Linux-Tip News

We are proud to present the Linux-Tip Portal in a new design and hope you will find it helpful, whether you are new to Linux or a seasoned user. We will attempt to provide you with effective tips and tricks, or at least to point you in the direction of the help you may need. We would like to offer a great big "Thanks!" for their excellent work to Jommla!  and  to RocketTheme . Please enjoy Linux news and workshops. Feel free to send your comments and suggestions.
 
Home arrow Workshops arrow Server arrow Securing your VNC connection using SSH
Securing your VNC connection using SSH Print E-mail
Tuesday, 11 December 2007
VNC stands for Virtual Network Computing. It is remote control software which allows you to view and fully interact with one computer desktop using a VNC viewer on another computer desktop anywhere on the LAN or Internet. The two computers don't even have to be the same type, so for example you can use VNC to view a Windows XP desktop at the office on a Linux or Mac computer at home.
Once you are connected, traffic between the viewer and the server is unencrypted, and could be sniffed by someone with access to the intervening network. Is security imported to you, we recommend tunneling the VNC protocol through some more secure channel such as SSH. This workshop describes how to connect from a Windows XP client to a Linux (OpenSuse 10.3) server via VNC and to tunnel this connection using SSH.

 

 

StumbleUpon Toolbar Stumble It!

The workshop setup could look like this:

 


If you are trying to connect a VNC Server outside your LAN, make sure to configure the firewall correctly.  You should allow outbound connection via port 22.

Step1: Preparing the Linux server

We will use OpenSuse 10.3 as the server OS. The goal is to use the KDE desktop from a Windows XP client remotely. Use YAST to install the following additional packages:

tightvnc
xorg-x11-Xvnc

In addition to your manual selections, other packages will maybe change to resolve dependencies.

Start VNCServer as a regular user (not as root) from your console. You will require a password to access the desktop, so enter and verify it. Watch for messages on the screen. In our case susebox:1 is already taken by another process. We can access it later by typing susebox:2.

It is very important to verify the port on which VNC is running. Use the following command to check this:

netstat -tulpe

As you can see at the picture below, Xvnc is running on port 5902.

You can stop the VNC service using the following command:

vncserver -kill :<Display>

You can, for example, close the process we opened above like this:

vncserver -kill :2

Sometimes it is necessary to close the process manually. In this case, just delete the following files as root like this:

rm /tmp/.X11-unix/X1 or rm /tmp/.X11-unix/X2

and delete the files as a normal user like this:

rm /home/user/.vnc/susebox:2.pid   or  rm /home/user/.vnc/susebox:3.pid   


Finally we have to modify the xstartup script to start KDE automatically. You should find the script in the user’s home directory:

/home/user/.vnc

Open the file in your favorite editor and replace the line twn & with kde & (see picture below). You need to restart VNCServer to take the changes effect.


 
Step2: Preparing the Windows XP Client

We will need the following software to prepare the client site:

PuTTY
VNC Free Edition 4.1

PuTTY is a terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols. It was written and maintained primarily by Simon Tatham. PuTTY  is free and open source software. Please download the software here:


http://www.chiark.greenend.org.uk/~sgtatham/putty/

VNC has a wide range of applications including system administration, IT support and helpdesks. It can also be used to support the mobile user, both for hot desking within the enterprise and also to provide remote access at home, or on the road.
If you have never used VNC before, I recommend reading the documentation.

http://www.realvnc.com/products/free/4.1/index.html

Please download VNC Free Edition here:

http://www.realvnc.com/products/free/4.1/download.html


Ww just need the VNC Viewer on the client site. Please install it.

 
Step 3: Tunneling VNC using SSH and PuTTY

The rest is piece of cake. Start PuTTY and configure it like on the picture below.

First:
Host Name (or IP address): IP address of the VNC Server (your Linux box) Port: 22
Saved Sessions: Use a proper name the describe the connection

Second:
Click on SSH – Tunnels
Sorce port: Use the port on which VNC server is running (see step 1 – netstat command)
(e.g. 5903)

Destination: IP address ot the VNC Server (your Linux box): Port
(e.g. 192.168.100.34:5903)

Click on the “Add” button

Click on “Session” again and then “Save” to store it.

Click on “Open” the start the tunneling session. Use a regular user name and password to login to the Linux box.

Third:
Open VNC Viewer and type for server:

localhost:Display

(e.g localhost:3)

In a view seconds you should see a KDE session in your Viewer window. Use the remote connection like you would be sitting in front of your Linux box.

 







 

  

 
< Prev   Next >
[ Back ]

Bookmark this article

Main Menu

Home
Blog
News
Tips and Tricks
Workshops
Search
Contact Us
Disclaimer

Virus Info Feed

Alexa Traffic Stats


Urlaub Spanien