Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-22-2003, 09:04 PM
|
#1
|
LQ Newbie
Registered: Aug 2003
Distribution: Mandrake 9.1
Posts: 19
Rep:
|
how to use vnc with ssh ?
I think the subject says everithing. I can't find how to make it work. I've been searching the net for some time and didn't find anything that is clear enough for me to understand.
|
|
|
08-22-2003, 11:46 PM
|
#2
|
LQ Newbie
Registered: Aug 2003
Posts: 7
Rep:
|
I use tightVNC, works great, runs on any OS, etc. It might even be in the repository, so try "urpmi tightvnc" before googling.
So your question is about tunneling ssh with vnc, here's how:
0. Install tightvnc on _both_ machines. The rpm contains "vncserver", "vncviewer", and a couple of others, these two are the ones you need.
1. ssh into the remote machine and start a "vncserver" session. There are a number of options to pay attention to, such as "--depth" which is bit depth (16, 24, 32, etc) and "-geometry" for size (do "vncserver --help" to see them all). These are the values that the vncviewer will see, and the window size and depth that will appear on you desktop remotely. Here's an example:
<code>vncserver -depth 16 -geometry 1280x1024</code>
Smaller values will have less lag over the net, depending on your connection.
You will see something like the following output:
<code>New 'X' desktop is my.server.net:1</code>
The ":1" is the desktop number. you will need this later when opening the local viewer. You can always find it again with "ps -aux", listed after the process "Xvnc".
NOTE: You should only have to do this first step once, as long as the vncserver session stays up on the server machine. In future sessions, you can skip this step.
2. Now, on the local system, set ssh to create a "Listening" (-L) port link to the server.
<code>ssh -L 5091:my.server.net:5901 my.server.net</code>
This says "set up an ssh Listen connection from local port 5901 to port 5901 (this is Xvcn desktop #1, 5092 would be #2, 5093 would be 3, etc) on my.server.net".
You are now set to tunnel ssh!
3. Start the vncviewer localy using the remote Xvcn desktop #.
<code>vncviewer my.system.net:1</code>
This says, "open vncviewer into my.system.net on desktop #1.
You should get a desktop now, using the depth and geometry sizes you specified on the server. You can change these, or simply create another vncserver on the remote system. TightVNC will just make a desktop #2, #3, #4, etc.
Best of luck, I hope this is clear.
G
|
|
|
08-22-2003, 11:47 PM
|
#3
|
LQ Newbie
Registered: Aug 2003
Posts: 7
Rep:
|
oops
Haha, this forum must not accept <code> tags!
Everything surrounded by <code> </code> is intended to be entered in a shell. Sorry.
G
|
|
|
08-23-2003, 04:22 PM
|
#4
|
LQ Newbie
Registered: Aug 2003
Distribution: Mandrake 9.1
Posts: 19
Original Poster
Rep:
|
" ssh -L 5091:my.server.net:5901 my.server.net " is all I have to do to make a ssh tunnel ? after one is created, how can I remove it ? And how can i use the desktop currently used on the server ?
|
|
|
08-23-2003, 04:39 PM
|
#5
|
LQ Newbie
Registered: Aug 2003
Distribution: Mandrake 9.1
Posts: 19
Original Poster
Rep:
|
and how can we know that we are using a ssh tunnel ?
|
|
|
08-23-2003, 05:10 PM
|
#6
|
Member
Registered: Feb 2002
Posts: 322
Rep:
|
VNC doesn't have to be this complicated.
Mandrake comes with tightvnc. You can use Mandrake's control center to add software that came on the CD's. Go into the software management section, click on the "add software" icon and search for Vnc.
From a SSH prompt, you can create a vnc session. Many of the parameters are optional. The command is "vncserver". The "display" starts at 0 or 1 (can't remember which) and increments based on the number of existing sessions. "vncserver" alone will create a default session, if I recall. Whatever user you're logged into on the console is the user the Xvnc session will run under.
The "display" or "socket" determines what port VNC listens on. If you create a session on display 1, the port is 5901. If you create a session on display 54, then the port will be 5954 (ex. "vncserver :54"). You don't have to specify port when you connect, but if you need the port forwarded through a firewall, that is how you determine which port to send through.
You do need "vncviewer" on the computer you are connecting FROM and the complete VNC software package on the computer you are connecting TO. If the source machine is a windows workstation, the VNC viewer on www.realvnc.com works wonders (my fav. implementation of VNC).
Once the viewer pops up, just type the address in, and the display or socket (ex. "100.2.10.5:1" or whatever). If your target machine is using socket/display 0, then specifying the socket/port isn't necessary (ex. "100.2.10.5").
