[opensuse] Krdc-Krfb KDE4 authentication problem
I cannot establish Remote Desktop Connection on two SuSE 10.3 KDE systems connected by Ethernet cable to a common speedtouch modem. On one system I start Krfb and Create Personal Invitation which presents Host address and Password. On the other system I start Krdc, click Connect to a VNC Remote Desktop, and type the Host address in the Remote desktop: vnc field. I get the Host Config panel and press OK. I get a blue empty panel but NOT a Password panel. So I cannot type the password given on the first system and the connection times out. I cannot find the reason - there are many unclear issues in the Handbooks by Brad Hards. Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, May 13, 2008 at 12:11 PM, Robert W Best <rwbest@sapo.pt> wrote:
I cannot establish Remote Desktop Connection on two SuSE 10.3 KDE systems connected by Ethernet cable to a common speedtouch modem.
On one system I start Krfb and Create Personal Invitation which presents Host address and Password.
On the other system I start Krdc, click Connect to a VNC Remote Desktop, and type the Host address in the Remote desktop: vnc field.
I get the Host Config panel and press OK. I get a blue empty panel but NOT a Password panel. So I cannot type the password given on the first system and the connection times out.
I cannot find the reason - there are many unclear issues in the Handbooks by Brad Hards.
Robert --
Most likely a firewall issue on the target machine. You never get the password prompt till krdc establishes a connection. If it can't make a connection you won't see the password screen. Temporarily turn off your suse firewall on the target and try again. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 13 May 2008 20:30:51 John Andersen wrote:
On Tue, May 13, 2008 at 12:11 PM, Robert W Best <rwbest@sapo.pt> wrote:
I cannot establish Remote Desktop Connection on two SuSE 10.3 KDE systems connected by Ethernet cable to a common speedtouch modem.
On one system I start Krfb and Create Personal Invitation which presents Host address and Password.
On the other system I start Krdc, click Connect to a VNC Remote Desktop, and type the Host address in the Remote desktop: vnc field.
I get the Host Config panel and press OK. I get a blue empty panel but NOT a Password panel. So I cannot type the password given on the first system and the connection times out.
I cannot find the reason - there are many unclear issues in the Handbooks by Brad Hards.
Robert --
Most likely a firewall issue on the target machine. You never get the password prompt till krdc establishes a connection. If it can't make a connection you won't see the password screen.
Temporarily turn off your suse firewall on the target and try again.
-- Right, now it works. So it is not enough to allow YaST / Network Services / Remote Administration
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way? Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, May 14, 2008 at 4:06 AM, Robert W Best <rwbest@sapo.pt> wrote:
On Tuesday 13 May 2008 20:30:51 John Andersen wrote:
On Tue, May 13, 2008 at 12:11 PM, Robert W Best <rwbest@sapo.pt> wrote:
I cannot establish Remote Desktop Connection on two SuSE 10.3 KDE systems connected by Ethernet cable to a common speedtouch modem.
On one system I start Krfb and Create Personal Invitation which presents Host address and Password.
On the other system I start Krdc, click Connect to a VNC Remote Desktop, and type the Host address in the Remote desktop: vnc field.
I get the Host Config panel and press OK. I get a blue empty panel but NOT a Password panel. So I cannot type the password given on the first system and the connection times out.
I cannot find the reason - there are many unclear issues in the Handbooks by Brad Hards.
Robert --
Most likely a firewall issue on the target machine. You never get the password prompt till krdc establishes a connection. If it can't make a connection you won't see the password screen.
Temporarily turn off your suse firewall on the target and try again.
-- Right, now it works. So it is not enough to allow YaST / Network Services / Remote Administration
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way?
Yes. Configure her firewall to allow port 590xx inbound. (I think its 5900, better check for sure). Run Netstat on her machine to see which port is actually used. Since its password protected with no known vulnerabilities in the wild the risk is rather minimal. Most of the time starting a service also opens a firewall port, but apparently not always. If her machine is linux, why not just use ssh? -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 14 May 2008 21:57:59 John Andersen wrote:
Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
One known: the password is transmitted in clear text, and so is the whole connection, which means if you su to root (for example), the root password is easily read by anyone with access to a router along the way NX is better for going across the internet, since it's tunneled over ssh. Normal vnc is really only for a local LAN Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, May 14, 2008 at 1:02 PM, Anders Johansson <ajh@rydsbo.net> wrote:
On Wednesday 14 May 2008 21:57:59 John Andersen wrote:
Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
One known: the password is transmitted in clear text, and so is the whole connection, which means if you su to root (for example), the root password is easily read by anyone with access to a router along the way
NX is better for going across the internet, since it's tunneled over ssh. Normal vnc is really only for a local LAN
Password is not transmitted at all. http://www.vnc.com/support/faq.html#security (assuming Krdc follows the protocol). But you are correct, the session is cleartext. Still, ssh makes so much more sense, which is why I suggested it. It takes very little more to run Krdc thru a ssh tunnel if you have to look at the remote desktop in real time to help a user. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, May 13, 2008 at 12:11 PM, Robert W Best <rwbest@sapo.pt> wrote:
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way?
