Originally Posted by pirithous. Well what is the SUSE preferred way? When enabling remote desktop in YaST, it wants to install a ton of Xorg packages. Is this necessary? I am trying to stay away from proprietary software. I get an error when I try to run vncserver; what does this mean? Access is also possible from a Windows system. In order to access a Linux remote desktop from a Windows system the first step is to install a Windows VNC client on the Windows system.
There are a number of VNC packages available for Windows. Enter the password if one is required. The screen should load and display the remote desktop,.
You may also enter the port number in the form hostname screen 0 in VNC uses port TightVNC assumes port if none is specified but when we look at setting up additional desktops later in this chapter we will need to specify port numbers in order to connect. The remote desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewall.
When a remote session is required over an internet connection a more secure option is needed. This achieved by tunneling the remote desktop through a secure shell SSH connection. Before a secure connection is established the SSH server must be installed and running on the system to which the connection is to be established. Fortunately, this is installed and enabled by default when openSUSE is first installed. Assuming the SSH server is installed and active it is time to move to the other system.
At the other system, log in to the remote system using the following command, which will establish the secure tunnel between the two systems:.
In the above example, hostname is either the hostname or IP address of the remote system. Log in using your account and password. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel.
Leaving the ssh session running in the other terminal window, launch another terminal and enter the following command:. The vncviewer session will prompt for a password if one is required, and then launch the VNC viewer providing secure access to your desktop environment. If you are connecting to the remote desktop from outside the firewall keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the LAN IP address of the remote system since this IP address is not visible to those outside the firewall.
You will also need to configure your firewall to forward port 22 for the ssh connection to the IP address of the system running the desktop.
It is not necessary to forward port Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration. A similar approach is taken to establishing a secure desktop session from a Windows system. After your VNC client connects to the server, you will be prompted to choose whether you want to create a new session, or join the existing one:.
After you click the name of the existing session, you may be asked for login credentials, depending on the persistent session settings. The authentication happens at the beginning of the session; the actual data transfer only begins afterward. The -securitytypes parameter selects both authentication method and encryption.
It has the following options:. Anonymous TLS encryption. Everything is encrypted, but there is no verification of the remote host. So you are protected against passive attackers, but not against man-in-the-middle attackers. TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection similar to typical SSH usage.
If you use a certificate signed by a certificate authority matching the machine name, then you get full security similar to typical HTTPS usage. With X based encryption, you need to specify the path to the X certificate and the key with -XCert and -XKey options. If you select multiple security types separated by comma, the first one supported and allowed by both client and server will be used. That way you can configure opportunistic encryption on the server. This is useful if you need to support VNC clients that do not support encryption.
On the client, you can also specify the allowed security types to prevent a downgrade attack if you are connecting to a server which you know has encryption enabled although our vncviewer will warn you with the "Connection not encrypted!
Contents Contents. Note: Session Types A machine can offer both kinds of sessions simultaneously on different ports, but an open session cannot be converted from one type to the other. Note: Display and Port Number The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the vncserver command on the target machine.
Figure 4. Name Name of the profile. It will be listed in the main window. Protocol The protocol to use when connecting to the remote session, for example VNC. User name, Password Credentials to use for remote authentication. Leave empty for no authentication. Color depth, Quality Select the best options according to your connection speed and quality. Tip: Disable Encryption If the communication between the client and the remote server is not encrypted, activate Disable encryption , otherwise the connection fails.
Procedure 4. Confirm your settings with Next. To start a session with a resolution of x pixel and with a color depth of bit, enter the following command: vncserver -alwaysshared -geometry x -depth Important: Security Considerations Make sure to use strong passwords of significant length eight or more characters.
Non-persistent, private This is equivalent to an one-time session. Persistent, visible The session is visible to other users and keeps running even after you disconnect from it.
Supports suspend and resume a running session. It is not yet included in the main distribution repositories, but available from build service. Read how to install and configure FreeNX server Setting up must be done from the command line. But is quite simple Access from web browser not yet supported. Guacamole allows you to provide a remote desktop in a browser. Also a new article TightVNC is created to fit the main name space.
The red links above need a new article. Information about it on the old wiki is sparse or still from SUSE linux 8. Information from the old wiki can be used, but make sure you tested it before writing! Check the discussion page.
Remote installation. VNC usage.
0コメント