Hello, I need to connect to a linux machine behind secure network from my mobile phone. I do this from my other computers by connecting to an ssh server on that network (its port is open), and forwarding ports (for SSH and VNC) with Bitvise client, or the openssh client. I tried to do the same from my phone, and got various different results from different apps:
1. SSH Tunnel did not manage to create the tunnel at all - complete failure, just freezes.
2. SSH Autotunnel created the tunnel properly, but after that, I could not connect any SSH/VNC client using the forwarded ports on localhost (tried both "localhost" and "127.0.0.1" since my hosts file is a mess and I am sure that the ports are correct - I am getting "Connection Refused").
3. ConnectBot manages to connect to the SSH server, but disconnects upon entering the absolutely correct password.
Is it possible to install openssh on android? Also, the need for VNC arises from the fact that I normally just forward X over ssh to another linux box, but android doesn't use X server.
Could the issue be that android has some firewall that blocks my attempts? I haven't installed any of my own.
Thanks in advance for any help.
Sounds like it's blocked. If you could make it work on port 80 instead of 22, then you might be able to get somewhere.
Related
I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!
afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.
Hi,
Is it possible to use a port other 3389 with the Terminal services client?
Or is this hardcoded into the client ?
Thanks
Rob
No its not possible. Also the server always runs on port 3389.
lutzs said:
No its not possible. Also the server always runs on port 3389.
Click to expand...
Click to collapse
REALLY!
Please explain ? As we run a multiple server network with Terminal services running on various port from 3385 up to 3399. We also change the default port on our workstations (XP prof) from 3389 This a well documented item. You then specify in Terminal server client:- IPORT. Example: 84.234.456.789:3396. Use it everyday!
Rob
two ways that you can do this:
1: on the host machine, regedit to here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Terminal Server\WinStations\RDP-Tcp
Find "Portnumber" and open. Click on "Decimal" and change to the desired port. The PC will now listen on your specified port number for incoming terminal service requests.
2: If you have a router you can use port redirection. (virtual servers etc)
Specify the ext port number (eg. 3390) then the int port number (3389) then the IP address of your target PC. This will redirect all traffic recieved on port 3390 to port 3389 to your specified internal IP address.
To access remotely for example using remote desktop connection, enter your IP address (or dynamic DNS address) followed by :3390
Hope this helps
J
Thanks Codiac,
So you can't specify the port in terminal services client connection box (as per a Full size PC runing XP Prof) only as a registery change.
Your piccy is right, you can enter IP addresses followed by a port number.
eg: 81.33.44.55:3399
The problem with, for example XP Pro is that it will only listen on 3389 by default, the registry change is necessary if you want to access more than 1 PC on a network.
As per your piccy, once you have edited the registry to a chosed port, the PC will then listen on that port (eg. :3390).
I personally use Option 2, this requires no change to the registry of a PC, the router does the redirection for you.
for example:
PC 1 = 192.168.0.1
PC 2 = 192.168.0.2
To access PC 1 allow a rule in the router to pass port (external) 3389 to (internal) 3389 to 192.168.0.1
To access PC 2 allow rule in router to pass port (external) 3390 to (internal) 3389 to 192.168.0.2
this way, when you open the remote desktop connection client and enter say, 81.44.231.22:3390 the router will see 3390 and redirect it to 3389 straight to 192.168.0.2
Hope this helps
J
Hi Codiac.
I think I'm confusing you here. Port change, at the host is not the problem. Either by router redirection, or registry edit of the listening port of the HOST. Its the CLIENT in Win mobile 5 wont let you specify a port when connecting to a host. You can with a registery edit of the Win mobile client on the Pocket PC, change the port, but not at connection IP 'time'
Rob
If using T-Zones services, you get access to only few ports. However, ports like SSL and FTP are blocked. Is it possible to use a personal proxy server to get access to all unblocked ports somehow? Just thinking of an idea.
- TKN
tariq_niazi said:
If using T-Zones services, you get access to only few ports. However, ports like SSL and FTP are blocked. Is it possible to use a personal proxy server to get access to all unblocked ports somehow? Just thinking of an idea.
- TKN
Click to expand...
Click to collapse
Well mate if you are referring to using the t-zones as a free connection or hacking it then it was done and t-mobile during a big upgrade all but closed that gap. I myself have been trying for a loop hole through this as well because if they want to give me t-zones for free why not be able to utilize it fully . I do pay my cell bill every month .. lol
T-zones ssh proxy forwarding
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
It's relatively simple what you saying here ...but I can't understand what is the function of squid ...I don't know how you change the Skype(or other software like IM+, Agile messenger, Palringo, wmirc etc.) settings to connect using localhost port 8118 (or any other port).
Few month ago I tried something like this based on this tutorial http://forum.xda-developers.com/showthread.php?t=316890 ...but without succes ...
drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
One other advantage of doing it this way is that ll your activity goes down a secure encrypted tunnel and so is unsniffable.
breakx said:
It's relatively simple what you saying here ...but I can't understand what is the function of squid ...I don't know how you change the Skype(or other software like IM+, Agile messenger, Palringo, wmirc etc.) settings to connect using localhost port 8118 (or any other port).
Few month ago I tried something like this based on this tutorial http://forum.xda-developers.com/showthread.php?t=316890 ...but without succes ...
Click to expand...
Click to collapse
Yes it takes a while and some resources to make this work but it can save you a lot on T-mobile's slow EDGE network.
Squid is a caching proxy which runs under linux, windows, etc. I use it to have complete encrypted web access that is cached and I use it for remote pc connections as well as windows mobile. You could also use Privoxy to have an ad and spyware filtering proxy. I do not use Squid for any other apps such as Skype or Remote Desktop.
The forum link you included is a great example of how to setup this type of connection and it's a much better description. I wish I had found it a while ago.
I can't speak for every application and its ability to select a port, however here is how Skype works. After installing Skype you have to first login to Skype using a normal internet connection such as through ActiveSync or WiFi. After Skype login completes, you open the options menu and fill in the proxy port number. Then you can disconnect and use the pocketputty method. Remote desktop is even easier, you just open a new connection and goto the address "localhostortnumber".
Way beyond me. I wish I understood because this sounds like exactly what I have been looking for.
drkmfdm said:
Yes there is a way to do this.
And yes I have got this to work. Now I run skype, AIM, Remote Dektop, etc. from my T-zones EDGE connection. It is kind of slow though for things like Skype.
This is not intended to be easy, however if you spend enough time, you should be able to get it to work.
Here is the concept (For Windows XP),
Host an ssh server and a proxy server on your home computer.
I use copSSH for an ssh server (google it) and squid for windows for a proxy server (again google it and read the documentation!)
Set the ssh server to run on port 80 or port 143 (valid t-zones ports).
Set the proxy server to run on port 8118 (I just like that port number).
Use an ssh client on your windows mobile phone (such as pocketputty dev build 2007-02-28) (again, google).
Configure the ssh client to connect to your home ssh server via port 80 or 143
On the tunnel tab of pocketputty, add the ports you need to get to and direct them to localhostortno
For example, Port 8118 is my proxy server so I have tunnelled port 8118 to localhost:8118
Now I manually connect to my EDGE T-Zones connection, I run pocketputty and connect to my home server. I then login with my user credentials to my ssh server and everything validates and I get a bash shell. Now I run Skype Mobile and change it's settings to connect using an https proxy of localhost with port 8118.
You can do this with any port, such as Remote Desktop (port 3389)
then you just open Remote Desktop client on your phone and connect to the the address localhost:3389 (or localhost)
I know this is a bit much but it's not exactly a point and click process for now, so only try this if you are pretty sure you know your way around ports, ssh, and tunneling. You could always read a lot about it online if you are not. That's what I did.
Click to expand...
Click to collapse
Sounds wonderful ................
Now can you please add some pictures and make a sweet how-to . I am sure many on the site will be happy to see your work . And I for one an very interested in it.
i don't know what kind of application you use on your pocket. But if your applications (like skype, fetchmail ) are able to use a socket server, you can go through easily via restricted ports of your provider.
I installed a socks server listening on an opened port, so now i can use skype and read my mails via this server.
Socks server :
With linux install : "dante"
With XP I don't know, but you can use "socksproxy" for tests (found on xda...). Take care this software is not secure ( or intall a DMZ with a firewall)...
I ported my ReelPortal video conference to Android recently. It's reported to be working well on the Viewsonic G Tablet with certain ROMs. It also works on the Archos 70/101. So I believe it would work on the A7 as well.
Anyhow, my app is published on AppLibs, or you can get it from the G Tablet thread here:
http://forum.xda-developers.com/showthread.php?t=908613
Please provide feedback if you try it. Thanks.
FYI,
It does work on my LAN on the A7. I just did a video chat between my Notebook (Win7 64bit) and the A7 using the Linux server code on my home Linux server.
Before opening (port forwarding) anything through my firewall, other than the TCP port the server runs at, does anything else need to be configured (ie - UDP forwarding, etc.)?
Also, any change you will change the server code to force a password to prevent unauthorized access from others if you run your own server?
Thanks,
J
rosenbj said:
FYI,
It does work on my LAN on the A7. I just did a video chat between my Notebook (Win7 64bit) and the A7 using the Linux server code on my home Linux server.
Before opening (port forwarding) anything through my firewall, other than the TCP port the server runs at, does anything else need to be configured (ie - UDP forwarding, etc.)?
Also, any change you will change the server code to force a password to prevent unauthorized access from others if you run your own server?
Thanks,
J
Click to expand...
Click to collapse
Good question regarding UDP forwarding, but unfortunately I don't have an answer. P2P mode uses UDP, and besides the ReelPortal server, it also requires access to the Adobe Cirrus server, which generate a certain key string, allowing the clients to see each other. But I haven't test P2P mode in my home server, since I set up an external dedicated server.
With regard to a password for server, I'll have to think a little more on it. Thanks for bringing it up though.
Update from http://forums.adobe.com/message/2630255
in order to connect to Stratus (aka Cirrus) and to make P2P connections to other clients, you MUST allow all UDP ports > 1023. if you restrict UDP ports, you may no longer connect to Stratus, and you probably won't connect to other clients.
I'm thinking of adding an optional "subkey" parameter to the server:
> server-linux 192.168.1.1 subkey=ABC
If subkey is defined, then all clients logging into the server must have a Key that contains the "ABC" string, e.g "123ABC456", or "ABCxxxxxx", etc.
What do you think of this approach?
I honestly don't know what I'm doing. All I know is that all the things I've tried so far didnt work.
Can someone guide me on how to set this up on my NookColor?
My PC and NookColor share the same wifi connection via an Airport Exteme router. I know that there are two IP Address: one form y router, which I can see on www.whatismyip.com and the other is my computer's which I can see via cmd > ipconfig. So, my question is-- how do I set this thing up? Any step by step procedure?
What have you already tried? Also what version of OS are you using, some versions of windows have RDP kneecapped. Also, where are you trying to view it from?
If you already have RDP going, you can use Wyse PocketCloud to manage the connections through your google account, it's pretty straight-forward.
Personally, I use TightVNC as the desktop client and AndroidVNC Viewer and ConnectBot on the nook. I only use my home computer when at home, so the setup is fairly simple, have AndroidVNC talk to myipaddress using port 5900. Be sure to use the connecting password when you set up TightVNC - also check the character count as you enter it, sometimes it doesn't take all the characters, ie; the password "bob-ismyuncle" is stored as "bob-ismy".
For connections remotely (not on the same network) I first SSH into the machine with ConnectBot, then set up a port forward to localhost:5901 which AndroidVNC then connects to.
Also, has anyone tried NX?
I'll assume you're a windows user?
Make sure RDP is enabled on your PC (google it, really easy to enable)
If BOTH machines are connected to your network... get the PC's IP address (via cmd ipconfig) and connect to it using the RDP port (3128 on Windows)... ex: "192.168.100.199:3128"
If you want to use RDP away from home, you need to configure your router to forward any external connections on the RDP port directly to your PC. Then you'll want to connect using your external (router's) IP address. Ex: 111.222.333.444:3128 => 192.168.100.199:3128 .... then connect to "111.222.333.444:3128"
I like LogMeIn free and logMeIn Ignition great little app. also teamviewer has a free version and free app for android