With 10.2, I could, without modifying my sshd config files, ssh into my computer and tunnel VNC through it. I used the command:
ssh -L 5901:remotehost:5900 user@remotehost
However, since upgrading to 10.3, attempting to run the vnc client gives an error in my ssh session:
channel 2: open failed: connect failed: Connection refused

(The ssh gives the error, not the vnc server or client.)

I'm sure I set up the vnc server right, and I think that this should work (it worked for me before).

Anyway, all help will be appreciated.

If it's an ssh error, start the ssh session with -v -v to get more details. If necessary, post the output here and we'll take a look.

Here is the ssh debug output:debug1: Connection to port 5900 forwarding to localhost port 5900 requested.
debug1: fd 8 setting TCP_NODELAY
debug1: fd 8 setting O_NONBLOCK
debug2: fd 8 is O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel_free: channel 2: direct-tcpip: listening port 5900 for localhost port 5900, connect from 127.0.0.1 port 33012, nchannels 3


This is using OSXvnc on the remote computer. When I try to connect to localhost:5900 from it (with no ssh forwarding) it works.

Can you ssh in normally, without doing any port forwarding? If you did a clean install of 10.3, your host key likely changed so you will need to update that on the remote machine.

Yes, I can ssh in normally. I can even do X11 forwarding over ssh after modifying my sshd_config file.

I have always used:

ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255

Replace 255.255.255.255 with proper addresses, this works for Connecting
to my Mac at home and to a Fedora Linux box at work without any
conf editing in 10.3.3.

I usually alias these in .bashrc to something easier to type.

Copy the contents of ~/.profile to ~/.bashrc then have the only line in
~/.profile as "source ~/.bashrc" then add all your shell variables and commands to ~/.bashrc.

example bashrc file
--------------------------------------------------------------
export PATH=$PATH:/Some/Custom/Path

alias remote='ssh -C -N -L 5900:255.255.255.255:5900 user@255.255.255.255'
--------------------------------------------------------------
By sourcing .bashrc from your .profile you ensure that your shell environment will be the same in X11 as it is in the Terminal.app.

-C enables compression, and -N is the "Do not execute a shell or command" option (whatever that means). There is no difference from that and the command I was executing. I'm still sure it's not a problem with my vnc server, as I can access it at localhost:5900 when I'm on my own computer.

The question should be, why do I get an ssh error when I try to connect?
channel 2: open failed: connect failed: Connection refused

Are you sure that the VNC server is running? Maybe show us the output from:$ ps -aux | grep -i vnc
root 284 0.0 0.1 18644 576 ?? S Mon03PM 0:00.01 sh /Library/StartupItems/OSXvnc/OSXvnc-keepalive /Users/stetner/Applications/OSXv
root 285 0.0 0.3 69544 2356 ?? S Mon03PM 0:00.25 /Users/stetner/Applications/OSXvnc.app/OSXvnc-server -rfbport 5900 -desktop strid
stetner 8344 0.0 0.0 18172 340 std S+ 9:21AM 0:00.01 grep -i vnc

$ netstat -na | grep 5900
tcp4 0 0 *.5900 *.* LISTEN

On your server.

Try -L 5900:127.0.0.1:5900 instead of -L 5900:localhost:5900.

I had the same problem then I read this suggestion somewhere. Apparently it is because OpenSSH is (now?) IPv6 aware, so you need to explicitly use an IPv4 address or it might get confused.

I actually had to use port 5901 cause it seems like remote desktop is now binding to 5900.

I spent WAAAAY too long trying to fix this problem. Hope it works for you.

Has anybody found a solution to this yet. I have exactly the same problem as the first poster.
I can VNC directly between the machines.
I can ssh between the machines fine, not using port forwarding.

I get the same connection refused error when I try port forwarding.

I'm running 10.3.3

Is it to do with IPv6 or sshd running as a service, two things new in Panther.

It's driving me nuts!

I might be talking to myself here, but this now works!
How? By installing Apples "Security update 2004-04-05" which amoung other things updates openSSH.
On the on the one hand i'm glad, on the other I'm annoyed that I spent a whole day trying to fix something that was an os bug.

I managed to get mine working as well.

What seems to be the problem (from all the different ways of doing this) was that osxvnc didn't like "localhost" as being part of the port forwarding command.

Whereas neither

ssh -L 5900:localhost:5900 foo@bar

nor

ssh -L 5900:bar:5900 foo@bar

worked,

ssh -L 5900:127.0.0.1:5900 foo@bar

did.

Very strange. And I can attest to the fact that that strange behavior only started in 10.3.

EDIT:

I just noticed that an above poster explained why. That is not very polite of openSSH. :P

Try -L 5900:127.0.0.1:5900 instead of -L 5900:localhost:5900.

I had the same problem then I read this suggestion somewhere. Apparently it is because OpenSSH is (now?) IPv6 aware, so you need to explicitly use an IPv4 address or it might get confused.

I just ran into this when trying to use Leopard's Screen Sharing utility with a Tiger (10.4.11) system. Once I used 127.0.0.1 instead of "localhost" I was able to make the connection without problems. Doing VNC port forwarding via SSH had never been a problem going from one Leopard system to another, even with "localhost".

I'd love to hear a good explanation for this. How could a Unix utility like ssh be even aware of whether "localhost" or 127.0.0.1 was used?

Dominik Hoffmann