Page 3 of 13 FirstFirst 12345 ... LastLast
Results 21 to 30 of 130

Thread: HOWTO: Reverse VNC

  1. #21
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Reverse VNC

    Quote Originally Posted by krunge View Post
    Here is some more related information: http://www.karlrunge.com/x11vnc/#faq-singleclick
    including SSL tunnelling with stunnel.
    This is an excellent guide. Very comprehensive --- I wish I knew about it a long time ago. Thanks for writing it and posting the link.

    -Dave

  2. #22
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Reverse VNC

    Quote Originally Posted by widjajayd View Post
    thank you for guide

    but I have problem with this.

    24/11/2006 13:30:02 The VNC desktop is mywokstation:0
    PORT=5900
    24/11/2006 13:30:02 Making connection to client on host xxx.dyndns.org port 5500
    24/11/2006 13:30:02 connection failed: Connection refused
    24/11/2006 13:30:02 reverse_connect: xxx.dyndns.org:5500 failed

    any idea how to fix this, thanks.
    As a follow-up to this post, I just noticed that after installing Beryl/XGL I now get this error message when I try to connect. When I logout and select the 'Gnome' session, the problem goes away, so there may be an issue reverse-VNCing to a computer running Beryl/XGL/AIGLX.

    -Dave

  3. #23
    Join Date
    Dec 2006
    Beans
    810

    Re: HOWTO: Reverse VNC

    As a follow-up to this post, I just noticed that after installing Beryl/XGL I now get this error message when I try to connect. When I logout and select the 'Gnome' session, the problem goes away, so there may be an issue reverse-VNCing to a computer running Beryl/XGL/AIGLX.
    This should be equivalent to typing:
    Code:
    telnet xxx.dyndns.org 5500
    in a shell. It's hard to believe a window manager/desktop would affect that--but I'll believe anything these days...

    BTW, there are some bugs with Beryl/XGL and XDAMAGE that effect x11vnc: http://www.karlrunge.com/x11vnc/faq.html#faq-beryl that may require the -noxdamage option to be used. I'm not sure how hard folks are working to fix this bug... which is a shame because XDAMAGE use gives a nice improvement in responsiveness and less CPU usage for x11vnc.
    Last edited by krunge; January 28th, 2009 at 02:23 AM.

  4. #24
    Join Date
    Sep 2005
    Location
    Austin, TX
    Beans
    925
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: HOWTO: Reverse VNC

    Great guide, but you could improve by giving instructions for a secure encrypted connection with ssh rather than an unencrypted one that anyone could sniff and see whats going on.

    Is there anyway to do a reverse ssh connection? I was thinking of locking my computer up with a firewall and just having it send a reverse connection to me every hour by the cron daemon, and if I have a client listening, I will get the connection, otherwise nothing happens.

  5. #25
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Reverse VNC

    @fakie_flip:

    True, security is an issue. Karl Runge has a very comprehensive guide on x11vnc. I believe he is the person that developed the application and has provided a link on how-to make a secure reverse connection here:

    Quote Originally Posted by krunge View Post
    Here is some more related information: http://www.karlrunge.com/x11vnc/#faq-singleclick
    including SSL tunnelling with stunnel.
    I have not tried Karl's method, but he does have a recent update as of April '07 that allows user's to specify "-ssl SAVE" to the command instead of using stunnel. The version in the Feisty repos does not appear to have the version with the -ssl option, so you would need to use the stunnel option or compile from source. Again, this may prove to be cumbersome for the person requiring the assistance.

    There may also be a noticeable performance hit. When I used to use VNC over SSH, I found the performance very sluggish. Now, I use NX machine for remote access to my machine, in addition to the standard SSH & SCP utils.

    My main goal for this how-to is providing some remote troubleshooting support for friends and family with minimal effort on the remote side, especially when they don't have the knowledge or capability to setup port-forwarding on their firewall. My unsecured method may just allow the support person enough access to configure a secure alternative using stunnel or VNC over SSH.

    Another option is to SSH to another user's terminal session using 'screen':
    http://ubuntuforums.org/showthread.php?t=299286

    Basically, it allows you to "share" a terminal window so that the remote user can see what you're typing. The downside is that the remote user needs to setup SSH server and possibly forward port 22 to their desktop.

    -Dave

  6. #26
    Join Date
    May 2006
    Location
    Milwaukee,WI
    Beans
    6,282
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: HOWTO: Reverse VNC

    Quote Originally Posted by dbott67 View Post
    Now, I use NX machine for remote access to my machine, in addition to the standard SSH & SCP utils.

