This is my complete step by step howto.
For your solution to your question look at step D
Hope it helps you.
Index
A: Tight vnc for windows setup
B: Tight vnc for Linux setup
C: ssh for Linux setup
D: ssh for Windows setup
E: Tunneling vnc through ssh
F: To tunnel vnc through ssh from windows to a linux server
G: Passwordless connections using ssh -agent and keychains
H: ssh-keygen to use passphrase logins
A: Tight vnc for Windows 2000 setup
Steps:
1. Router setup and use virtual server, or port forwarding
forward one computer ip on the local area network to port 22
ssh will connect to this port 22 and from then on vnc well be
able to connect to other computers on the LAN.
5901 and 5801
computer A ip to 5901 both private/public and port 22 both pri/pub
computer B ip to 5902 both pri/pub
computer C ip to 5903 ..... and so on.
remember you can't forward one single port to several ips.
After 5999 the VNC program will look at the 5999 as just a port.
VNC uses port 5900...5999
Web browsers use port 5800...5899
As xxx.xxx.xxx.xxx:5800 where xxx's is the server wan ip.
must use xxx.xxx.xxx.xxx:0 0 for 5900
xxx.xxx.xxx.xxx:1 1 for 5901
xxx.xxx.xxx.xxx:2 2 for
59022. Install Tightvnc from www.Tightvnc.com
execute vncserver on windows computers you wish to connect to.
double click on V icon in right of taskbar
select properties
select ports in display or port numbers to use
use ports 5901 through 5999 and 5801 through 5899 from step 1
computer A ports 5901 5801
computer B ports 5902 5802
computer C ports 5903 5803 ..... and so on.
Enter Password for client to login with
right click the vncserver icon and select advance.
Check the loop back enabled box.
You now have a Vnc Server running.
3. Install Tightvnc on the other computer (Client)
Execute vncviewer in the start menu.
enter router wanip of the server computer with :x
which is the xdisplay number
Example: Server computer wanip 65.34.2.212
computer A 65.34.2.212:1
computer B 65.34.2.212:2
computer C 65.34.2.212:3
The router ip pointed to 5901 connects to the vncviewer setup port
which is 5901. The last digit is :1 for display 1
The router ip pointed to 5902 connects to the vncviewer setup port
which is 5902. The last digit is :2 for display 2 ..... and so on.
To find your wanip logon to www.whatismyip.com
For local use, use the server computer ip.
To find your ip, In konsole type ifconfig
In windows ipconfig or winipcfg
Example: 192.144.3.133:1
Enter password from step 2
You now should be controlling a computer remotely.
B: Tight vnc for Linux Suse setup
Steps:
1. Install Tightvnc-viewer for linux
2. Execute vncviewer in konsole
3. type in the windows server ip with the :1
type in the password.
or for internet logon, use the router wanip with :1
Test it by taking control of the windows box.
4. Install Tightvnc-server for linux
Execute "vncpasswd" and set a new password for clients
Execute "vncserver :1"
The :1 is for xdisplay 1
You now have a vnc server in windows and linux
Execute "vncserver -kill :1" to remove the server
C: ssh a secure shell, install openssh in linux. I use suse linux.
Steps:
1. In suse goto yast2, system, runlevel editor, runlevel properties.
2. Make sure sshd is running.
3. Now test the ssh.
Format to login ssh useraccount@wanip number
Example: ssh useraccount@64.322.121.276
the config file is in /etc/ssh/sshd_config
remove the # from the compression yes line to speed up file
transfers.
D: ssh For windows, install cygwin with openssh for windows and
follow there installation instructions. www.cygwin.com
They are free programs for windows.
Do the following to change persmissions in linux
Type it exactly, especially the space and period after the "og-w", it's
important.
cd /
chmod -R og-w . yes that is a space followed by a dot
chmod og+w /tmp
touch /var/log/sshd.log
chown system:system /var/log/sshd.log /var/empty /etc/ssh_h*
chmod 755 /var/empty
If you use a router you must forward the server's ip to port 22.
ssh uses port 22. Use one computer in local area network.
ip private 192.168.2.x both private and public port 22 and /TCP
This is the computer you will loginto from the internet.
This you don't need to do if you are only useing ssh locally.
After installing cygwin make group and password according to the
documentation to be able to login with ssh.
Goto c:\cygwin
you should see \etc, \home, \bin and some other folders
this is a basic linux file system.
