| View previous topic :: View next topic |
| Author |
Message |
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
 Posted: Thu Jan 08, 2004 8:58 pm Post subject: Remote X Desktop - how? [SOLVED] |
 |
|
I would like to be able to access my linux desktop (pc running at home) from a remote computer (windows based with an X-client). I already access it via ssh but would like to use X.
How do I configure my firewall (iptables) and X (running GDM & Gnome/KDE) to allow remote X? Also what can I do to make this setup as secure as possible?
Any thought or pointers to a decent HOWTO appreciated
Last edited by gazR on Mon Jan 12, 2004 1:03 pm; edited 1 time in total |
|
| Back to top |
|
 |
lewk
Retired Dev
Joined: 21 Dec 2003
Posts: 32
Location: Boston, MA
|
| Posted: Thu Jan 08, 2004 9:27 pm Post subject: |
|
|
This was the best alternative to X forwarding that I have found so far. With VNC, you can setup a remote session that you can connect and disconnect to as you please. I use it when I am away from home for a while. It works fine with a cable connection, but I wouldn't trust anything slower.
As for security, you can eaisly tunnel vnc through SSH using Putty. All you have to do is go to SSH->Tunnels, then add a tunnel with port 5901 and destination localhost:5901. Then just connect up to your machine via ssh, then use a vnc client to connect to localhost:1 |
|
| Back to top |
|
|
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
| Posted: Thu Jan 08, 2004 11:16 pm Post subject: |
|
|
Cheers lewk, vnc is an option but I'd still like to try remote X first.
Bearing in mind that I'd be connecting from a known static IP (so that I could add rules to iptables to allow the traffic ONLY to/from that IP) how do I enable remote X logins and which ports & protocols would I need to make rules for?
Anyone? |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
|
| Back to top |
|
|
waverider202
Tux's lil' helper
Joined: 25 Sep 2002
Posts: 146
Location: Drexel University
|
| Posted: Fri Jan 09, 2004 2:39 am Post subject: putty + x |
|
|
google for the ssh client called putty. SSH into your machine with X Forwarding turned on. Make sure you're X server is running on your Windows box. when you ssh in, just run any app, and it'll appear on the x server in your windows box. That'll get any application running. If you want more...then run a window manager or desktop enviroment, and that'll run in the x server on the windows machine. This method is faster, more secure, and easier on firewalls than vnc. Also, remember to turn on compression 
_________________
 |
|
| Back to top |
|
|
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
| Posted: Fri Jan 09, 2004 11:55 am Post subject: |
|
|
OK waverider202 got that working ish...... now how do I set compression  |
|
| Back to top |
|
|
vdboor
Guru
Joined: 03 Dec 2003
Posts: 592
Location: The Netherlands
|
| Posted: Fri Jan 09, 2004 12:05 pm Post subject: |
|
|
If you're on a UNIX/Linux machine, run "ssh -X user@hostname". ssh tunnels the X11 connection, and you can start any X11 program. It appears at your own display.
To run a X server under Windows, you can try to use http://www.jcraft.com/weirdx/ It's not the best solution, but it's free.. The WeirdX server launces a display at localhost:2 then start PuTTY, and enable X11 forwarding.
Instead of 'emerge vnc", I'd recommend using tightvnc. It has a better compression rate iirc.
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer
[ screenies | Coding on KMess ] |
|
| Back to top |
|
|
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
| Posted: Fri Jan 09, 2004 12:10 pm Post subject: |
|
|
umm, nevermind, found it  |
|
| Back to top |
|
|
trapperjohn
Apprentice
Joined: 11 Nov 2003
Posts: 242
Location: Bremen/Germany
|
| Posted: Fri Jan 09, 2004 12:15 pm Post subject: |
|
|
You can also try Cygwin/XFree86 - I think it's faster than Java (like anything ..) and even install a windowmanager like Windowmaker or fvwm2 in it. |
|
| Back to top |
|
|
pedro
n00b
Joined: 01 Jul 2002
Posts: 25
Location: Londrina/Brazil
|
| Posted: Fri Jan 09, 2004 12:37 pm Post subject: |
|
|
The best solution I found to this is to use cygwin with gdm.
