@JKostaRibeiro
Connections refused and connections timing out indicate that the firewall on your mother's computer and/or the packet filter on her router are not configured to allow SSH and VNC connections. You need to set up port forwarding on her router; you
also need to allow SSH connections to pass through the router and her computer's external network adapter. It's better not to allow public VNC connections. Do what Eric said: route VNC through a SSH tunnel.
In brief, this is how you set up a standard SSH tunnel:
1) allow SSH through the firewall on your mother's router;
2) allow SSH through the firewall on your mother's computer;
3) set up port forwarding on your mother's router so that SSH is forwarded from the external interface of the router to her computer.
There are some third-party alternatives which make all this easier - Teamviewer for example - but if you're like me you might prefer not to have these remote sessions routed through a middleman. I have another way of setting up tunneling VNC through SSH if you can't get this working. The advantage of this method is that it is done in reverse: you configure the firewalls and port forwarding
at your end. Your mother doesn't have to go near any of this.
The above is a standard SSH tunnel setup; below is how you set up VNC through a reverse SSH tunnel:
1) set up an account on your own computer slackware01 for your mother, and create a public/private key pair with ssh-keygen so that she can log in to your computer securely. (If the remote user is reasonably competent they can create the public/private key pair themselves and send the public key to you by email. - this is the preferred way of doing it.)
Code:
root@slackware01# useradd -m momma && passwd momma
Code:
jkosta@slackware01$ su - momma
Code:
momma@slackware01$ ssh-keygen -t rsa -b 4096
Save the private key as momma_rsa and the public key as momma_rsa.pub.
2) Add the public key to her authorized_keys file in /home/momma/.ssh/
Code:
momma@slackware01$ mkdir ~/.ssh && cat momma_rsa.pub >> ~/.ssh/authorized_keys && chmod 0600 ~/.ssh/authorized_keys
3) Configure the firewall on your router and on your computer slackware01 to allow SSH to pass. Enable port forwarding on your router to forward SSH to slackware01. To minimize confusion I am going to assume you configure sshd on slackware01 to listen on 22022 instead of the standard port 22. This is specified in /etc/ssh/sshd_config. Make sure you adjust the firewall on the router and slackware01 accordingly; in other words, make sure your router allows traffic on port 22022 to pass and forwards this traffic to your computer. Make sure as well that netfilter/iptables on your computer is not blocking port 22022.
4) If you created the public/private key pair on your computer then transfer the private key momma_rsa to a USB memory stick or CD; don't leave it on your own computer. Bring it to your mother next time you visit; under no circumstances should you email it to her or send it over the public wire by any other means. Make sure you can log in to momma on slackware01 from your mother's computer slackware02, using the private key:
Code:
momma@slackware02$ mv /media/usb_drive/momma_rsa /home/momma/.ssh/ && chmod 0400 ~/.ssh/momma_rsa
Code:
momma@slackware02$ ssh -vv -p 22022 -i ~/.ssh/momma_rsa momma@slackware01
OK - that's the first part; you should now have public/private key SSH working and you should be able to log in to your home computer slackware01 from your mother's computer slackware02 without a password. If you can, then it is advisable to disable password authentication on your home computer slackware01, and while you're at it, disable Root logins as well:
Code:
# vi /etc/ssh/sshd_config
# PermitRootlogin Yes
PermitRootLogin No
# PasswordAuthentication Yes
PasswordAuthentication No
Code:
/etc/rc.d/rc.sshd restart
5) Now for the second part: connecting securely from a VNC client on your computer to a VNC server on your mother's computer by adding reverse tunneling to this SSH setup. First, install a VNC server on your mother's computer: I have always had success with TightVNC.
6) Create the following small script on momma's computer slackware02:
Code:
#!/bin/sh
# script name: support.sh
ssh -R 55901:localhost:5901 -i ~/.ssh/mommma_rsa -p 22022 -vv momma@slackware01-ip-address
######################################
#
# -R creates a reverse SSH tunnel
#
# 55901 is the port on slackware01 she will open when she runs this
# script
#
# 5901 is the port on slackware02 that the TightVNC server will be
# listening on
#
# -i specifies the identity file we created earlier. This allows
# your mother to log in to slackware01 securely.
#
# 22022 is the port sshd is listening on at slackware01; there is no
# need for a SSH server on slackware02
#
# -vv adds some verbosity so that if there are errors you can see
# where it's failing
#
# slackware01-ip-address is your own IP address; it might be easier
# for your mother if you just set up dynamic DNS if your public IP
# address is not static
#
#####################################
7) Make the script executable:
Code:
momma@slackware02$ chmod +x support.sh
8) Now when you return home this is what your mother has to do:
open a terminal and start the VNC server; no need for 24 or 32 bit colour.
Code:
momma@slackware02$ vncserver -kill :1 && vncserver -depth 15
This should kill any lingering vncserver sessions at :1 and create a new session at :1 (port 5901)
Then she runs the support.sh script
Code:
momma@slackware02$ ./support.sh
This will create a SSH tunnel to your computer and open port 55901 there. You can then open a VNC client at your end and connect to this port on localhost. The reverse SSH tunnel created by your mother means you will be routed to the VNC server listening on port 5901 at your mother's end.
Code:
jkosta@slackware01$ vncviewer -compresslevel 0 -quality 0 -depth 15 127.0.0.1:55901
It looks complicated but take it one step at a time and it will work for you. The beauty of this method is that the person at the remote end doesn't need to know anything about port forwarding or firewall configuration. Just find a way of getting the private key to them securely, set up the scripts on their PC and you handle all the awkward port forwarding and firewall stuff at your end.