On Wednesday 14 May 2008 21:02:37 Anders Johansson wrote:
On Wednesday 14 May 2008 21:57:59 John Andersen wrote:
Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
One known: the password is transmitted in clear text, and so is the whole connection, which means if you su to root (for example), the root password is easily read by anyone with access to a router along the way
No, I want my sister to start Krfb, press Personal Invitation and tell me by phone the password for Desktop Sharing. If she has to turn off her firewall, I will first guide her by phone, before we start Desktop Sharing.
NX is better for going across the internet, since it's tunneled over ssh. Normal vnc is really only for a local LAN
Anders
Is a GUI available for NX ? Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen <jsamyth@gmail.com> wrote
On Wednesday 14 May 2008 20:57:59 Robert W Best <rwbest@sapo.pt> wrote:
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way?
Yes. Configure her firewall to allow port 590xx inbound. ... Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
I'd like to follow your advice. But how? YaST / Security and Users / Firewall: Interfaces and Allowed Services look rather complicated. I'm not sure how to edit my own firewall settings. I can tell my sister by phone how to turn off her firewall but I'm not able to tell her how to edit settings.
If her machine is linux, why not just use ssh?
It is SuSE 10.3 KDE, I installed it. Is a GUI available for ssh? Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert W Best wrote:
John Andersen <jsamyth@gmail.com> wrote
On Wednesday 14 May 2008 20:57:59 Robert W Best <rwbest@sapo.pt> wrote:
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way? Yes. Configure her firewall to allow port 590xx inbound. ... Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
I'd like to follow your advice. But how? YaST / Security and Users / Firewall: Interfaces and Allowed Services look rather complicated. I'm not sure how to edit my own firewall settings. I can tell my sister by phone how to turn off her firewall but I'm not able to tell her how to edit settings.
If her machine is linux, why not just use ssh?
It is SuSE 10.3 KDE, I installed it. Is a GUI available for ssh?
your-machine $ ssh -X sisters-machine [a shell starts on your sister's machine using the terminal on your machine] sisters-machine $ yast2 [the yast graphical interface controlling your sister's machine opens its display on your machine] Use the same procedure for any other graphical application. Does that make sense? Cheers, Dave
Robert
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 15 May 2008 12:05:09 Dave Howorth wrote:
Robert W Best wrote:
John Andersen <jsamyth@gmail.com> wrote
On Wednesday 14 May 2008 20:57:59 Robert W Best <rwbest@sapo.pt> wrote:
I am in Portugal and I'd like to monitor the laptop of my sister in Holland if she needs help. But I don't like that she has to turn of her firewall completely. Is there a less insecure way?
Yes. Configure her firewall to allow port 590xx inbound. ... Since its password protected with no known vulnerabilities in the wild the risk is rather minimal.
I'd like to follow your advice. But how? YaST / Security and Users / Firewall: Interfaces and Allowed Services look rather complicated. I'm not sure how to edit my own firewall settings. How do I configure my firewall to allow port 5900 inbound?
I can tell my sister by phone how to turn off her firewall but I'm not able to tell her how to edit settings.
If her machine is linux, why not just use ssh?
It is SuSE 10.3 KDE, I installed it. Is a GUI available for ssh?
your-machine $ ssh -X sisters-machine
[a shell starts on your sister's machine using the terminal on your machine]
sisters-machine $ yast2
[the yast graphical interface controlling your sister's machine opens its display on your machine]
Use the same procedure for any other graphical application.
Does that make sense? Theoretically yes, but how do I identify the machines? If I need IP addresses, how do I get them?
Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, May 18, 2008 at 12:59 AM, Robert W Best <rwbest@sapo.pt> wrote:
Does that make sense? Theoretically yes, but how do I identify the machines? If I need IP addresses, how do I get them?
Robert
http://www.dyndns.com/services/dns/dyndns/ Allows you to run a small daemon which will update the IP associated with a machine-name. Such as SisterInHolland.boldlygoingnowhere.org Opensuse supplies the client ( ddclient ), and Dyndns.org supplies the free service so that you never have to know IPs. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 18 May 2008 09:18:52 John Andersen wrote:
http://www.dyndns.com/services/dns/dyndns/
Allows you to run a small daemon which will update the IP associated with a machine-name. Such as SisterInHolland.boldlygoingnowhere.org
Opensuse supplies the client ( ddclient ), and Dyndns.org supplies the free service so that you never have to know IPs.
I got an alias for my machine and I hope that Dyndns keeps track of its changing IP addresses. But how do I get an alias for my sisters machine address? If she has to do it herself I'm afraid that the problem becomes worse ... Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 05/18/2008 08:47 PM, Robert W Best wrote:
I got an alias for my machine and I hope that Dyndns keeps track of its changing IP addresses.
