Howto use a SSL tunnel

Howto use a SSL tunnel (from outside Garching)

To access a service available on a machine with a private IP address in Garching from outside (e.g. via DSL) one can establish a SSL tunnel for the network port used by the service through a machine with a public address which can see the private address. In our example we use charly.physik.uni-muenchen.de.

Assume the Webserver lives on host wwwsecrete visible from charly with IP address 192.168.111.111 and uses port 80 as webservers normally do.

The following command connects this service to port 10080 on the local maschine:

ssh charly.physik.uni-muenchen.de -L 10080:192.168.111.111:80

In mozilla use as URL:

http://localhost:10080/atlas/slowcontrol/slowcontrol.html

A tunnel for a VNC server

VNCservers use as default port 5900 + DISPLAY_Number. So to access a VNCserver not directly visible at private IP address 192.168.222.222 you can connect to this via a ssh tunnel as follows.

On 192.168.222.222 with name wwwsecrete you start the VNCserver. (Since you most likely can not directly login to wwwsecrete you also have to that via charly)

vncserver -geometry 1280x1024

The response of the program is:

New 'wwwsecrete:1 (user)' desktop is wwwsecrete:1

On your local maschine you establish the tunnel through charly:

ssh charly.physik.uni-muenchen.de -L 15901:192.168.222.222:5901

Now you can start the VNCviewer on your local machine with:

vncviewer localhost:15901