UbuntuHelp:VNCOverSSH

文章出处:

https://help.ubuntu.com/community/VNCOverSSH

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Parent page: Internet and Networking See also VNC Wiki Page

Introduction

This brief guide will introduce a method for securely accessing the desktop of a remote Ubuntu computer system from a local Ubuntu computer system by tunneling a Virtual Network Computing (VNC) session over the Secure SHell (SSH) protocol. This guide does not use the default installation of the Vino VNC server provided with Ubuntu, nor does it utilize any of the server-specific Remote Desktop functionality provided by the Preferences menu. This guide uses the TightVNC flavor of VNC for the server side, and is applicable to either standard, or server installations of Ubuntu.

Target Audience

This guide is for anyone with sufficient experience with the GNU/Linux command-line, and particularly experience in executing command-line utilities, and editing system configuration files with a preferred editor. A familiarity with OpenSSH, and VNC will help in understanding the concepts involved, but is not necessary to follow this guide's instruction.

VNC

Virtual Network Computing (VNC) is a freely-available, cross-platform software solution which makes viewing, and interacting with a remote computer's desktop possible from any other computer, or appropriately enabled device across a Local Area Network, (LAN) via the Internet. The solution is comprised of separate server, and client applications, but control via a standards-compliant web browser which supports JavaScript is also possible too. More information on VNC is available via the VNC Wiki Page, or the Resources section of this guide.

Installing VNC Components

Before you can begin establishing the secure desktop connections with VNC, you must verify installation of the appropriate packages on the server, and client computers.

The Host Computer (Server)

To install the TightVNC software on your Ubuntu server computer, (the remote computer) simply use your preferred package manager application, such as Synaptic, and install the vnc-common and tightvncserver packages. To install these packages from the terminal, open a Terminal instance, and type the following command at the terminal prompt: sudo apt-get install vnc-common tightvncserver Enter your user password when prompted, and provided your system's package sources are in order, the packages should install without error. To avoid a nasty error related to FontPaths when starting your VNC server later, edit the the /etc/vnc.conf file with sudo, and your preferred editor, and add these lines to the very bottom of the /etc/vnc.conf file:

$fontPath "unix/:7100" # local font server
# if the local font server has problems, we can fall back on these
$fontPath .= "/usr/share/X11/fonts/misc,";
$fontPath .= "/usr/share/X11/fonts/cyrillic,";
$fontPath .= "/usr/share/X11/fonts/100dpi/:unscaled,";
$fontPath .= "/usr/share/X11/fonts/75dpi/:unscaled,";
$fontPath .= "/usr/share/X11/fonts/Type1,";
$fontPath .= "/usr/share/X11/fonts/CID,";
$fontPath .= "/usr/share/X11/fonts/100dpi,";
$fontPath .= "/usr/share/X11/fonts/75dpi,";
# paths to defoma fonts
$fontPath .= "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType,";
$fontPath .= "/var/lib/defoma/x-ttcidfont-conf.d/dirs/CID";

Save the file, and exit the editor. Note: For Feisty (7.04) and Gutsy (7.10) the default font paths were /usr/share/fonts/X11/

$fontPath .= "/usr/share/fonts/X11/misc,";
$fontPath .= "/usr/share/fonts/X11/100dpi/:unscaled,";
$fontPath .= "/usr/share/fonts/X11/75dpi/:unscaled,";
$fontPath .= "/usr/share/fonts/X11/Type1,";
$fontPath .= "/usr/share/fonts/X11/100dpi,";
$fontPath .= "/usr/share/fonts/X11/75dpi,";

The Remote Computer (Client)

As of this writing, Ubuntu version 5.10 "The Breezy Badger" ships with the VNC viewer application, vncviewer installed by default. A Terminal Server Client application is also provided which gives a front-end to the vncviewer command. To verify installation of the Terminal Server Client, simply click the Applications Menu, then navigate to the Internet Menu, where you should observe the Terminal Server Client entry. To verify installation of the vncviewer application, open Terminal window, and enter the following command at the terminal prompt: which vncviewer The output of the command should resemble the following:

/usr/bin/vncviewer

Once you've installed the VNC server software on the server computer, and verified installation of the VNC client software on the client computer, you are ready to proceed to OpenSSH installation on the two computers.

