Remote desktop questions
I'm tinkering with remote desktop options.... I can ssh from computer1 to computer2. I can setup a vncserver on computer1 and connect to it from computer2. I even have ssh -X working fine. I've setup a port forward on my firewall so that computer2 (outside the local firewall) can get to computer1. I tried the Remote Desktop components included in the kdenetwork3-vnc package, but.. I really didn't get anywhere. If I manually start a vncserver on computer1 I can use the KRDC app on computer2 to log into and start a KDE/Gnome session. If I try to use the KRFB app (the server and invite manager) on computer1, computer2 can't connect. Not too much of an issue since I would rather use ssh instead of vnc (if possible) But.... Ultimately I want to take over the desktop of computer1 from computer2. In all my messing about with ssh and vnc I can only start a new X session... I can't pick up on the existing session. I tried what is documented here: http://www.novell.com/coolsolutions/feature/15315.html But I could not get the same results - mainly that I couldn't connect when KRFB was running on the host and I used KRDC to try to connect. Is it possible to take over a desktop using ssh? (prefered because. I will be doing the control via the internet) If not, what about with vnc? Or better... how with vnc? C.
I tried what is documented here: http://www.novell.com/coolsolutions/feature/15315.html But I could not get the same results - mainly that I couldn't connect when KRFB was running on the host and I used KRDC to try to connect.
Ok... funny how as soon as you click send you think of that one option you forgot to check... this is working now... I can control the desktop of one computer from the other on the local LAN.
Is it possible to take over a desktop using ssh? (prefered because. I will be doing the control via the internet)
This question still stands. My ultimate goal is to be able to remotely control a computer on the other side of the world. Is VNC "secure" enough for me to open it up via the internet? Is it better (more secure) to use ssh tunneling? Can I take control of a remote desktop using ssh like I can with the Remote Desktop tools in KDE? C.
On Saturday 01 October 2005 09:56, Clayton wrote:
I tried what is documented here: http://www.novell.com/coolsolutions/feature/15315.html But I could not get the same results - mainly that I couldn't connect when KRFB was running on the host and I used KRDC to try to connect.
Ok... funny how as soon as you click send you think of that one option you forgot to check... this is working now... I can control the desktop of one computer from the other on the local LAN.
Is it possible to take over a desktop using ssh? (prefered because. I will be doing the control via the internet)
This question still stands. My ultimate goal is to be able to remotely control a computer on the other side of the world. Is VNC "secure" enough for me to open it up via the internet? Is it better (more secure) to use ssh tunneling? Can I take control of a remote desktop using ssh like I can with the Remote Desktop tools in KDE?
C. The answer to your question is "Yes, you can use ssh to get remote control of your desktop. But...
I'm not sure that is what you really want to do, so before explaining how I'd like to ask you couple of questions: The Remote Desktop in KDE is designed to allow 2 people to work on the same desktop. This is help someone (locally on the machine) from a remote location. There are tools designed to give you a remote desktop (from across the internet). Are you really trying to support someone from across the world, or do just want remote support? The solution to your problem differs drastically depending on the answer, therefore I shall wait till you reply... Jerry
The answer to your question is "Yes, you can use ssh to get remote control of your desktop. But...
I'm not sure that is what you really want to do, so before explaining how I'd like to ask you couple of questions:
The Remote Desktop in KDE is designed to allow 2 people to work on the same desktop. This is help someone (locally on the machine) from a remote location. There are tools designed to give you a remote desktop (from across the internet). Are you really trying to support someone from across the world, or do just want remote support?
There are two goals... 1. I want to be able to control my home desktop from work. I want to be able to log in from work and start/stop apps, setup downloads etc. For example to start/stop a BitTorrent download of SUSE10.0. This is purely for convenience on my part. 2. I will eventually need to remotely administer a computer that is about 8000km away. For this I will also need to take command of the desktop - not run a new session. So... I will be supporting a user. Remote Desktop is the solution I'm looking for.... being able to take over the remote desktop. And.. I want it to be the most secure/safe option. C.
On Saturday 01 October 2005 19:59, Clayton wrote:
The answer to your question is "Yes, you can use ssh to get remote control of your desktop. But...
I'm not sure that is what you really want to do, so before explaining how I'd like to ask you couple of questions:
The Remote Desktop in KDE is designed to allow 2 people to work on the same desktop. This is help someone (locally on the machine) from a remote location. There are tools designed to give you a remote desktop (from across the internet). Are you really trying to support someone from across the world, or do just want remote support?
There are two goals...
