September 14, 2009
I am in the midst of my trial period and I will be purchasing Meerkat. I appreciate the way it makes starting/stopping and resuming the tunnel after sleep painless!
That said this is all very new to me. The tutorial that i followed to set up SSH on my desktop mac covered a few topics. The first was creating a tunnel to use as a SOCKS proxy in safari I was able to get up and running very easily.
the other subject that the tutorial covered is pushing all VNC traffic through the tunnel. the terminal entry was something like
-L 5901:localhost:5900
a corresponding change needed to be made to the VNC client (chicken of the sea) to push it to +1 or 5901.
Now to my question. I use apple screen sharing so is this the right way to go about securing screen sharing sessions? If the answer is yes how do I get meerkat to do the -L 5901:localhaost:5900 thing?
thanks
September 15, 2009
#1
The tutorial you have is
The tutorial you have is basically saying to SSH into a given server and forward its localhost port 5900 to the local Mac port 5901.
So, to accomplish this with Meerkat, you would do the following:
1) Setup an SSH account to the machine in question in Meerkat using the hostname, username, and password provided by your SSH provider.
2) Add a new tunnel in Meerkat using the Tunnel Setup Assistant (File > Tunnel Setup Assistant...)
3) Choose "Remote service available locally" since you are making a remote computer's screen sharing available on the local Mac over the tunnel. Click 'Continue'.
4) Choose the SSH account in question. Click 'Continue'.
5) For remote hostname, enter 'localhost', similar to the -L argument used in the tutorial.
6) For remote port, enter 5900 since that is the port that screen sharing is running on on the SSH server machine (the default VNC port).
7) For local port, you could use 5901 to be just like the tutorial, but really any port >1024 will do here. Click 'Continue'.
8) Name the tunnel and click 'Create'.
Now, when you bring up the tunnel, you should be able to point Chicken of the VNC at localhost:5901 (or whatever local port you specified) to tunnel out via SSH and connect to the server's port 5900 securely.
One nice addition that might be handy is to double-click the new tunnel in Meerkat's main window, unfold the 'Advanced options' section, and choose to make the entry point available to other computers, then to advertise over Bonjour as VNC. This will make the local end of the tunnel show up in Finder's sidebar as well as in VNC apps' Bonjour browsers. It will be just like the remote machine is on your LAN for connection purposes, but all traffic will be secure through the tunnel.
Hope that helps!
September 15, 2009
#3
If you get the tunnel
If you get the tunnel advertising VNC over Bonjour, the tunnel name will show up as a shared service in Finder's left sidebar. Then you can click it and a 'share screen' button will appear that should launch Screen Sharing.
Regardless of Bonjour, you can also use Go > Connect To Server... in Finder and enter vnc://localhost:5901 to screen share as well.
September 15, 2009
#5
If that computer is
If that computer is definitely not on your LAN, then using the sidebar screen sharing will be over the tunnel. You can also name the tunnel in a distinctive way (e.g., "Secure Screen Sharing") and that is the name that will show up in Bonjour.
Want to join the forums? Create an account or login.
thanks Justin I will follow your instructions and report back. I like your addition of adding the bonjour support. I an not clear how to use apple screen sharing with the tunnel but that that is a different issue I want to get the tunnel up first.