I've been searching for hours now, can't figure this one out.
I am trying to make the following happen:
Client: remmina + ssh tunnel
Server: Lubuntu + openssh server (public key authentication) + vino server over ssh tunnel ONLY + allow client to only open 1 port (vnc port)
So far I can connect to my server apparently in both ways (with ssh tunnel and without it), which is unacceptable.
Running vino-preferences GUI doesn't help me much :s
So my question basically is:
- "How do I block any port opening on server and only single SSH port (22) and allow client to tunnel VNC over SSH via specific port (If it makes sense)?"
- No other type of VNC connection should be allowed
P.S. I plan to forward port 22 on router to my server and only allow SSH connections.
Best Answer
AFAIK the
vino-preferences
GUI does not include it, but I believe the parameter you are looking for isnetwork-interface
If unset (i.e. the above command returns the empty string,
''
) then vino-server listens on all available interfaces, whereas if set tolo
then it will listen only on the
lo
(localhost
) interface.You could also use the GUI
dconf-editor
, where the parameter is listed under theorg -> gnome -> desktop -> remote-access
item.You can confirm that the server is listening on the desired interface using
netstat
e.g. the default is(listening on all available interfaces); then after
you should see that it is only listening on the localhost interface(s):
Alternatively (or additionally), you could use
iptables
orufw
to close the port - by default, it is port 5900 + display number.