But how do I get an alias for my sisters machine address? If she has to do it herself I'm afraid that the problem becomes worse ...
Robert
Since you can get her IP, and assuming you have root access, you could install and configure ddclient. You would add her machine to your dyndns account as a second machine. You could install and configure her machine initially by ssh -X <IP of her machine>, and after it is working, ssh -X <dyndns name for her computer>. If her IP address changes, ddclient will update dyndns, so getting her by name works still. HTH. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 05/18/2008 08:47 PM, Robert W Best wrote:
I got an alias for my machine and I hope that Dyndns keeps track of its changing IP addresses.
But how do I get an alias for my sisters machine address? If she has to do it herself I'm afraid that the problem becomes worse ...
Robert
Since you can get her IP, No, that's my problem! I don't know how to get even my own IP, but
On Sunday 18 May 2008 14:09:20 Joe Morris wrote: thanks to John Andersen who pointed me to Dyndns I've now an alias.
... and assuming you have root access, you could install and configure ddclient. You would add her machine to your dyndns account as a second machine. You could install and configure her machine initially by ssh -X <IP of her machine>, and after it is working, ssh -X <dyndns name for her computer>. If her IP address changes, ddclient will update dyndns, so getting her by name works still. HTH.
Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Robert W Best <rwbest@sapo.pt> [05-18-08 09:29]:
On Sunday 18 May 2008 14:09:20 Joe Morris wrote:
Since you can get her IP,
No, that's my problem! I don't know how to get even my own IP, but thanks to John Andersen who pointed me to Dyndns I've now an alias.
Getting her IP is as simple as having her email you and you examining the headers of that email. Her IP *should* be the first non-local quad from the message text (thats bottom to top). as:
From xxx@xxx.biz Wed May 14 08:43:59 2008 Return-Path: <xxx@xxx.biz> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on wahoo.no-ip.org X-Spam-Level: X-Spam-Status: No X-Original-To: pat Delivered-To: pat@wahoo.no-ip.org Received: by wahoo.no-ip.org (Postfix, from userid 1000) id F23C116DDBD; Wed, 14 May 2008 08:43:58 -0400 (EDT) Received: from pop-server.indy.rr.com [71.74.56.46] by wahoo.no-ip.org with POP3 (fetchmail-6.3.2 polling pop-server.indy.rr.com account pshanahan) for <pat@localhost> (single-drop); Wed, 14 May 2008 08:43:58 -0400 (EDT) Received: from hrndva-mxlb.mail.rr.com ([10.128.255.4]) by hrndva-imta10.mail.rr.com with ESMTP id <20080514124139.EMOA15032.hrndva-imta10.mail.rr.com@hrndva-mxlb.mail.rr.com>; Wed, 14 May 2008 12:41:39 +0000 X-IronPort: hrndva-mx01.mail.rr.com 671708876 X-RR-Connecting-IP: 68.79.175.157 Received: from 68-79-175-157.ded.ameritech.net (HELO bmw2k3ex1.BMWC.CORP) ([68.79.175.157]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ by hrndva-mxlb.mail.rr.com with ESMTP; 14 May 2008 12:41:39 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C8B5BF.F0BB1FB0" Disposition-Notification-To: "xxx, xxx" <xxx@xxx.biz> Subject: Thursday Training and Practice Date: Wed, 14 May 2008 08:42:16 -0400 Message-ID: <6D23AF3F5B762B4D93139A12F9594B60DB827B@bmw2k3ex1.xxx.xxx> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Thursday Training and Practice Thread-Index: Aci1v+7QqkS4hj1eTLe3ZD9p3qbnPA== From:
-- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 18 May 2008 14:43:57 Patrick Shanahan wrote:
* Robert W Best <rwbest@sapo.pt> [05-18-08 09:29]:
On Sunday 18 May 2008 14:09:20 Joe Morris wrote:
Since you can get her IP,
No, that's my problem! I don't know how to get even my own IP, but thanks to John Andersen who pointed me to Dyndns I've now an alias.
Getting her IP is as simple as having her email you and you examining the headers of that email. Her IP *should* be the first non-local quad from the message text (thats bottom to top).
Thanks a lot! Robert -- http://rwbest.no.sapo.pt/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Robert W Best wrote:
On Sunday 18 May 2008 14:09:20 Joe Morris wrote:
Since you can get her IP,
No, that's my problem! I don't know how to get even my own IP, but thanks to John Andersen who pointed me to Dyndns I've now an alias.
Hi Robert Try this page - http://www.whatsmyip.org/more/ - your IP address should be at the top, from the internet point of view. Cheers Pete -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (7)
-
Anders Johansson -
Dave Howorth -
Joe Morris -
John Andersen -
Patrick Shanahan -
Pete Connolly -
Robert W Best