Using VNC to remotely connect to your DICE machine from outside Informatics

VNC = Virtual Network Computer/Computing

VNC is a way to let you remotely connect to a desktop on a remote machine. Essentially it is simple, you start a VNC server on one machine, and then you view that desktop on another machine via a VNC viewer, but it gets more complicated when you take security and firewalls into count.

DICE has two VNC servers installed, 'x11vnc' which will allow you to see your actual DICE desktop and supports SSL natively, and 'vncserver' which creates a new Desktop (of a size that you can choose) but does not support SSL natively.

For now we will talk about using the 'x11vnc' server, as it is probably the most straight forward.

Setting up the x11vnc server

The first thing you should do is setup a password which you will use to authorise the connection to the VNC server. Note this password isn't stored as securely as it could be, so don't use your DICE password, or any other valuable one. So on any DICE machine run the commands:

jings> x11vnc --storepasswd
Enter VNC password:
Verify password:
Write password to /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd?  [y]/n y
Password written to: /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd

You only need to do this once, or anytime you want to change the VNC server password.

Now that you've set a password, to start the server you would run the command on your desktop machine. If you are home, then you'll have to ssh into it from one of the ssh.inf.ed.ac.uk machines.

jings> x11vnc -ssl -usepw -rfbport 5910

You'll see various messages going past, the last of which should be along the lines of:

16/10/2009 16:56:37 Listening for VNC connections on TCP port 5910
16/10/2009 16:56:37 openssl_port: listen on port/sock 5910/9

The SSL VNC desktop is:  jings.inf.ed.ac.uk:10
16/10/2009 16:56:37 fb read rate: 42 MB/sec
16/10/2009 16:56:37 screen setup finished.
16/10/2009 16:56:37 

The SSL VNC desktop is:  jings.inf.ed.ac.uk:10
PORT=5910
SSLPORT=5910

Note I've explicitly told it to listen on port 5910, if you miss out the -rbfport 5910 argument it will automatically pick a free port from 5900 upwards. I'm choosing 5910 to make documenting the next bit easier.

Connecting to the VNC Server

If you followed the above instructions, then you have a VNC server sitting listening on port 5910 for a (secure) SSL connection. To make use of this you need some way of connecting to port 5910 on your desktop machine from where ever you are, and talking VNC over the SSL connection. To do this the basics are to setup an 'ssh tunnel' through one of our ssh.inf.ed.ac.uk machines to your desktop port 5910. Then use a VNC viewer to connect to your end of that tunnel. In this example we'll assume the desktop is called jings.inf.ed.ac.uk.

There are various ways to create that ssh tunnel, but for this example I'll talk about using [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html][PuTTY for Windows]].

On the PuTTY configuration screen, on the left hand Categories section drill down to Connection -> SSH -> Tunnels. On the right hand side fill in Source Port: 5910 and =Destination: jings.inf.ed.ac.uk:5910=, leave the other options and click Add.

Go back to the left hand Categories and select Session. Fill in Hostname: ssh.inf.ed.ac.uk, Port: 22 and Connection type: ssh.

To save going through this again you'll probably want to fill in some name for the Saved Sessions eg 'ssh.inf VNC display:10' and click Save.

Now click Open and log into ssh.inf.ed.ac.uk.

What this has done is setup port 5910 on your Windows machine (localhost) to be equivalent to port 5910 on jings. So what we need now is a VNC viewer that talks SSL. For this on Windows you can use ssvnc. When you run it, enter localhost:10 for the "VNC Host:Display" and tick the Use SSL option, but untick the Verify All Certs option (otherwise it will complain about the self-signed certificate that x11vnc uses by default). Then click Connect, a window should appear asking you for a password, this will be the password you gave when setting up the server.

Once you've successfully connected, you should find your DICE desktop contained within a Window on your Windows PC.

-- NeilBrown - 16 Oct 2009

Edit | Attach | Print version | History: r5 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 16 Oct 2009 - 16:32:15 - NeilBrown
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies