In the blog post Tunnelling RealVNC over a firewall with OpenSSH, I shared how I used SSH to carry VNC traffic so that I could connect to my machine at home from the office.

There were occasions when I needed to connect to the office back from home. At that time, ArcSight was renting an office space from another company, and got a shared IP. With a shared office and shared IP,  of course, you're not going to get a port forward. And that's how SSH gets into the picture. SSH is able to allow port forwarding once you've configured it up properly.

So, one of the techniques I used to connect back to the office involved a little trick - that I send an email to initiate a OpenSSH tunnel from the office back to my home.

How I accomplished this was as follows:

  • Configure SSH to allow port forwarding.
  • Set up an email rule that recognizes certain keywords, which then opens a SSH tunnel back to my home.
  • Send the email so that the email rule gets triggered.
  • At the home PC, using netstat -an or Microsoft / Sysinternal's TCPView utility, watch for a SSH connection to appear, and note its IP address.
  • Open a VNC connection back to the office!

With the above setup, I was able to connect from my home to at least 4 machines back in the office.

So, that's how I managed to achieve a VNC connection from an unknown IP (the office), back to a known IP (my home).