Second X session for VNC access
Alright, here's what I've got going on. I have a home computer/file server/gaming rig running ubuntu 10.04 that I want to use with a physical keyboard/mouse/monitor, via VNC from inside the network (using the same X session), and also from outside the network (what I need help with)
Currently, the system automatically logs in and starts vino-server with my standard user account, which is fine for local use and inside the network. For outside the network, I want to start a second X session, auto login a second (non-sudoers/wheel) user, and start Gnome (or XFCE4 would be awesome) at a lower resolution/color depth. That's mainly what I need help with, I've found guides on starting multiple sessions (even multiseat), but nothing about having two different users auto-login. That session would start tight vnc server on a different port then the default (something like 5950). That port would then be the only port forwarded through the firewall. Before anyone mentions VNC over SSH, restrictions in place on the windows client make that impossible. I have set up source IP filtering in my modem, but I'm not 100% confident that my crappy little westell 327w is going to outsmart a script kiddie. The reason I want to do this is to increase security and get rid of the annoyance of having to switch from 1680x1050 to 800x600 every time I log in, not to mention that it would be nice to have a background and be able to play with compiz. Can anyone help me out? |
You could add an entry to your rc.local to start a vnc session on boot, like
Code:
su username -c "vncserver -depth 8 -geometry 1024x768 :5" Code:
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup |
P.S. if using port forwarding just port forward your weird port number to the actual VNC port on your internal server, then you don't have to deal with modifying the connection port on the vnc server. If someone ran a port scan against you when they found port 5950 open they could get that the service running on it was VNC anyways, protection through obscurity isn't really all that possible. btw what restriction are in place on the windows client to prevent SSH, closed port? you could run ssh over a different port, no SSH client or download allowed? put putty on a USB key or CD. No admin rights, putty will run without them and should still be able to setup tunneling, at least it does on XP, as I have used it on a non-admin user account before. I can't speak for Vista or 7 though.
|
All times are GMT -5. The time now is 12:34 PM. |