I have noticed that lately, for about the last 6–8 weeks, Windows has been acting strangely.
I would install the Microsoft-provided (Settings → System → Optional features → View or edit optional features) OpenSSH server. I would set up config files and authorized keys in %ProgramData%\ssh and make sure that the OpenSSH server service starts automatically and is started. For a little bit I could connect to it from my Mac with ssh. I would install UltraVNC, set an 8-character password, and would be able to connect to that, as well. I would tweak the advanced Windows Firewall settings for incoming connection requests, so that connections to Port 5900 (the port VNC servers listen on) are blocked. This prevents the weak password from getting exploited, but tunneling the connection through an SSH connection prevents the VNC traffic from being eavesdropped on. The UltraVNC server sees the incoming VNC connection coming out of the ssh tunnel as originating from localhost, which is why the WindowsFirewall doesn’t touch it. This would work, but not for long. Literally minutes later, my ssh and VNC connections would get refused.
As of today I think I know why. A recent Windows update appears to block all incoming connections, including pings. This is the case, even when the network type is set to Private. I have to put in an explicit rule for allowing ping’s ICMP connections through.
Would something similar have taken effect for all other connections, including my ssh and VNC connection attempts? I am confused. I still find the public/private dichotomy somewhat confusing, but have gotten pretty well used to it.
Question
mfessler 0
I would install the Microsoft-provided (Settings → System → Optional features → View or edit optional features) OpenSSH server. I would set up config files and authorized keys in %ProgramData%\ssh and make sure that the OpenSSH server service starts automatically and is started. For a little bit I could connect to it from my Mac with ssh. I would install UltraVNC, set an 8-character password, and would be able to connect to that, as well. I would tweak the advanced Windows Firewall settings for incoming connection requests, so that connections to Port 5900 (the port VNC servers listen on) are blocked. This prevents the weak password from getting exploited, but tunneling the connection through an SSH connection prevents the VNC traffic from being eavesdropped on. The UltraVNC server sees the incoming VNC connection coming out of the ssh tunnel as originating from localhost, which is why the WindowsFirewall doesn’t touch it. This would work, but not for long. Literally minutes later, my ssh and VNC connections would get refused.
As of today I think I know why. A recent Windows update appears to block all incoming connections, including pings. This is the case, even when the network type is set to Private. I have to put in an explicit rule for allowing ping’s ICMP connections through.
Would something similar have taken effect for all other connections, including my ssh and VNC connection attempts? I am confused. I still find the public/private dichotomy somewhat confusing, but have gotten pretty well used to it.
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.