion host but all outgoing connections are enabled.
My idea was to use TightVNC viewer and SSH tunnel through the bastion host to the GUI instance.
Now my issues is I don't know how to get my bastion host to forward incoming port 22 for my user to the destination port 5905, in my case. I do not have root access on the bastion host.
All of the solutions I've found so far involve SSHing via command line, not using VNC. I need the bastion to automatically forward port 22 traffic to the VNC port, for my user only if possible but not 100% required.
public public private private
[user/client] --22-->[bastion]--VNC:5905-->[VNC Server]--80/443-->[Docker/WLS]
GUI CLI GUI CLI
rhel ssh-tunneling vnc amazon-ec2 aws
edited Mar 17 at 8:14
Thomas
3,39741123
asked Mar 16 at 23:01
Greg
154
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Here's the scenario: I have 4 hosts.
- Client/localhost
- AWS bastion host (port 22 only)
- EC2 Instance with graphical desktop (private subnet)
- EC2 Instance (no graphical) with Docker running a WebLogic Server container
Problem: I need to be able to access that WebLogic server via internet browser through the bastion host. Now I can only use port 22 to the bastion host but all outgoing connections are enabled.
My idea was to use TightVNC viewer and SSH tunnel through the bastion host to the GUI instance.
Now my issues is I don't know how to get my bastion host to forward incoming port 22 for my user to the destination port 5905, in my case. I do not have root access on the bastion host.
All of the solutions I've found so far involve SSHing via command line, not using VNC. I need the bastion to automatically forward port 22 traffic to the VNC port, for my user only if possible but not 100% required.
public public private private
[user/client] --22-->[bastion]--VNC:5905-->[VNC Server]--80/443-->[Docker/WLS]
GUI CLI GUI CLI
rhel ssh-tunneling vnc amazon-ec2 aws
edited Mar 17 at 8:14
Thomas
3,39741123
asked Mar 16 at 23:01
Greg
154
Here's the scenario: I have 4 hosts.
- Client/localhost
- AWS bastion host (port 22 only)
- EC2 Instance with graphical desktop (private subnet)
- EC2 Instance (no graphical) with Docker running a WebLogic Server container
Problem: I need to be able to access that WebLogic server via internet browser through the bastion host. Now I can only use port 22 to the bastion host but all outgoing connections are enabled.
My idea was to use TightVNC viewer and SSH tunnel through the bastion host to the GUI instance.
Now my issues is I don't know how to get my bastion host to forward incoming port 22 for my user to the destination port 5905, in my case. I do not have root access on the bastion host.
All of the solutions I've found so far involve SSHing via command line, not using VNC. I need the bastion to automatically forward port 22 traffic to the VNC port, for my user only if possible but not 100% required.
public public private private
[user/client] --22-->[bastion]--VNC:5905-->[VNC Server]--80/443-->[Docker/WLS]
GUI CLI GUI CLI
rhel ssh-tunneling vnc amazon-ec2 aws
edited Mar 17 at 8:14
Thomas
3,39741123
asked Mar 16 at 23:01
Greg
154
edited Mar 17 at 8:14
Thomas
3,39741123
edited Mar 17 at 8:14
Thomas
3,39741123
edited Mar 17 at 8:14
Thomas
3,39741123
3,39741123
asked Mar 16 at 23:01
Greg
154
asked Mar 16 at 23:01
Greg
154
asked Mar 16 at 23:01
Greg
154
154
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21
add a comment |Â
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
This should be a pretty normal ssh -L 5905:vnchost:5905 user@bastionhost, followed by vncviewer localhost:5905 on the public client system, unless the bastion server is explicitly disabling SSH tunneling or there is firewalling between it and the VNC server host.
The -L 5905:vnchost:5905 (alternately written -L localhost:5905:vnchost:5905) parameter means that the ssh client node will open a port on localhost:5905 and the SSH server daemon on the bastion host should try to send the tunnel to vnchost:5905 when the VNC viewer on the client side tries to initiate a connection.
If the connection can't be made, an error message should appear in the SSH session (and the VNC client will probably throw an error too).
answered Mar 18 at 1:38
mulad
962
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This should be a pretty normal ssh -L 5905:vnchost:5905 user@bastionhost, followed by vncviewer localhost:5905 on the public client system, unless the bastion server is explicitly disabling SSH tunneling or there is firewalling between it and the VNC server host.
The -L 5905:vnchost:5905 (alternately written -L localhost:5905:vnchost:5905) parameter means that the ssh client node will open a port on localhost:5905 and the SSH server daemon on the bastion host should try to send the tunnel to vnchost:5905 when the VNC viewer on the client side tries to initiate a connection.
If the connection can't be made, an error message should appear in the SSH session (and the VNC client will probably throw an error too).
answered Mar 18 at 1:38
mulad
962
add a comment |Â
up vote
0
down vote
This should be a pretty normal ssh -L 5905:vnchost:5905 user@bastionhost, followed by vncviewer localhost:5905 on the public client system, unless the bastion server is explicitly disabling SSH tunneling or there is firewalling between it and the VNC server host.
The -L 5905:vnchost:5905 (alternately written -L localhost:5905:vnchost:5905) parameter means that the ssh client node will open a port on localhost:5905 and the SSH server daemon on the bastion host should try to send the tunnel to vnchost:5905 when the VNC viewer on the client side tries to initiate a connection.
If the connection can't be made, an error message should appear in the SSH session (and the VNC client will probably throw an error too).
answered Mar 18 at 1:38
mulad
962
add a comment |Â
up vote
0
down vote
up vote
0
down vote
This should be a pretty normal ssh -L 5905:vnchost:5905 user@bastionhost, followed by vncviewer localhost:5905 on the public client system, unless the bastion server is explicitly disabling SSH tunneling or there is firewalling between it and the VNC server host.
The -L 5905:vnchost:5905 (alternately written -L localhost:5905:vnchost:5905) parameter means that the ssh client node will open a port on localhost:5905 and the SSH server daemon on the bastion host should try to send the tunnel to vnchost:5905 when the VNC viewer on the client side tries to initiate a connection.
If the connection can't be made, an error message should appear in the SSH session (and the VNC client will probably throw an error too).
answered Mar 18 at 1:38
mulad
962
This should be a pretty normal ssh -L 5905:vnchost:5905 user@bastionhost, followed by vncviewer localhost:5905 on the public client system, unless the bastion server is explicitly disabling SSH tunneling or there is firewalling between it and the VNC server host.
The -L 5905:vnchost:5905 (alternately written -L localhost:5905:vnchost:5905) parameter means that the ssh client node will open a port on localhost:5905 and the SSH server daemon on the bastion host should try to send the tunnel to vnchost:5905 when the VNC viewer on the client side tries to initiate a connection.
If the connection can't be made, an error message should appear in the SSH session (and the VNC client will probably throw an error too).
answered Mar 18 at 1:38
mulad
962
answered Mar 18 at 1:38
mulad
962
answered Mar 18 at 1:38
mulad
962
answered Mar 18 at 1:38
mulad
962
962
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430698%2fuse-vnc-to-ssh-tunnel-through-bastion-host-to-graphical-os-red-hat%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Are you able to make any changes at all on bastion? Have you looked at running autossh on bastion? Not sure if you have rights to even set it up on that server.
– saleetzo
Mar 16 at 23:17
I do have some rights, just not with sudo privileges. I do have permissions for my home directory like ~.ssh/. I wasn't aware of autossh but I will look into that.
– Greg
Mar 16 at 23:21