Mac OS X 有提供遠端桌面的服務,雖然可以設定密碼連線,但整個過程中似乎沒有加密?所以我就在 Ubuntu 上試著用 ssh tunnel 連到 Mac OS X。此目的是從 Ubuntu 機器遠端桌面到 Mac OS X 。



$ ssh -N -f -L 9000:localhost:5900 user@MAC_OS_X_IP

其中 ssh 參數資訊

     -N     Do not execute a remote command.  This is useful for just for‐
             warding ports (protocol version 2 only).

     -f      Requests ssh to go to background just before command execution.
             This is useful if ssh is going to ask for passwords or
             passphrases, but the user wants it in the background.  This
             implies -n.  The recommended way to start X11 programs at a
             remote site is with something like ssh -f host xterm.

     -L [bind_address:]port:host:hostport
             Specifies that the given port on the local (client) host is to be
             forwarded to the given host and port on the remote side.  This
             works by allocating a socket to listen to port on the local side,
             optionally bound to the specified bind_address.  Whenever a con‐
             nection is made to this port, the connection is forwarded over
             the secure channel, and a connection is made to host port
             hostport from the remote machine.  Port forwardings can also be
             specified in the configuration file.  IPv6 addresses can be spec‐
             ified with an alternative syntax:
             [bind_address/]port/host/hostport or by enclosing the address in
             square brackets.  Only the superuser can forward privileged
             ports.  By default, the local port is bound in accordance with
             the GatewayPorts setting.  However, an explicit bind_address may
             be used to bind the connection to a specific address.  The
             bind_address of “localhost” indicates that the listening port be
             bound for local use only, while an empty address or ‘*’ indicates
             that the port should be available from all interfaces.

簡言之,-f 是背景執行,-N 是用在 port forwarding,-L 就是關鍵的東西,依序代表本地端 Port ,以及目的端 IP、Port,而最後接的那個 USER@IP 代表要透過的機器。

以我的情境來說,我將透過本地端 Port 9000 (此乃隨意自訂的 Port)建立一個 ssh tunnel 到 MAC_OS_X_IP 機器上,並在 MAC_OS_X_IP 機器上連到 localhost:5900 (5900是Mac預設的遠端桌面 Port)。所以就等同於在 MAC_OS_X_IP 機器上,連線 localhost (此指的是 MAC_OS_X_IP 機器) 的 Port 5900 。

最後,我在原先的那台機器,也就是 Ubuntu 上,僅需使用 VNC 連到 localhost:9000 即可導到 MAC_OS_X_IP:5900 進行登入的動作。


    changyy 發表在 痞客邦 留言(0) 人氣()