On Mon, 19 Jan 2004, Charlie Bullen wrote:

> Hi,  Illen need remote access to a box behind a firewall. Security is a
> requirement.
>
> On a scale of 1 to 10 with 1 being totally insecure and 10 being totally
> secure, how would you rate the following
>
> 1. Using VNC from a computer anywhere on the internet connecting to a
> computer sitting behind a firewall. The firewall passes traffic on port
> 5900 to a  specific  computer on the LAN.
>
> 2. The same basic setup as above, except using ssh to forward port 5900
> to the specific machine behind the firewall.


You probably should check with your sys/netadmin first, but if you've got
a box on the outside that you can SSH to from work, you can setup a
"reverse" tunnel and access your work box by completely by-passing the
usual inbound firewall security.

>From the work computer:

ssh -f -N <your-home-box-IP-here> -R 31337:localhost:22
(the password provided is that of your home box)

>From your home computer:

ssh -p 31337 localhost
(the password provided is that of your work box)

Voila!  You're on your work box.
~M