[blat]

With a laptop g4 and desktop g4 running OSX 10.2.6, I am trying to access and remotely control a PC with XP home installed and an IMAC running OSX 10.1.5 that are sitting behind an asante ethernet router on a cable broadband LAN. I have been able to run VNC from the outside mac's through the router to the pc, but became concerned about security issues and decided to use an SSH shell. The problem then became implementing SSH on the LAN PC and IMAC and on the outside clients. I have read previous posts here but still do not understand the step by step procedures and the software I need to use. Is there an SSH server for the PC or Mac? And do you simply run SSH first until a connection is made and then double click the VNC client? I know that the VNC client runs through ports in the 59xx range while SSH uses port 22. How do I know my connection is secure? Thanks for any help you may be able to give.

[Kyaphas]

Step 1, run "man ssh" in a terminal window. /forums/ubbthreads/images/graemlins/wink.gif
Ok, lessee here. I assume you are ssh'ing from the OS X laptop.
First, you will need an ssh server running on each machine that you wish to connect to. The iMac should have it built-in with OS X. (I'm not positive of 10.1.5 since I'm running 10.2.6). To enable remote login via ssh you need to go to your System Preferences, in the Internet & Network section, click on Sharing. Here there is a list of services you can enable to allow remote access. The one you're looking for is Remote Login. Check this, and it will turn on SSHD (the ssh server, or daemon as it's sometimes called). You can now login to the iMac remotely (using an account configured on that machine) by running "ssh blat@192.168.1.15 -L 5900:192.168.1.15:5901" and it will prompt you for your password. After you enter it correctly, you are connected to iMac1 in an ssh session.
Quick analysis of the above ssh command. The username@IPaddress is pretty self-explanatory. the part after the -L is what I want to explain. The first port, 5900, is the port on the local machine (lap1) that you will connect to. (VNC uses display number as you should have seen, and they correspond to port 5900 and up. Display 0 is port 5900, display 1 is 5901, and so on.) The IP address is the IP address of the machine to be tunnelled to, imac1, and the second port, 5901, is the port on which that machine to be tunnelled to will be listening. 5901 is usually the first display for VNC. If you have set VNC to choose the display automatically, then it will be 0 (port 5900).
Don't close this until you're ready to close the tunnel. Next, launch VNC and connect to 10.10.10.5:0 (you could also put localhost:0), then press OK, or CONNECT or whatever it is to start the connection. VNC then connects to lap1 on port 5900, which gets forwarded out the encrypted ssh connection to iMac1 and the sshd receives the connection, and puts it to port 5901 on iMac1.
So, does that clear it all up? /forums/ubbthreads/images/graemlins/grin.gif
Edit: Broke up a really long paragraph.

[blat]

WOW!
Thank you for the very thorough response. I feel sure I'll be able to implement VNC via SSH by following your directions. I'll post again about how it goes. Thanks again!!

[Kyaphas]

No problem. Glad I could help out. Lemme know if you have any more issues with it.

[Kyaphas]

Oh yeah, I meant to say that you could tell that it's going out the ssh tunnel by putting up a firewall (which you should really have already) and the only thing allowed to pass in form the net should be ssh. Then if it connects you know it must be through the tunnel.

[blat]

Just an update - again I appreciate your help - but the only windows ssh servers out there seem to be $100 or more. I've looked at openssh and the cgywin project but I'm not knowledgeable enough get them to work properly. As much as I hate the idea, the only other option seems to be purchasing XP pro and then using remote desktop to access the pc from elsewhere.

[Kyaphas]

Yeah, I hear ya about the cost of the SSH servers on windows. Cygwin and OpenSSH is a good idea, though. I hadn't thought about that. It's been a while since I installed it, but I don't remember it being very hard. You might want to give it a shot. Configuring OpenSSH is fairly easy too, just configure /etc/ssh/sshd.conf for the options you'll need.
If you decide to give cygwin/OpenSSH a shot, let me know. I'll be happy to try and help you get it working.
As for XP and RDC, I don't know if that's an encrypted connection or not, which was what you were going for, but it is an option for connecting to the windows machine.

[Kyaphas]

Alright, I gotcha one.
http://lexa.mckenna.edu/sshwindows/
You got me wanting to be able to SSH into my machine from home, so I was trying to use CYGWIN for it, but like you said, it's a real pain to configure. The site above has an installer package for OpenSSH that installs on my XP Pro machine with no problems. Just be sure to read the quickstart.txt file that comes with it. It explains how to create the necessary group and passwd files so that you can login. I'm testing it out now. It's acting a bit funny with tunnels.

[blat]

Thanks for the continuing posts. I also tried the openssh package but didn't know where to find or how to modify the txt files for passwords so I kept looking. I found a couple of commercial packages and I'm now playing with Winsshd in an attempt to get it to work. Also have been through remotely anywhere and timbuktu with various problems too convoluted to mention. Currently stuck on strange problem of not being able to log in to the xp machine through my usual password and account from the terminal in os x. Oh well, it's all about the search and making it work anyway.
Oh another thing that seems very curious. ALL of the gui front ends for ssh and other helper programs will not download. I've been to several sites like version tracker and mac updates and none of these programs seem to even exist anymore. ???