ssh and vnc

alan c aeclist at candt.waitrose.com
Mon Dec 22 16:40:16 UTC 2008


andrew heggie wrote:
> alan c wrote:
> 
> 
>> 
>> (I am not any expert, so if one reads this and can correct or add
>> stuff, please do so?)
> 
> You're expert enough to move me forward, thanks.
>> 
>> your machine is the ssh client
>> login for user 'bill' (his machine) is the ssh server
>> 
>> make sure the target machine (bill's) has ssh server installed and
>> that your machine that you will use to connect from has the ssh client
>> installed  (openssh-server, openssh-client that is)
> 
> All done I log in with:
> 
> ssh -Y -l bill 192.168.xxx.ab and then his (fairly strong) user password.
> 
> For his convenience I have set the machine to autologin for his username.

btw - important: have you considered making his usual account into a 
non admin (non sudo) one?
This is my usual approach with non computer literate people I help. I 
also edit his menus to reduce them and also lock the panels to stop 
the obvious 'lost my panel' problem.
  The admin level account can be called  and something like bill-admin 
but would not be auto login. In fact I use ssh into such account, 
which gives me admin rihgts, but I still see th enon admin screen 
displayed,. I can use admin stuff at the shell level, such as updates 
(not difficult)

>> It is not essential to use keys that you specially generate - that is,
>> public and private key pairs, but it is an advantage I think,
>> particularly since you have both machines with you at present. I found
>> note1 useful here.
> 
> I'm not using keys yet, I hope that his account password is strong enough
> but I will investigate keys.

ssh with password only is not recommended now I think. I see comments 
to disable the password use.

>> should get a sensible response probably a warning that the remote
>> machine is unknown (no keys yet) and it is this or that fingerprint,
>> and do you want to connect to it? If you accept, the ID key of the
>> remote machine will be added to a file in your machine for reference.
>> Note: the key I think may be different when seen across the internet
>> (not sure). The real trick in this sort of situation is to be certain
>> that the target machine really is the one you expect, and that in
>> principle there is no third party interception at this initial  stage.
>> Inside your local LAN this is trivial.
> 
> Once this key has been successfully negotiated (it has in my case) can the
> ssh be locked to this machine?

Yes as I understand it

>> Again, inside your LAN it is easy to get VNC working. I usually use
>> kubuntu 8.04 but in this case I have been using ubuntu 8.04 (easy to
>> have both as alternate sessions at login, anyway), so some apps might
>> be ubuntu based, although I think they are also available in kubuntu.
>> 
>> Set remote desktop (this is the VNC server) in bill's machine to allow
>> others to control it, maybe with a password. Do not set to use
>> encryption I do not think it is working yet, anyway you expect to use
>> ssh and a tunnel so there is no need for yet more encryption. Do not
>> set ask for confirmation - you may not want that level of interaction
>> the other end.
> 
> OK this is where mine fell over using krdc as the client on mine and Krfb as
> the server on his. All seemed well, 
> I sent the invitation from bill's

I do not understand this. I would expect you to send an invitation 
*from* your machine (not bills) to bills server machine intending to 
connect to bills machine?

> received the poll on mine. I then Okayed the reply on bill's and typed the
> password on mine, at which stage everything hung until I broke the
> connection from mine. I'm updating the server software on his.

you might find that the password facility has by default been turned off!

>> 
>> Then from your own machine:
>> vncviewer 192.168.1.101
> 
> Again adept doesn't show vncviewer!
> 
> I'm installing xvnc4viewer
> 
> OK this hangs too so it looks like it's the server on bill that's playing
> up.
> 
> I've upgraded to krfb kde4 on bill's and get a connection with vncviewer 

Great!

>but
> the colours are all wrong. 

The colours are very limited here too, probably only 24 colours,  but 
it is ok to use and I have it as a lower priority. they probably can 
be configured, but will take bandwidth.

>I need to find a remote desktop server that
> works.

If you can see (limited) colours then I suggest it is probably working 
now.

-- 
alan cocks
Ubuntu user #10391
Linux user #360648




More information about the kubuntu-users mailing list