To make it work edit "/etc/X11/gdm/gdm.conf" and enable the xdmcp protocol.
You can conect on this server running the following command on cygwin:
Where host is the IP or the hostname of the server. |
|
| Back to top |
|
|
vdboor
Guru
Joined: 03 Dec 2003
Posts: 592
Location: The Netherlands
|
| Posted: Fri Jan 09, 2004 3:06 pm Post subject: |
|
|
| trapperjohn wrote: |
You can also try Cygwin/XFree86 - I think it's faster than Java (like anything ..) and even install a windowmanager like Windowmaker or fvwm2 in it. |
yes, it's faster But not in terms of installation. If the JRE has been installed, I can just download a .jar file from my server, and double click on it.
...also I haven't been able to install xfree from cygwin I got a little confused by the installer. 
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer
[ screenies | Coding on KMess ] |
|
| Back to top |
|
|
jonnymalm
n00b
Joined: 26 Jun 2002
Posts: 68
|
| Posted: Fri Jan 09, 2004 6:01 pm Post subject: |
|
|
If you are trying to access the computer over the Internet I would not suggest using XDMCP. It is slow and very insecure. If you plan on using it on a local LAN, XDMCP is the way to go. If you would like the entire desktop and not just X11 forwarding over SSH, VNC is the way to go when connecting over the Internet.
Here is a good howto for seting up vnc:https://forums.gentoo.org/viewtopic.php?t=72893&highlight=xvnc
If you do go the X route, cygwin/Xfree is the way to go for setting up an x server on windows. It is fast and more importantly free. There are some other x servers for windows but they are very pricey, Exceed by Hummingbird...
| Quote: | | ...also I haven't been able to install xfree from cygwin I got a little confused by the installer. |
It really is not that hard, you just select xfree in the installer for cygwin. There is documentation on installing it on the cygwin site.
Here is a good link for setting up XDMCP:http://www.monkeynoodle.org/comp/remote-x-cygwin-howto
I have set up vnc, x-fowarding over ssh and XDMCP so let me know if you have any questions. |
|
| Back to top |
|
|
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
| Posted: Fri Jan 09, 2004 10:37 pm Post subject: Thanks Everyone |
|
|
Thanks everyone for pitching in with your ideas. After a bit of playing around I managed to try most of the ideas you have all come up with and decided to go with tightVNC.
Cygwin/X and ssh ( or XDMCP ) offer features which would be nice to have, eg the integration of local & remote apps on one desktop with X & ssh forwarding, but until I get more bandwidth to play with, VNC seems like my best option.
As an afterthought, anyone know how well VNC compares with MS Remote Desktop Protocal or Citrix Metaframe in relation to bandwidth usage? |
|
| Back to top |
|
|
gazR
n00b
Joined: 06 Dec 2003
Posts: 56
|
| Posted: Sat Jan 10, 2004 8:50 pm Post subject: |
|
|
Now I'm trying to secure things by using an SSH tunnel, however when ever I try to connect the vncviewer I get 'Forwarded connection refused by server' in the logs.
vncviewer is running on a win2k box and I'm using Putty as the ssh client.
This is my sshd_config
| Code: |
# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes
AllowTcpForwarding yes
#GatewayPorts yes
#X11Forwarding yes
#X11DisplayOffset 1
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/lib/misc/sftp-server
|
everything works fine if I setup a local tunnel on my gentoo box using
| Code: |
ssh -L 9000:localhost:5952 localhost -C -2
|
and the connect using
| Code: |
vncviewer localhost:52
|
But as soon as I try the to initialise the ssh connection from my win2k box, the forwarded connection gets refused. Any ideas anyone? |
|
| Back to top |
|
|
|
Networking & Security