1. I want to be able to control my home desktop from work. I want to be able to log in from work and start/stop apps, setup downloads etc. For example to start/stop a BitTorrent download of SUSE10.0. This is purely for convenience on my part.
2. I will eventually need to remotely administer a computer that is about 8000km away. For this I will also need to take command of the desktop - not run a new session. So... I will be supporting a user.
Remote Desktop is the solution I'm looking for.... being able to take over the remote desktop. And.. I want it to be the most secure/safe option.
C.
I Assume that you are connecting from linux to linux: I assume that you have SSH server setup on the same server you are trying to remote controll. I assume you have setup your firewall to allow ssh to the server and tested it with the command "ssh user@internet.addressable.host.or.ip" and can connect to the remote server. When you start the Remote Desktop (Invite) on the remote machine you see a line like: "Host: 10.0.0.101:4" You need to know the number after the colon, 4 in this case. To connect to it via ssh try the following line in a shell vncviewer -via user@internet.addressable.host.or.ip 127.0.0.1:4 where the ":4" you got from the "Host:" line. This will ask you for the ssh password of user on the remote machine. It then opens a secure tunnel to 127.0.0.1 and connects vncviewer to it. Vncviewer then ask you for the "Personal Invitation" password and then connects you to the Remote Desktop. It sounds complicated, but actually it's quite easy.... On my remote servers, I do not run an XWindows environment on the console, so I use the XInetd method that gives me the SuSE login, but this you know about as you have already ruled it out! Hope this helped... Jerry
I Assume that you are connecting from linux to linux:
Yes. No MS stuff in the loop :-) Both computers are running fully patched/updated SUSE9.3 installs.
I assume that you have SSH server setup on the same server you are trying to remote controll.
Yes, this is now setup, and tested as working - both on a local basis (inside the firewall) and external - over the Internet from a different physical location. I can connect by ssh -p <port> <ip> I can also do ssh -X -p <port> <ip> and run apps on the remote machine and the app is actually shown on my local machine.
When you start the Remote Desktop (Invite) on the remote machine you see a line like: "Host: 10.0.0.101:4" You need to know the number after the colon, 4 in this case.
Ok, using ssh -X I started Remote Desktop. I set it to use the a second port I have set to forward on the remote firewall. Then I created an invitation (on the remote machine using krfd exported to my local), and got the :<number>.
To connect to it via ssh try the following line in a shell vncviewer -via user@internet.addressable.host.or.ip 127.0.0.1:4
I try this and nothing happens... my local machine sits here tryign to connect to my remote machine. If I break the connection I get a tunnelling failed message. I tried using krdc to connect to the invited session... it appears to do nothing for a long time, but eventually I get a notice (via my ssh -X session) that someone is trying to connect to my computer via VNC (this is despite the fact I have my remote machine (currently) set to accept external connections without verifications - not secure I know, but I'm still in testing mode). I clicked accept and the connection is dropped on the remote side... timeout maybe?
Hope this helped...
Actually.. yes :-) The explanation is very useful... now if only I can get it to work... most likely finger problems on my part... C.
On Monday 03 October 2005 11:41, Clayton wrote:
I can connect by ssh -p <port> <ip>
To connect to it via ssh try the following line in a shell vncviewer -via user@internet.addressable.host.or.ip 127.0.0.1:4
I try this and nothing happens... my local machine sits here tryign to connect to my remote machine. If I break the connection I get a tunnelling failed message.
C.
Nope the -via parameter on the vncviewer command assumes standard port number! so it is the equivalent to ssh without "-p <port>" command. There are 3 ways to fix this, but I'll explain the one I find most usefull 8-) as root edit /etc/ssh/ssh_config After the top comments, before the "Host *" line add the following line: Host <some.where.com> Port <Port> save file, and test it with ssh WITHOUT -p option.... if it works, then vncviewer -via should work also. Jerry. P.S. I usually add the compression parameter in ssh_config also...
Nope the -via parameter on the vncviewer command assumes standard port number! so it is the equivalent to ssh without "-p <port>" command.
Editing the ssh_config helped.... wasn't 100% of the solution though. From there I had to edit the xorg.conf on the remote machine. I added vnc to the Modules section, and to Screen I added the VNC authorization stuff - all well documented on the RealVNC webpages (under the section on how to remote control your Unix machine by VNC). Then I restarted X on the remote machine. I started vncserver on the remote machine (and noted which :<number> it selected. Then on the local machine I used vncviewer -via <ip> 127.0.0.1:<number> This asked me for my ssh password, and then my vnc password. It immediately connected to my existing X session and I have full remote desktop control. :-) Life is good. Now to duplicate that on my other machines I'd like to remotely control. Thanks for the tips and help. it got me a long way down the right path to getting this working BTW, network load is about 25kb/s when vnc is sitting idle. C.
