SSH tunnel handling like what tigervnc does

[je-vv]

Some remote servers are disallowed to enable remote VNC connections, given not all VNC servers allow encryption (some paid solutions do, but not all). So one must run the server with -localhost to allow only connections from the same machine (no remote connections). So if one wants establish a connection one must use a SSH tunnel. That regardless there's a VPN preventing unencrypted remote access.

In such situations, if not using tiegervnc, one must create the SSH tunnel manually, like:

ssh -NfL 59<num>:127.0.0.1:59<num> <user>@<server>

Or:

ssh -NfL 59<num>:127.0.0.1:59<num> <ssh_host>

Where <ssh_host> is the Host one might define on ~/.ssh/config, specifying for it the full domain name of the server, the user to connect and more, to make SSH related things way easier, by specifying just the defined host.

Notice one needs to find out the SSH process ID for that tunnel, if one wants to kill it with the kill utility. Once the tunnel is up and running, the way to call the client is with:

wlvncc localhost 59<num>

I've alredy tested this BTW.

When creating the VNC session, one can specify the port to be used, which always starts with 59and the reminder of the port number is what one can specify, that's why I'm using 59 as the port number previously.

Creating the tunnel manually can be automated, but killing it requires first finding out the tunnel PID. It's not that complex, but it's not a easy like looking for a SSH process or tunnel, since one might be connected through SSH to remote SSH sessions, or one can actually have different SSH tunnels.

So, tigervnc has made it really easy to create and kill the SSH tunnel for the user, so one doesn't need to deal with SSH manually. All one needs to do with tigervnc is (replacing vincviewer with wlvncc, and also using the wlvncc server and port in different args rather than the common <server>:<port> single arg used by tigervnc client):

wlvncc -via <user>@<server> localhost 59<num>

Or :

wlvncc -via <ssh_defined_remote_host> localhost 59<num>

This way the SSH tunnel is not created neither killed manually, and wlvncc would handle that for the user, just like how tigervnc client does it for the users.

This would be really really useful. And allows using *.desktop files calling xlvncc + wofi for example, very easily.

At this point, actually I prefer to use tigervnc client, which is not wayland native, than wlvncc, just because of the nice SSH tunnel handling provided by tigervnc. This would be really really useful, and would actually allow me to use a wayland native VNC client.

Many thanks !

[any1]

It should be possible to create a shell script for this; something like (not tested):

#!/bin/bash

set -e

main()
{
    local host="$1"
    local port="$2"
    shift; shift

    ssh -NL 1337:localhost:$port $host &
    local sshpid=$!

    trap "kill $sshpid" INT QUIT TERM EXIT

    wlvncc localhost:1337 $@
}

main $@

Then you'd invoke it like my-vnc-ssh-script.sh remote-host.net 5900