    -Dave
    I know this is off topic, but can you please inform me exactly what version of nxserver, nxnode, nxclient you're using and on what os's you've tried the client from. ALso, whether or not you use a custom public/private key pair (meaning NOT the default one) or do you juse use password authentification? Thank you. Then, if you do use a custom key pair, can you maybe start a new thread for me or post in the current Nxserver thread how exactly you did it? I would and I am sur eother users, would really appreciate that.

  7. #27
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Reverse VNC

    Hi Dannyboy79,

    I use the following versions of NX on Feisty:
    Code:
    dbott@feisty:~$ ls -all | grep nx
    drwxr-xr-x  6 dbott dbott     4096 2007-05-21 09:04 .nx
    -rw-r--r--  1 dbott dbott  3492870 2007-04-22 21:07 nxclient_2.1.0-17_i386.deb
    -rw-r--r--  1 dbott dbott  5144890 2007-04-22 21:06 nxnode_2.1.0-22_i386.deb
    -rw-r--r--  1 dbott dbott  4970714 2007-04-22 21:05 nxserver_2.1.0-22_i386.deb
    I just use the SSH authentication:
    Quote Originally Posted by From NX Admin Manual
    4. NX Server Authentication
    Starting from version 1.5.0, NX is configured by default to allow access for any system user, as long as the user provides valid credentials for the SSH login...
    I'm the only user & SSH runs on a non-standard port, plus I run DenyHosts (just in case).

    -Dave

  8. #28
    Join Date
    May 2006
    Location
    Milwaukee,WI
    Beans
    6,282
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: HOWTO: Reverse VNC

    I am assuming that your above statement means you just use password auth correct? meaning you DON'T have a public/private key pair to log into your ssh server nor for your nxclient correct? Which os's have you tried the client on? WinXP, Ubuntu???

  9. #29
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Reverse VNC

    Correct, just password auth.

    I have used nxclient from:

    1. my laptop (multiboot: WinXP Pro and Ubuntu 6.10. I also have Vista Ultimate, Windows 2003 Server and Windows MCE installed, but I've never tried it)
    2. my desktop (Ubuntu 7.04)
    3. work (Win XP Pro)

    I can try it from Vista and/or Windows 2003 for you, if you require some sort of confirmation.

    As for the public/private key for SSH, I have found a couple of good documents that explains the pros of using his method, however, they all seem to assume that you'll be using the same machine for remote access. In my case, I may want to access my home system remotely from an unknown system. For example, let's say I'm visiting a friend and want to SSH from there so that I can access some files or documents.

    I'm guessing that the public/private keys work best for "known clients" and require some setup (importing of keys & what-not). Without access to the private key, remote access is impossible.

    For this reason, I use password only authentication in conjunction with a non-standard port and DenyHosts.

    -Dave

  10. #30
    Join Date
    May 2006
    Location
    Milwaukee,WI
    Beans
    6,282
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: HOWTO: Reverse VNC

    well, what you do is put the public key on all the remote machines that you'll be accessing (and leave the private key within your ~/.ssh/ folder) so that just means that if you want to access your machine (which now is considered a remote machine), you make sure that your authorized_keys file is your public key and that you have your private key with you, like on a usb key or what have you. I pretty much use putty from most all the remote machines I connnect from since they are mostly winbloz, so I have used puttygen to make a .ppk private key file and I just have it saved on my 1gb usb key and I log into my machine using that. Then if I come across a linux computer, then I just install ssh if it's not installed yet and instead of saving my private key to that machine (very insecure) then I use the -i option and specify where the id_rsa file is located. Per man ssh:

    -i identity_file
    Selects a file from which the identity (private key) for RSA or
    DSA authentication is read. The default is ~/.ssh/identity for
    protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for proâ
    tocol version 2. Identity files may also be specified on a per-
    host basis in the configuration file. It is possible to have
    multiple -i options (and multiple identities specified in configâ
    uration files).

    So that's pretty much public/private key pairs in a nut shell. The problem arises because you can't have a passphrase for your key pair and have it work with Nxclient for some reason so you need to have a passphraseless key pair which in my miind kind of defeats the purpose. And I also have always had trouble even getting a custom key pair to work with Nxserver but I'll check out the link you provided. THanks for all your help and answers and patience with me.

Page 3 of 13 FirstFirst 12345 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •