l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Dec 10 10:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Tunneling vnc over ssh --- solved
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Tunneling vnc over ssh --- solved

På 2006-12-08, skrev Alex Mandel:
> Sounds like you should just write a script on your local machine to do 
> these in order.

Solved, more or less. Here is my new script.

# vncssh.sh
# used as: ./vncssh.sh remote_host_running_vnc.domain.org
# Reference: http://www.vanemery.com/Linux/VNC/vnc-over-ssh.html
ENC='copyrect tight hextile zlib corre rre raw'
VNCDISPLAY=`ssh $HOST ps ux | egrep 'X.*vnc' \
   | perl -ne 'm/ +:(\d+)\b/; if ($1) {print "$1\n"; exit}'`
export VNC_VIA_CMD="/usr/bin/ssh -2 -x -f -L %L:%H:%R %G sleep 20"
echo 'Xtightvncviewer*grabKeyboard: true' | xrdb -merge
scp @$HOST:.vnc/passwd $HOME/.vncauth_$HOST
xtightvncviewer -fullscreen -compresslevel 9 -quality 2 \
   -encodings "$ENC" -passwd $HOME/.vncauth_$HOST \
   -via $HOST localhost:${VNCDISPLAY}
rm $HOME/.vncauth_$HOST # remove password-hash file when viewer exits
#end of script

The above works fairly well as long as I only have a single VNC running.

> I'm not familiar with the password stuff you're doing but to be honest 
> my vncserver isn't running by default. I actually turn it on once I'm in 
> via ssh and then connect to the vnc.
> Call it a little extra paranoia.

The fiddling with the password file is to permit me to log in without
retyping the password if I have access to the required ssh key.

You are probably right to be extra paranoid; in my case I consider the
security risk of having a VNC session running constantly acceptable; it
it mitigated by the fact that a running VNC can only be accessed from
localhost (proxying via ssh notwithstanding) and the server is in a NAT
LAN behind a firewall that blocks all ports except ssh, ftp, and http. I
use VNC to make my X session portable between different desks and to
allow reattaching if my client machine loses power (only the server is
on a UPS). Sessions tend to have a longevity of many months.

Henry House
+1 530 753 3361 ext. 13
Please don't send me HTML mail! My mail system frequently rejects it.
The unintelligible text that may follow is a digital signature.
See <http://hajhouse.org/pgp> to find out how to use it.
My OpenPGP key: <http://hajhouse.org/hajhouse.asc>.

Attachment: signature.asc
Description: Digital signature

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.