Novell Doc: Novell ZENworks 7.2 Linux Management Administration Guide - SSH Tunneling between a Linux Management Console and a Linux Managed Device

J.1 SSH Tunneling between a Linux Management Console and a Linux Managed Device

If you are using Linux, SSH clients and servers are freely available on the internet. The SSH client and server RPMs can be downloaded from the OpenSSH site..

J.1.1 Basic Use

SSH provides you with a “Secure SHell” to the remote device. All traffic is encrypted between the two devices using public key encryption techniques, making it very difficult for anyone else to spy on it. When SSH is installed, you could connect to a managed device from elsewhere simply by running the SSH client. For example, if you want to connect to a managed device called “work.” you use the following command:

ssh work

You are then prompted for the password of your account on the managed device and you are logged in, just like a telnet session, but safer. You can also request that it listens on a particular port on your local management console and forwards that down the secure connection to a port on a managed device at the other end. To do this, use the following command:

ssh -L x:work:y work

This starts an SSH connection to a device named “work” and also listen on port x on the local management console, and forwards any connections there to port y on “work.”

Remote Management uses two ports on the managed device. By default, the Remote Control service listens on port 5950 and the Remote Login service listens on port 5951. If you want to enable SSH tunneling for Remote Control, you need to forward Remote Management data from a port on your local management console to 5950 of managed device.

Similarly, you should forward data to 5951 if you want to tunnel Remote Login:

If you are running Remote Control service on “work” on 5950 and you want a secure connection to it from your local management console, you can start the SSH session using:

ssh -L 5952:work:5950 work
Any connections to port 5952 on your local management console would actually connect to 5950 on “work,” so instead of running a vnc viewer as:

vncviewer work:50

run it as follows:

vncviewer localhost :52

Figure J-1 Linux Console to Linux Managed Device with Tunneling

NOTE:If you are using the Linux VNC viewer to connect via SSH, when the viewer connects to a server on the local management console, by default it uses VNC’s pixel encoding because this generally gives better performance for local access. If this server is actually an SSHD redirecting the data for another workstation, you can override this using the -tight option to the viewer or you can send a lot more data over the network.