Running Tightvnc
Hello everyone,
I searched through the threads about Tightvnc but I still couldn't find my answer. I have redhat 7.3 and I installed both: tightvnc-1.2.6-2.i386.rpm tightvnc-server-1.2.8-1.i386.rpm Now my question is...how do you run the application and set it up? Thanx for any advice and help out there. I greatly appreciate it -twantrd |
try this..
service vncserver start if you want it to start on boot ( not recommended ) do this.. chkconfig vncserver on to turn off.. service vncserver stop to disable on bootup.. chkconfig vncserver off If this is used on a non-trusted network you should use ssh forward the vncserver port to the local machine, start vncserver when you get logged in, start vncviewer on the local machine connecting to the local forwarded port. close vncserver before logout. just a suggestion http://www.uk.research.att.com/vnc/sshvnc.html |
here's an example
ssh -L 5900:localhost:5901 remotehost enter the command to start server after login.. vncserver now on the local machine vncviewer localhost:5900 enter password a window opens with the desktop in it |
it might be a little faster if you use this
ssh -C -c blowfish -L 5900:localhost:5901 remotehost |
Wow, thanx for your help guys...Ok, now I'm running the vncserver. How do I set it up so that if I log on using a web browser (port 80) I can see my home computer (running linux redhat with vnc)? Thanx again...if I can get this puppy up...you guys are the greatest!! :)
-twantrd |
wait!
you want to have your desktop show in a browser on port 80? what? No! What? |
Please don't do that
use this if it forwarded with ssh as shown above http://localhost:5900 or if not http://servername:5901 |
or forward the port to port 80 if you want, but I would not do that.
make sure you have no web server running there |
Thanx, I understand the insecurity reasons for not forwarding to port 80. The reason why I wanted to do that is for testing only. I got the vncserver running and it works fine if i do this:
http://<my ip address:5801> How would I configure vncserver so that it will listen to connections on port 80? Is there a file that I can edit? Thanx for the help..much appreciated :) -twantrd |
Actually you don't want to do anything to vnc, you just want to use iptables to redirect any connections to port 80 over to the port that vnc is already on.
so if the interface that poeple will connect to is eth0 and vnc is on 5901 then this will do it iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5901 |
Hey David,
Thanx for the help, I'll try it. Hopefully this command works because im using ipchains. I'll let you know...thanx again! :) -twantrd |
no it won't work, it works with iptables
ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 5901 |
I have looked into this more today.
This is what I think is the best way to access your desktop from any browser on any OS without risk of giving people access. first part is to use apache web server here is the Virtual Host section of the httpd.conf <VirtualHost *> ServerAdmin admin@domain.com DocumentRoot /var/www/unsecure/vnc ServerName vnc.domain.com ErrorLog logs/dcp-error_log CustomLog logs/dcp-access_log common </VirtualHost> note the folder in this Virtual Host is /var/www/unsecure/vnc the index.php file there contains the following <?php header("Location: https://vnc.domain.com"); exit(); ?> now this will redirect any connection by http to https which will secure the connection before login. Also all data is secure. Here is the secure Virtual Host section of httpd.conf <VirtualHost *:443> Port 443 DocumentRoot "/usr/share/vnc/classes" ServerName vnc.domain.com ServerAdmin admin@domain.com ErrorLog logs/vnc_ssl-error_log TransferLog logs/vnc_ssl-access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> ok, this puts a browser connection to vnc.domain.com in the folder /usr/share/vnc/classes now in that folder you need an index.html example index.html <HTML> <TITLE> VNC Desktop </TITLE> <APPLET CODE=vncviewer.class ARCHIVE=vncviewer.jar WIDTH=800 HEIGHT=600> <param name=PORT value=5902> </APPLET> </HTML> The port here is an example of what you need if the vncserver is on vnc.domain.com:2 If you want more security to access the folder use something like this <Directory /usr/share/vnc/classes> Options +Indexes AuthType Basic AuthName vncUser AuthUserFile /var/www/access/vnc/.htpasswd EnableDelete Off umask 007 require valid-user </Directory> If you want to get fancy with this I guess you could have a page where you login and it lets you start vncserver then connects you to the port it's on. This is just the basics. |
Here is an example,
note the secure connection icon in the vnc browser status bar http://my.awesomenet.net/~phillips/i.../vncscreen.jpg |
Wow, i'll give that shot, thank you very much david!!! :)
-twantrd |
All times are GMT -5. The time now is 06:22 AM. |