If you have questions, send me a note...
MSN messenger..."jasonsbailey@hotmail.com"
email..."tisource_webmaster@yahoo.com"
|
|
|
08-23-2003, 05:17 PM
|
#7
|
LQ Newbie
Registered: Aug 2003
Posts: 7
Rep:
|
answers
As long as the server is running on the remote system, all you have to do to tunnel ssh with vnc is:
Code:
ssh -L 5901:myserver.net5901 myserver.net
Then in another shell:
Code:
vncserver mysever.net:1
The 59xx ports are what VNC uses on its own (or at least tighVNC, others may be different). The "xx" should match the vncserver desktop number, so:
5900 == desktop 0
5901 == desktop 1
etc
In my experience, VNC on Linux uses 1 (5901) first, whereas the MSFT versions uses 0 ( 5900). Just a default, and likely becasue MSFT is not great at hosting multiple instance of almost anything. I'm sure there is also a way to specify the port/desktop# if needed.
How do you know that you are tunneling ssh? You can, if you want, do a port scan and see that port 22 (ssh) is the only one available. ssh is creating a listening connection over the port you specify in the "ssh -L" command. As far as I know, it can be used to tunnel all sorts of other protocols as needed. 80 is httpd, 21 is ftp, etc.
If you wanted, you could also open the appropriate ports (59xx) and do it directly, but you'de be creating a potential security risk. Some people do this in a LAN setup behind a firewall. I did this for a while when I had a headless MSFT box at home.
G
|
|
|
08-23-2003, 05:18 PM
|
#8
|
LQ Newbie
Registered: Aug 2003
Posts: 7
Rep:
|
code
Note that the code tags are working...it uses a "[" instead of "<",
G
|
|
|
08-30-2003, 01:20 AM
|
#9
|
LQ Newbie
Registered: Aug 2003
Posts: 3
Rep:
|
The solution above isn't tunneling, as you arent' connecting to vnc over an ssh tunnel, your connecting directly to the vncserver on 5901... To "tunnel", you'd have to connect to your localhost on a port, which then tunnels through via SSH to the vncserver port...
Here's how:
well, first, zaseny's option isn't actually tunnelling vnc... Since all you did at the end was open vnc and connect to remoteort, you're just connecting directly through to the vnc server.
Here's a full walkthrough, enable tunnelling via PuTTY over SSH:
Download/install PuTTY on the local computer, and also the vncviewer.
Launch PuTTY. The opening window should have the Session option. Click on the SSH radio button. In the Host Name (or IP address) field, enter the IP address of the remote computer.
For the sake of argument, let's assume that the IP address is
123.456.789.123.
Choose Tunnels suboption in the SSH option.
In the Source port field, enter some arbitrary port number, e.g. 4901.
In the Destination field, enter the IP address of your remote computer and
the port, e.g. 123.456.789.123:5901.
The unix version of vnc uses the port 5900 + display number, so the
first display number is 5901 usually.
The format of the destination is the IP address, colon, port number, as
given in the example above. Make sure local is selected with the radio button at the bottom.
Now click on the Add button.
Go back and click on the Session option, and save this session so you
won't have to re-enter all the information.
Click on the Open button at the bottom of the window, and you'll be able
to connect to your remote computer.
Enter the user name (case sensitive) and the password of your
user account (or passphrase for RSA/DSA keyusers)
If everything is fine, you'll be connected to your remote computer.
Now launch vncviewer on the local computer and enter localhost:4901 and
click the OK button.
If you're not prompted for the password for vnc, then either you're not
running vncserver on your remote computer or some information was
incorrectly entered in PuTTY setting.
|
|
|
08-30-2003, 12:40 PM
|
#10
|
LQ Newbie
Registered: Aug 2003
Posts: 7
Rep:
|
Yikes
Right. I'm looking at my post again and realizing my error. The last step is wrong.
So for Linux (non-putty), assuming your remote machine "myserver" is already running a vncserver session (on "desktop #1", default).
Code:
ssh -L 5901:myserver:5901 myserver
Tells ssh, essentially, to forward connections to port 5901 on the local machine to port 5901 on myserver.
So now we connect vncviewer to our localhost 5901, not myserver's 5901 directly:
Code:
vcnviewer localhost:1
This was the wrong step.
VNC now thinks we are connecting to our local 5901 port, but ssh is forwarding (tunneling) this port connection to myserver's 5901.
G
|
|
|
All times are GMT -5. The time now is 03:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|