On Monday 03 October 2005 14:13, Clayton wrote:
Nope the -via parameter on the vncviewer command assumes standard port number! so it is the equivalent to ssh without "-p <port>" command.
Editing the ssh_config helped.... wasn't 100% of the solution though. From there I had to edit the xorg.conf on the remote machine. I added vnc to the Modules section, and to Screen I added the VNC authorization stuff - all well documented on the RealVNC webpages (under the section on how to remote control your Unix machine by VNC).
Then I restarted X on the remote machine. I started vncserver on the remote machine (and noted which :<number> it selected. Then on the local machine I used vncviewer -via <ip> 127.0.0.1:<number> This asked me for my ssh password, and then my vnc password. It immediately connected to my existing X session and I have full remote desktop control. :-) Life is good. Now to duplicate that on my other machines I'd like to remotely control.
Thanks for the tips and help. it got me a long way down the right path to getting this working
BTW, network load is about 25kb/s when vnc is sitting idle.
C.
As I noted in the other branch of the thread, you could have use remote desktop to do this, like follows: Start->Control Center->Internet & Network->Desktop Sharing->Allow Uninvited Connections. This is (sort of) the GUI equivalent to the RealVnc stuff you did... Jerry P.S. Did you turn on SSH compression?
As I noted in the other branch of the thread, you could have use remote desktop to do this, like follows:
Start->Control Center->Internet & Network->Desktop Sharing->Allow Uninvited Connections.
This is (sort of) the GUI equivalent to the RealVnc stuff you did...
I didn't have a lot of success with that - mainly because I'm trying to launch it all remotely. I tried running the krfb app via ssh -X (yes I checked to make sure it was the remote one and not the local one that was running). but... it didn't seem to work - was getting authentication errors etc. Connecting by ssh, and launching vncserver on the remote machine when I need to connect is good for me - especially now that it's all configured, and I know what has to be done on the other remote machines. This way I don't have to rely on someone at the remote machine to correctly launch the krfb app etc.
P.S. Did you turn on SSH compression?
Yes. I set CompressionLevel 9 in the ssh_config file, but don't see a lot of improvement in the network load. C.
Clayton, On Monday 03 October 2005 05:57, Clayton wrote:
...
P.S. Did you turn on SSH compression?
Yes. I set CompressionLevel 9 in the ssh_config file, but don't see a lot of improvement in the network load.
According to the man page for ssh_config, the compression parameters pertain only to SSH version 1, which we all know is not the preferred version of the SSH protocols.
C.
Randall Schulz
On Mon, Oct 03, 2005 at 02:13:27PM +0200, Clayton wrote:
BTW, network load is about 25kb/s when vnc is sitting idle.
I haven't read the entire thread, but are you using ssh port forwarding for vnc, and connecting to a local port? If so, it may be automatically selecting the wrong encoding (because vnc thinks it's going to connect locally). Try using -encodings "CopyRect Hextile Zlib Tight" for the client to see if it improves the load. Regards, Pieter hulshoff
On Monday 03 October 2005 15:27, Pieter Hulshoff wrote:
On Mon, Oct 03, 2005 at 02:13:27PM +0200, Clayton wrote:
BTW, network load is about 25kb/s when vnc is sitting idle.
I haven't read the entire thread, but are you using ssh port forwarding for vnc, and connecting to a local port? If so, it may be automatically selecting the wrong encoding (because vnc thinks it's going to connect locally). Try using -encodings "CopyRect Hextile Zlib Tight" for the client to see if it improves the load.
Regards,
Pieter hulshoff
Ahhh, yes I can see how that would happen. I missed this one. I also use -bgr233 which I find to be a great compromise between looks and speed! Jerry
On Monday 03 October 2005 11:41, Clayton wrote:
Ok, using ssh -X I started Remote Desktop. I set it to use the a second port I have set to forward on the remote firewall. Then I created an invitation (on the remote machine using krfd exported to my local), and got the :<number>.
C.
I see a problem with this. Since you are running xwindow client programs (on the remote machine) connecting to your LOCAL xwindow server. I fear you may be creating an invitation for your local machine. You should be able to prove/disprove this by looking in the manage invitation function on your local machine. If this is the case, you might consider always allowing remote desktop (I forget where the option is). This would allow you to get hold the the desktop without having to ssh in to create an invitation.... Jerry
participants (4)
-
Clayton -
Jerry Westrick -
Pieter Hulshoff -
Randall R Schulz