Working at home with ssh port-forwarding, qemu/kvm and vnc

Sometimes I work at home because I don't want to get constantly bothered by people barging into my room with trivial requests etc. Every time someone barges into my room, I find that regaining my focus takes too much effort.

To actually get any work done, I made it possible for me to log into the system by punching a hole in the firewall for ssh traffic. I increased the security by disallowing password authentication and forcing asymmetric encryption authentication, i.e. 2048-bit rsa public key authentication, where I am the sole owner of the private key. Above all, I also limited the number of (internet) locations where this private key can be used, by putting this in the public key (authorized_keys):

from="*.this.is.my.isp.tld" ssh-rsa MEH...

At my work we work a lot with ssh and virtual machines. We use linux/qemu/kvm. Kvm can be initialized with the "-vnc :N" parameter, where N is a positive integer. This creates a vnc session on the vmhost. For instance, if one were to use krdc and N is 1, the invocation command would look like something like this:

user@vmhost~$ krdc vnc://vmhost:5901

The rule is to add N to 5900. That's how you find the port. You can also run a vnc client on the local network to view the vnc stream. This is very convenient because you're not stuck with one port for multiple vmguests.

user@somewhere~$ krdc vnc://vmhost:5901

To make things easier for yourself when working at home, you could port-forward this very remote vnc port to your own localhost with this invocation:

user@athome~$ ssh -f -N -L 6001:vmhost_internal_ip_addr:5901 firewall_ip_addr
user@athome~$ krdc vnc://localhost:6001

The parameters "-f -N" forces this ssh client session in the background. The relevant part is the "-L" parameter. The L probably stands for local, there is also an R counterpart that port-forwards a local port to a remote port.

This is a form of tunneling where a remote port in some remote (local) area network,  could be plugged in directly into your localhost as if this service is running on your local machine.

This trick also applies to other tcp-based protocols, for instance the standard rdp (remote desktop protocol) port. For instance you have some windows machines you would like to log on to, as if they are running on you local machine, you do the following:

user@athome~$ ssh -f -N -L 4489:windows_machine_ip_addr:3389 firewall_ip_addr
user@athome~$ krdc rdp://localhost:4489

Voila! Instant connection to a worksite windows machine. This trick also applies to windows machines using putty.