SSH

OpenSSH is the freely available version of the Secure SHell (SSH) software which allows for direct remote terminal control, file transfer, and tunneling all over a secure, and encrypted connection. Additional information about OpenSSH is available from the SSHHowto Wiki Page, the AdvancedOpenSSH Wiki Page, and the Resources section of this guide.

Installing OpenSSH

Installation of the OpenSSH client, and server components is identical for both the client, and server computers. Using your preferred package management application, install the openssh-client and openssh-server packages. To install these packages at a terminal prompt, open a Terminal instance, and type the following command at the terminal prompt: sudo apt-get install openssh-client openssh-server Enter your user password when prompted, and provided your system's package sources are in order, the packages should install without error. Once you've installed OpenSSH on the client, and sever computers, you are ready to make a secure, tunneled VNC connection over SSH.

VNC + SSH

Creating the VNC connection over a SSH tunnel is quite simple, but involves issuing commands at both the client and server computers. To do this, you must have physical access to both machines, or use the ssh application itself to login at the remote computer from the local computer, using a syntax similar to the following: ssh remote.host.name.com or ssh 82.211.81.166 to connect via IP address. Of course, you should replace the example hostname, or IP address in the commands above with your remote computer's actual hostname or IP address. Provide the password of your account on the remote machine to complete the ssh login. Now, the commands required at both ends to start a session. In the example presented below, the remote computer is actually using Xubuntu, and is thus using the XFCE desktop environment. The example user will be jimi and the remote server will be 82.211.81.166, with a hostname of hendrix. Remember to substitute your values accordingly though.

The Host Computer (Server)

To enable a listening VNC server on the server computer, enter this command into a terminal prompt: vncserver :1 The first time you do this, you'll be prompted for a password to use for incoming connections:

You will require a password to access your desktops.

Enter, and verify the password you wish to use to access the server's desktop from the client computer. You should then see startup messages from the VNC server similar to the following:

New 'X' desktop is hendrix:1

Creating default startup script /home/jimi/.vnc/xstartup
Starting applications specified in /home/jimi/.vnc/xstartup
Log file is /home/jimi/.vnc/hendrix:1.log

Notice the references to the xstartup file? This file controls what is launched during the X session started by VNC in terms of X applications, and the Window Manager, or X Desktop Interface (Gnome, KDE, XFCE). It is configured to take sensible defaults from the currently configured X Desktop Interface, or Window Manager, so it should not need additional editing. However, if the X session as started by the VNC server does not behave as you wish it to, the ~/.vnc/xstartup file may be used to force a particular behavior. Now that the VNC server is running, we proceed to the "tricky" part, which is to establish our tunnel, and connect over it.

The Local Computer (Client)

To connect to the server's VNC desktop, from the client you'll simply use the -via parameter of the vncviewer command. The syntax of the command then resembles the following when using our example host information from above: vncviewer -via 82.211.81.166 hendrix:1 This tells VNC to forward the connection to the server computer (hendrix) via the server computer's external, or public facing IP address, 82.211.81.166 (a valid, resolvable hostname would work here too). Upon entering this command at a terminal prompt, you'll notice some VNC-specific information on screen, and then you'll be prompted for the SSH password. Enter the SSH password, and upon correctly doing so, the SSH tunnel will be established. Next, you'll receive a prompt for your VNC password (which may, or may not be the same as the SSH password) which resembles the following:

VNC server supports protocol version 3.3 (viewer 3.3)
Password:

Enter the VNC password, and you should then see remote server's desktop appear! Now that you have the basic connection working, you should study more information via the resources in the Resources section of this guide, and remember that virtually any kind of applications which communicate via TCP may be forwarded over SSH tunnels in a similar manner as VNC for additional security. Though some applications may lack the -via option which vncviewer uses, there are ways to manually create SSH tunnels for almost any application. See the Resources for more information. Have fun with your secure, encrypted desktop sessions!

