Hello everyone,

I searched through the threads about Tightvnc but I still couldn't find my answer. I have redhat 7.3 and I installed both:

tightvnc-1.2.6-2.i386.rpm
tightvnc-server-1.2.8-1.i386.rpm

Now my question is...how do you run the application and set it up? Thanx for any advice and help out there. I greatly appreciate it


-twantrd

try this..
service vncserver start

if you want it to start on boot ( not recommended ) do this..
chkconfig vncserver on

to turn off..
service vncserver stop

to disable on bootup..
chkconfig vncserver off

If this is used on a non-trusted network you should use ssh

forward the vncserver port to the local machine, start vncserver when you get logged in, start vncviewer on the local machine connecting to the local forwarded port. close vncserver before logout.

just a suggestion

http://www.uk.research.att.com/vnc/sshvnc.html

here's an example


ssh -L 5900:localhost:5901 remotehost

enter the command to start server after login..
vncserver

now on the local machine

vncviewer localhost:5900
enter password

a window opens with the desktop in it

it might be a little faster if you use this

ssh -C -c blowfish -L 5900:localhost:5901 remotehost

Wow, thanx for your help guys...Ok, now I'm running the vncserver. How do I set it up so that if I log on using a web browser (port 80) I can see my home computer (running linux redhat with vnc)? Thanx again...if I can get this puppy up...you guys are the greatest!!

-twantrd

wait!

you want to have your desktop show in a browser on port 80?

what? No!

What?

Please don't do that

use this if it forwarded with ssh as shown above

http://localhost:5900

or if not

http://servername:5901

or forward the port to port 80 if you want, but I would not do that.

make sure you have no web server running there

Thanx, I understand the insecurity reasons for not forwarding to port 80. The reason why I wanted to do that is for testing only. I got the vncserver running and it works fine if i do this:

http://<my ip address:5801>

How would I configure vncserver so that it will listen to connections on port 80? Is there a file that I can edit? Thanx for the help..much appreciated

-twantrd

Actually you don't want to do anything to vnc, you just want to use iptables to redirect any connections to port 80 over to the port that vnc is already on.

so if the interface that poeple will connect to is eth0 and vnc is on 5901 then this will do it


iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5901

Hey David,

Thanx for the help, I'll try it. Hopefully this command works because im using ipchains. I'll let you know...thanx again!

-twantrd

no it won't work, it works with iptables

ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 5901

I have looked into this more today.

This is what I think is the best way to access your desktop from any browser on any OS without risk of giving people access.


first part is to use apache web server

here is the Virtual Host section of the httpd.conf

<VirtualHost *>
ServerAdmin admin@domain.com
DocumentRoot /var/www/unsecure/vnc
ServerName vnc.domain.com
ErrorLog logs/dcp-error_log
CustomLog logs/dcp-access_log common
</VirtualHost>


note the folder in this Virtual Host is /var/www/unsecure/vnc

the index.php file there contains the following

<?php
header("Location: https://vnc.domain.com");
exit();
?>


now this will redirect any connection by http to https which will secure the connection before login. Also all data is secure.

Here is the secure Virtual Host section of httpd.conf

<VirtualHost *:443>
Port 443
DocumentRoot "/usr/share/vnc/classes"
ServerName vnc.domain.com
ServerAdmin admin@domain.com
ErrorLog logs/vnc_ssl-error_log
TransferLog logs/vnc_ssl-access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


ok, this puts a browser connection to vnc.domain.com in the folder /usr/share/vnc/classes

now in that folder you need an index.html

example index.html

<HTML>
<TITLE>
VNC Desktop
</TITLE>
<APPLET CODE=vncviewer.class ARCHIVE=vncviewer.jar
WIDTH=800 HEIGHT=600>
<param name=PORT value=5902>
</APPLET>
</HTML>

The port here is an example of what you need if the vncserver is on vnc.domain.com:2

If you want more security to access the folder use something like this

<Directory /usr/share/vnc/classes>
Options +Indexes
AuthType Basic
AuthName vncUser
AuthUserFile /var/www/access/vnc/.htpasswd
EnableDelete Off
umask 007
require valid-user
</Directory>






If you want to get fancy with this I guess you could have a page where you login and it lets you start vncserver then connects you to the port it's on.

This is just the basics.

Here is an example,

note the secure connection icon in the vnc browser status bar

http://my.awesomenet.net/~phillips/i.../vncscreen.jpg

Wow, i'll give that shot, thank you very much david!!!

-twantrd