Re: SSH and speed over dialup lines (was Re: Radmin)


Scott Dudley ()
Tue, 13 Jul 1999 12:21:09 -0700


Rich Lafferty wrote:

> Quoting Angel Martin Alganza () from Tue, Jul 13, 1999 at 07:47:12PM +0200:
> > On Tue, 13 Jul 1999, Rich Lafferty wrote:
> >
> > > with the speed, I tried sending it over a compressed SSH tunnel.
> >
> > How does one do so? Is there any documentation on how to set it up?
> >
> > Thanks,
> > Angel
>
> There's "man ssh", of course. But here's what I did...
>
> There are three machines involved -- joshu, my home Linux box (and the
> VNC client machine); bofh, my work Mac (and the VNC server machine),
> and alcor, a Unix system on the same Ethernet network as bofh.
>
> SSH allows for compressed and encrypted tunnels to be set up alongside
> its terminal connections. Since there's no SSH server on the Mac, I
> set up a compressed, encrypted tunnel between joshu (on an insecure
> public dialup) and alcor, and then connected from alcor to bofh with
> a normal connection. In other words,
>
> joshu--->joshu==============>alcor--->bofh
>
> where --- is unencrypted and uncompressed, and ==== is encrypted and
> compressed. Note that the first uncompressed link is on the loopback
> interface (ie, "localhost"), so can be considered secure and is
> negligible in terms of speed, and that the last uncompressed link is
> within my organization, so is on a fast network and is relatively
> secure. The unsecure and slow link between joshu and alcor (over a
> modem) is where SSH comes in handy, encrypting the link and
> compressing the data sent over it.
>
> The VNC server would be running on bofh, on port 5900 (for display 0).
> On joshu, I'd do the following commands:
>
> joshu:~$ ssh -C -L5901:bofh:5900 alcor
>
> (which says, set up a compressed (-C) local ssh tunnel (-L) from local
> port 5901 to alcor, and have alcor connect to bofh's port 5900.)
>
> Then, since we're using port 5901 locally (which is display 1 to VNC),
>
> joshu:~$ vncviewer localhost:5901
>
> and up comes bofh's VNC display 0, compressed and encrypted along the way.
>
> (The behavior of the -L option is sort of nonintuitive; it might help
> to think of it as a way to make it so that the network(s) between the
> client machine (joshu) and the machine to which the ssh connection is
> made (alcor) can be discounted, so that connecting to the specified
> port on joshu from joshu is equivalent to connecting to the specified
> port on bofh from alcor.)
>
> If you were doing a unix-to-unix VNC connection (or, for that matter,
> any machine-with-ssh-client to machine-with-ssh-server VNC connection),
> you could do "ssh -C -L5901:remotehost:5900 remotehost" and eliminate
> unencrypted channels entirely.
>
> -Rich
>
> --
> ------------------------------ Rich Lafferty ---------------------------
> Sysadmin/Programmer, Information and Instructional Technology Services
> Concordia University, Montreal, QC (514) 848-7600
> ------------------------- ----------------------
>
> ---------------------------------------------------------------------
> The VNC mailing list - see
> ---------------------------------------------------------------------

Rich,

Can your provide relative speed comparison of vnc over ssh compressed vs normal dial-up?

Thanks.




This archive was generated by on Sun Aug 01 1999 - 23:40:14 BST