SSH and VNC

VNC

VNC is a graphically based remote control program that allows you to control the desktop on a remote computer (the server) from a local computer (the viewer). This is very handy if you want to stick your server in a closet or if you want to be able to access it from the road.

In openSUSE 10.3, open Yast and under Network Devices select Remote Administration (VNC). simply enable it. Modify the sofware firewall to open port 22 if you are using the firewall.

Debian comes all ready to be a VNC server. All you have to do is choose:
Desktop|Preference|Remote Desktop
Then on the configuration page put a check next to:

Allow other users to view your desktop
Allow other users to control your desktop

If you want some security, check

Require the user to enter this password

and enter a password.
VNC is not a secure protocol, so unless you are using SSH tunneling to create a secure connection, your VNC connection is open to anyone on your network. Listen to Linux Reality episode 37 and Linux Reality episode 51 for more information.

SSH

SSH is also a remote control program but it only gives you a command prompt. The advantage to SSH is that is is secure and can be used to make VNC secure.

To set up openSUSE 10.3 as an SSH server, install the OpenSSH package using Yast. Then in the Yast Control Center under System click on System Services (Runlevel) and make sure that sshd has a yes in the enabled column.

To set up Debian as an SSH server, install the package OpenSSH in Synaptic or from the command line type:
#apt-get install ssh openssh-server

In the configuration file you may want to change the port that ssh server listens on. A lot of people will scan for the default ssh port as a way to try and hack into your computer. The default port is 22, but if you are going to open the port on your router, you should make it something different. If you don't open a port on your router, don't worry about it.

To connect to the server (192.168.1.10) from a client linux machine just type
$ssh 192.168.1.10
it will prompt you for username and password

To connect from a windows machine you will need to install an SSH client such as PuTTy.
Open PuTTy and create a saved session with the following

Hostname=192.168.1.10
Port=22 (SSH default) If you changed the SSH port on the server, enter that port instead.
Connection Type=SSH
Connection>Data=your username on the server (if you leave this blank it will ask for your username each time)

type a name for the session and click "Save"

Open the session you just created and log into your server.

VNC over SSH tunnel using TightVNC and Putty
VNC is not a secure connection but SSH is. This will create a secure tunnel using SSH and through that tunnel you can connect with VNC.

Save an SSH session with the following

Hostname=192.168.1.10
Port=22 (SSH default) If you changed the SSH port on the server, enter that port instead.
Connection Type=SSH
Connection>Data=your username on the server
Connection>SSH>tunnels => source port = 5900; destination = 192.168.1.10:5901
session name = vnctunnel

This example is for connecting with the client and server on the same LAN. If you are connecting from a remote location you will need to enter the IP address of your gateway (the WAN side of your router) and you will need to set port forwarding to forward port 22 to your server.

The tunnel will forward port 5900 from the client windows computer (running PuTTy and TightVNC) to port 5901 on the server.

Save the session and connect via SSH.

Open TightVNC viewer on the Windows machine and enter "localhost" for the VNC server.