Using VNC to remotely connect to your DICE machine from outside Informatics

VNC = Virtual Network Computer/Computing

VNC is a way to let you remotely connect to a desktop on a remote machine. Essentially it is simple, you start a VNC server on one machine, and then you view that desktop on another machine via a VNC viewer, but it gets more complicated when you take security and firewalls into count.

DICE has two VNC servers installed, 'x11vnc' which will allow you to see your actual DICE desktop and supports SSL natively, and 'vncserver' which creates a new Desktop (of a size that you can choose) but does not support SSL natively.

For now we will talk about using the 'x11vnc' server, as it is probably the most straight forward.

Setting up the x11vnc server

The first thing you should do is setup a password which you will use to authorise the connection to the VNC server. Note this password isn't stored as securely as it could be, so don't use your DICE password, or any other valuable one. So on any DICE machine run the commands:

jings> x11vnc --storepasswd
Enter VNC password:
Verify password:
Write password to /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd?  [y]/n y
Password written to: /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd

You only need to do this once, or anytime you want to change the VNC server password.

Now that you've set a password, to start the server you would run the following command on your DICE desktop machine. Assuming that you are working remotely, then you'll have to ssh into it from one of the ssh.inf.ed.ac.uk machines (this is covered in the next section). The command is (A):

jings> x11vnc -ssl -usepw -rfbport 5910

You'll see various messages going past, the last of which should be along the lines of:

16/10/2009 16:56:37 Listening for VNC connections on TCP port 5910
16/10/2009 16:56:37 openssl_port: listen on port/sock 5910/9

The SSL VNC desktop is:  jings.inf.ed.ac.uk:10
16/10/2009 16:56:37 fb read rate: 42 MB/sec
16/10/2009 16:56:37 screen setup finished.
16/10/2009 16:56:37 

The SSL VNC desktop is:  jings.inf.ed.ac.uk:10
PORT=5910
SSLPORT=5910

Note I've explicitly told it to listen on port 5910, if you miss out the -rbfport 5910 argument it will automatically pick a free port from 5900 upwards. I'm choosing 5910 to make documenting the next bit easier.

Connecting to the VNC Server

If you followed the above instructions, then you have a VNC server sitting listening on port 5910 for a (secure) SSL connection. To make use of this you need some way of connecting to port 5910 on your DICE desktop machine from wherever you are, and talking VNC over this SSL connection. To do this the basics are to setup an 'ssh tunnel' through one of our ssh.inf.ed.ac.uk machines to your desktop port 5910. Then use a VNC viewer to connect to your end of that tunnel. In this example we'll assume the desktop is called jings.inf.ed.ac.uk.

There are various ways to create that ssh tunnel, but for this example I'll talk about using [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html][PuTTY for Windows]].

On the PuTTY configuration screen, on the left hand Categories section drill down to Connection -> SSH -> Tunnels. On the right hand side fill in Source Port: 5910 and =Destination: jings.inf.ed.ac.uk:5910=, leave the other options and click Add.

Go back to the left hand Categories and select Session. Fill in Hostname: ssh.inf.ed.ac.uk, Port: 22 and Connection type: ssh.

To save going through this again you'll probably want to fill in some name for the Saved Sessions eg 'ssh.inf VNC display:10' and click Save.

Now click Open and log into ssh.inf.ed.ac.uk.

What this has done is setup port 5910 on your Windows machine (localhost) to be equivalent to port 5910 on jings.

At this point, I'd ssh into jings from ssh.inf and run the command A above.

So what we need now is a VNC viewer that talks SSL. For this on Windows you can use ssvnc. When you run it, enter localhost:10 for the "VNC Host:Display" and tick the Use SSL option, but untick the Verify All Certs option (otherwise it will complain about the self-signed certificate that x11vnc uses by default). Then click Connect, a window should appear asking you for a password, this will be the password you gave when setting up the server.

Once you've successfully connected, you should find your DICE desktop contained within a Window on your Windows PC. Depending on the relative sizes of your DICE desktop screen and your remote screen, you will find that you have to scroll around to see all the DICE desktop, or use the scaling options to reduce the size. If your screen sizes match, you may want to try the "Full screen" mode. Though pay attention to the keystrokes required to return you back to Windowed mode.

-- NeilBrown - 16 Oct 2009

Edit | Attach | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 09 Mar 2010 - 12:58:33 - NeilBrown
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies