AllThingsGeek

Just another WordPress.com weblog

Tag: ssh

Using SSH and x11vnc to tunnel VNC between Linux hosts — December 1, 2012

Using SSH and x11vnc to tunnel VNC between Linux hosts

/noccy80/Leave a comment

This is the natural followup to the old article I wrote about tunnelling VNC from a thumb drive in Windows. The setup is simple:

For the client you need nothing but ssh and a VNC client, Ubuntu comes with “vinagre” (in the menu it can be found as “Remote Desktop Viewer”) which works out of the box, but there are plenty of alternatives such as gtkvncviewer, gvncviewer and xtightviewer. Check your package manager.

For the server you need the openssh-server package as well as x11vnc.

The connection itself can be done with a one-liner:

$ ssh -L5900:127.0.0.1:5900 user@host.com "DISPLAY=:0.0 x11vnc -listen 127.0.0.1"

The -L switch tells ssh to set up a local forwarding on port 5900. The endpoint of this tunnel will be 127.0.0.1:5900 on the remote side, which is where x11vnc is instructed to listen for connections. This ensures that it will only accept local connections and not connections from the internet.

The DISPLAY=:0.0 statement sets the DISPLAY environment variable for x11vnc, telling it to use the default X session. You can leave this line out, but not with guaranteed success. Furthermore, if x11vnc in its logging output gives you something other than PORT=5900 on Ubuntu you most likely already have the “vino-server” running. To fix this, try the following instead:

$ ssh -L5900:127.0.0.1:5900 user@host.com
...
host.com$ killall -9 vino-server
host.com$ DISPLAY=:0.0 x11vnc -listen 127.0.0.1

If the problem persists, try to determine what process is listening on port 5900:

noccy@noccy-aspire:~$ netstat -lp | grep 5900
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp        0      0 *:5900                  *:*                     LISTEN      10772/x11vnc

And then, if appropriate, kill them off with kill -9 pid, in the above example kill -9 10722.

Once x11vnc is up and running and listening on the appropriate port, open your VNC viewer application and connect to 127.0.0.1:5900. You should now see the remote Linux desktop. The x11vnc server will close when the viewer disconnects, so there is no need to kill it afterwards.

To do this all with a single script:

#!/bin/bash
if [ -z $1 ]; then
echo "Use: `basename $0` [user@]host"
exit 1
fi
ssh -L5900:127.0.0.1:5900 $1 "DISPLAY=:0.0 x11vnc -listen 127.0.0.1" &
sleep 5
vinagre 127.0.0.1:5900

This script will wait 5 seconds for the SSH connection to be established, you might need more depending on the connection and remote host.

Note: The $ and host.com$ in the examples above represent the local and remote prompts and should not be included in your command line.

Using PLink and VNCViewer to connect over SSH — April 22, 2009

Using PLink and VNCViewer to connect over SSH

/Noccy/2 Comments

Just finished configuring my USB flashdrive for tunneled remote desktop connection. Just for the heck of it. It’s quite elegant; along with my PortableApps setup is also a few little batch files. One of these are called “startvnc.bat”. Simple and obvious name. What it does is quite elegant. It starts by running plink (the Putty SSH Link client) to establish the encrypted tunnel using my private key file. It then waits for 10 seconds, and proceeds with opening up vncviewer with the proper profile.

Instant remote desktop without me having to do anything but unlock my thumb drive.

@echo off
if "%1"=="" goto launch
echo Establishing SSH tunnel...
start /B \bin\plink -i \conf\host.ppk -C -N -ssh -L 5905:host.net:5900 noccy@host.net
ping -n 10 localhost > nul
echo Connecting to VNC desktop...
\bin\vncviewer /config \conf\host.vnc
echo Closing tunnel...
\bin\taskkill /im plink.exe > nul 2>1
\bin\taskkill /f /im plink.exe > nul 2>nul
exit
:launch
start /min vncview.bat connect
exit

The downside would be that you can’t run more than one tunnel since plink is terminated afterwards. The first goto-line is in order to spawn a new minimized window. Nice and clean, and fully automagic.

Ingredients needed:

  • \bin\plink.exe – from the putty download site
  • \bin\puttygen.exe – from the putty download site
  • \bin\taskkill.exe – found in \windows\system32 on any xp system
  • \bin\vncviewer.exe – the tightvnc viewer application

Steps to get it working for you:

  1. I’m going to assume that you have already got a working VNC server running on a machine with an OpenSSH setup. If not, set up the VNC server and adopt these instructions for whatever server you’re using.
  2. Start puttygen; generate a new key. You can leave the password box empty if you feel your flash drive is secure enough.Copy the chunk from the textbox, and add it to your ~/.ssh/authorized_keys. If this file doesn’t exist, create it.
  3. Save the private key to \conf\hostname.ppk and copy the listed binaries into your \bin\ folder. Also copy and modify the script to use the proper keyfile and hostname.
  4. I’m tunneling from port 5905 (display 5) to port 5900 (display 0) in this script, so create a VNC configuration file from within the TightVNC Viewer. Save it as \conf\hostname.vnc and open it in notepad. Change port to 5905 and hostname to “localhost”.
  5. You should now be able to run the script. VNC should open up in 10 seconds after running it.

NOTE! Saving keyfiles without passwords or saving the VNC password on an unencrypted flash drive is not a good idea.

Design a site like this with WordPress.com
Get started