Windows clients

This method will work with Linux clients as well. With Windows clients connecting is a two step process. You must first establish the ssh connection and then use a vnc client to connect to localhost. See this link for additional (basic) information on Cygwin/Putty

Windows ssh clients

When connecting with Windows I have used both Putty and Cygwin with success.

Windows vnc clients

Download a tight vnc viewer for windows. I advise the Tight VNC viewer for windows

• The tight vnc viewer is available without installation ( tightvnc-1.3.9_x86_viewer.zip "Viewer executable, does not require installation")

I have also used Ultra and Real VNC viewers

• You can set up tight, ultra, or real vnc servers on windows and connect just as easily from ubuntu.

Note: Although localhost === 127.0.0.1 === your <IP> , these programs are finicky, so in the following sections on you can not interchange these terms.

Making the connection

The trick is to forward the ports over ssh and connect to the vncserver via localhost Step 1 Make the ssh connection :

Putty

Putty is also available for Linux. Open the putty client. On the " box (on the left), select "Session". Enter your server IP address in the "Saved Sessions" box and click "Save" Then, again in the " box, expand the "SSH" menu by clicking the "+" and select "Tunnels"

• In "source port" put 5901
• In "Destination" put localhost:5901
• Click the "Add" button

You should now see ports under "Forwarded Ports" [1] Now in the Left column again select 'Session" and now hit the "Save" button under "Saved sessions" You can now load the session by selection your vnc server under saved sessions and using the "Load" button. Importing an open ssh key On the Putty Download page is a utility puttygen.exe. Download this program and run it. Import your openssh key (you will need to enter your password to do so), now save the key with the same name as your openssh key. Take care not to overwrite your openssh key. Walk through in importing ssh keys to Putty

Cygwin

Be sure to install the ssh client (the client and server are packaged together into a package called openssh.

ssh -fCNT [email protected] -L 5901:127.0.0.1:5901

 -f = Allows ssh to close after the connection is established.
 -C = Use Compression
 -N = No commands will be issued
 -T = No terminal session will be started
 
 -L = Port forwarding. The terminology is <server_port>:<client_port> the trick is we are using 127.0.0.1:<port> for the client. 127.0.0.1 must be used (not localhost or the client ip address)

Step 2 Make the vnc connection. Now we make the vnc connection, but now we use localhost:1 as the server ip.

vncviewer localhost:1

Enter your password. Step 3 To disconnect, close the vnc viewer, and enter killall ssh in the terminal.

Starting the XFCE desktop

XFCE seem ideal in that I can easily run xfce and change the background image if I so desire : 1. I use this ~/.vnc/xstartup

xrdb $HOME/.Xresources

xfwm4 2> /dev/null &
xfce4-panel 2> /dev/null &
xterm 2> /dev/null &

Note: For a full xfce session use:

xrdb $HOME/.Xresources

xfce4-session 2> /dev/null &
xterm 2> /dev/null &

2. In the menu Applications -> Settings -> Settings Manager

Select Desktop Preferences Tic off the box next to "Allow XFCE to manage the desktop" You should now have the xfce-desktop up and running :)

Starting the Gnome desktop

I can start the gnome panel but was unable to change the background image. This is my ~/.vnc/xstartup

xrdb $HOME/.Xresources
xsetroot -solid navy # Choose your color
x-window-manager &
{
 (gnome-panel 2> /dev/null &)
}
xterm &

Starting KDE

Startkde gave me the black screen of death ... I use this ~/.vnc/xstartup

#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
startkde &

Again I could not get KDE to set a wallpaper.

Resources

Additional information on VNC, and SSH is available via the following resources:

Local System Resources

WWW Resources

OpenSSH Website TightVNC Website Information on the vncviewer -via option SSH Tunneling HOWTO @ Northeastern University SSH Tunneling Made Easy Using VNC Tunneling over SSH