Tuesday Jan 11, 2005
Tuesday Jan 11, 2005
I knew this area is well documented. However, I still had to search through forums to find the missing information. So, to show my appreciation, I wanted to put this quick notes together. This is very rough. Feedbacks are welcome.
Disclaimer: This instruction is provided AS-IS. Try them at your own risk. For support, try online forums, which will be much faster than what I can do.
Background Information:
For VNC, please see http://www.realvnc.com/
For SSH, please see http://www.openssh.com/
Where do I get the software?
For VNC, you can get it from http://www.realvnc.com. If you use Linux, you may already have it. Just do a which command to verify.
For SSH, I assume it is already installed. It is available out-of-box for Solaris 9 or better and Red Hat Linux. If not, go to http://www.openssh.com to download a copy or use package management commands such as apt-get or emerge. For windows client, use PUTTY. See http://www.chiark.greenend.org.uk/~sgtatham/putty/
How do I install VNC?
For VNC, If you download the software from realvnc.com, you can either follow the installation instruction by running the installation script. What I did for Solaris distribution was keeping all files in a user home directory. Make sure you update your PATH environment variable so that the user you want to use for running VNC server have access to it.
How do I configure the VNC Server?
For VNC on RedHat Enterprise Linux 4 beta 2, this is what I did:
* su to root
* Un-comment the following lines in /etc/sysconfig/vncservers
VNCSERVERS="1:myusername"
VNCSERVERARGS[1]="-geometry 800x600"
* su to user you will use for connecting to VNC server
* Run the vncpasswd command to set the password.
* Restart VNC Server. Ex: /etc/init.d/sshd restart
For VNC on Solaris, here is what I did:
* In order for VNC to work correctly with SSH, change AllowTcpForwarding parameter to yes in /etc/ssh/sshd_config. Ex: AllowTcpForwarding yes
* To start VNC server:
o su to the user that has access to VNC software (if you installed in a user home directory) or use a user of your choice.
o Run vncserver -geometry 800x600
How do I establish a SSH tunnel?
Below is the command format that I used to establish a SSH tunnel between my client machien and the SSH server machine. Replace SSH_SERVER with the appropriate host name or IP. Replace USER_NAME with the appropriate user name.
/bin/ssh SSH_SERVER -l USER_NAME -L 5901:localhost:5901 -N -f
The above command will drop to background (due to -f option) and you should have your prompt back. Sometimes you may need to change localhost with an IP address, i.e. 127.0.0.1 If you setup your VNC server other than 5901, adjust this command accordingly. To find out which port your VNC server is open at, see VNC server log in .ssh directory in your user home directory on the server side.
How do I verify that the SSH tunnel is valid?
One way to verify the tunnel is to telnet localhost at 5901 (i.e. telnet localhost 5901). You should see a RFB... line.
What if I am behind a proxy server?
Check with your network administrator for socks proxy server information. SSH can use a socks proxy server. The one that I am using is specific to my environment and therefore it is useless for public sharing at this time. At least I can say that I use -o option to add proxy information.
How to I use VNC over a SSH tunnel?
Just point your VNC client (vncviewer) to localhost:1 or localhost:5901. Then you should be asked to enter a password. If you get an error, check if the tunnel is valid (see above). You can also double check the port number that the VNC server listens (i.e. netstat -a |grep LISTEN). You may also want to make sure that you set a VNC password using vncpasswd command.
What if I want to connect to a VNC server that is within a private net protected by a gateway running SSHD?
SSH can also do forwarding, try the following command:
/bin/ssh SSH_SERVER -l USER_NAME -L 5901:MY_VNC_SERVER_HOST:5901 -N -f
Please note the difference between the earlier ssh command, "localhost" is replaced in the -L option to the IP/host name of your VNC server.
Comments or Suggestions? Please feel free to leave me one!
Background Information:
For VNC, please see http://www.realvnc.com/
For SSH, please see http://www.openssh.com/
Where do I get the software?
For VNC, you can get it from http://www.realvnc.com. If you use Linux, you may already have it. Just do a which command to verify.
For SSH, I assume it is already installed. It is available out-of-box for Solaris 9 or better and Red Hat Linux. If not, go to http://www.openssh.com to download a copy or use package management commands such as apt-get or emerge. For windows client, use PUTTY. See http://www.chiark.greenend.org.uk/~sgtatham/putty/
How do I install VNC?
For VNC, If you download the software from realvnc.com, you can either follow the installation instruction by running the installation script. What I did for Solaris distribution was keeping all files in a user home directory. Make sure you update your PATH environment variable so that the user you want to use for running VNC server have access to it.
How do I configure the VNC Server?
For VNC on RedHat Enterprise Linux 4 beta 2, this is what I did:
* su to root
* Un-comment the following lines in /etc/sysconfig/vncservers
VNCSERVERS="1:myusername"
VNCSERVERARGS[1]="-geometry 800x600"
* su to user you will use for connecting to VNC server
* Run the vncpasswd command to set the password.
* Restart VNC Server. Ex: /etc/init.d/sshd restart
For VNC on Solaris, here is what I did:
* In order for VNC to work correctly with SSH, change AllowTcpForwarding parameter to yes in /etc/ssh/sshd_config. Ex: AllowTcpForwarding yes
* To start VNC server:
o su to the user that has access to VNC software (if you installed in a user home directory) or use a user of your choice.
o Run vncserver -geometry 800x600
How do I establish a SSH tunnel?
Below is the command format that I used to establish a SSH tunnel between my client machien and the SSH server machine. Replace SSH_SERVER with the appropriate host name or IP. Replace USER_NAME with the appropriate user name.
/bin/ssh SSH_SERVER -l USER_NAME -L 5901:localhost:5901 -N -f
The above command will drop to background (due to -f option) and you should have your prompt back. Sometimes you may need to change localhost with an IP address, i.e. 127.0.0.1 If you setup your VNC server other than 5901, adjust this command accordingly. To find out which port your VNC server is open at, see VNC server log in .ssh directory in your user home directory on the server side.
How do I verify that the SSH tunnel is valid?
One way to verify the tunnel is to telnet localhost at 5901 (i.e. telnet localhost 5901). You should see a RFB... line.
What if I am behind a proxy server?
Check with your network administrator for socks proxy server information. SSH can use a socks proxy server. The one that I am using is specific to my environment and therefore it is useless for public sharing at this time. At least I can say that I use -o option to add proxy information.
How to I use VNC over a SSH tunnel?
Just point your VNC client (vncviewer) to localhost:1 or localhost:5901. Then you should be asked to enter a password. If you get an error, check if the tunnel is valid (see above). You can also double check the port number that the VNC server listens (i.e. netstat -a |grep LISTEN). You may also want to make sure that you set a VNC password using vncpasswd command.
What if I want to connect to a VNC server that is within a private net protected by a gateway running SSHD?
SSH can also do forwarding, try the following command:
/bin/ssh SSH_SERVER -l USER_NAME -L 5901:MY_VNC_SERVER_HOST:5901 -N -f
Please note the difference between the earlier ssh command, "localhost" is replaced in the -L option to the IP/host name of your VNC server.
Comments or Suggestions? Please feel free to leave me one!