When users login to the cygwin bash shell there accounts are created
so in windows make your user accounts
Each windows user needs to run the cygwin bash shell icon
on the desktop.
So log off and on to each user and run the cygwin bashshell.
You should see the account being created.
The easiest way is to create the directories yourself and use chown to
change ownership to their username.
example for a user named jack:
$ cd /home
$ mkdir jack
$ chown jack:None jack/
After making user accounts and running cywin icon on the desktop
With nt, 2000,and xp you will need to execute these as is on each
ssh computer.
Setting up the groups file for local accounts
$ mkdir /etc do this to make sure /etc is there
$ mkgroup -l > /etc/group
Setting up the passwd file for local accounts
$ mkpasswd -l > /etc/passwd
These commands will take windows user information and store them in
a group and passwd file in the c:\cygwin\etc folder.
Do not change the word c:\cygwin\etc\group and c:\cygwin\etc\passwd.
You might think that passwd must be changed to a choosen password.
You must executed these two commands when you add or change user
accounts. Now test the ssh.
Format to login with ssh useraccount@wanip number
E: Now it is time to tunnel vnc through ssh.
Steps
1. In a terminal window on my own desktop,
I entered vncviewer -via xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx:1
where the xxx's represent server IP address in both instances.
The -via option directs tightVNC to use ssh for a secure tunnel
through which to operate.
At this time I can only login if the server and client computes have
the same useraccount name and password.
Use this login password for the first password prompt.
Then use the vncserver password for the second password prompt.
You should be controlling the server computer at this time.
See man page for -via switch. Type in konsole "man vncviewer"
Now you can vnc through an ssh tunnel
which gives you some security.
2. If you change or add any useraccounts or a computer ip in windows,
you must execute the mkgroup and mkpasswd again to update the files
located in c:\cgwin\etc\group and c:\cygwin\etc\group
Also in my suse linux when i had executed ssh I got a warning
of intrusion.
I had to delete /home/myuseraccount/.ssh/known_hosts file
This is the file that has the key for security. If anything
in the host system changes this key will alert me.
Just delete it if you know that you are aware of changes to
your system. Remember that .ssh is a hidden folder.
In konqueror click on view and show hidden files.
F: To tunnel vnc through ssh from windows to a linux server
To get XFree86 running under Cygwin (I am pulling this from memory):
Steps:
1. Install Cygwin and making sure to install the X packages.
2. Start XFree86 from the Cygwin BASH prompt.
3. Start your SSH client from within the terminal window in XFree86.
4. Run your forwarding command or vncviewer.
G: Passwordless connections using ssh -agent and keychains
see Introducing ssh-agent and keychain
http://www-106.ibm.com/developerworks/linux/library/l-keyc2/
This is a keychain for automatic ssh -agent
#!/bin/bash
#example ~/.bash_profile file
/usr/bin/keychain ~/.ssh/id_rsa
#redirect ~/.ssh-agent output to /dev/null to zap the annoying
#"Agent PID" message
source ~/.ssh-agent > /dev/null
H. ssh-keygen
study man ssh-keygen
ssh-keygen -b 1024 -t rsa1 -f myfirstkeyfile
enter passphrase
copy contents into file called authorized_keys
copy authorized_keys to the remote host
c:\cygwin\home\useraccount\.ssh folder
copy contents to identity file
copy identity file to your home/.ssh folder
In windows c:\cygwin\home\useraccount\.ssh folder
ssh keys
An introduction to doing it all with the secure shell.
http://www.linuxjournal.com/article.php?sid=6909
http://www-106.ibm.com/developerworks/linux/library/l-keyc.html
http://www-106.ibm.com/developerworks/linux/library/l-keyc2/
http://www.linuxjournal.com/article.php?sid=4412
The End.
On Tue, 2003-11-11 at 06:01, Max Dyckhoff wrote:
> I've been trying to find the solution to this problem in many places, but
> regrettably I have been unable to find one that is completely descriptive
> - I am primarily a Linux/Mac OS X user and so Windows networking is
> somewhat confusing to me.
>
> Here's the problem (which has apparently been "beaten to death" on this
> list, but as I said, I fail to find any comprehensive answers):
>
> I have a Linux machine with Samba sharing my home directory. I have a
> Windows machine running Cygwin and Windows 2000. I have set up the sshd
> service as described on the page: http://tech.erdelynet.com/cygwin-sshd.html
>
> When I ssh from my Linux machine into the Windows machine, everything
> boots up fine, but I can't access my Samba share, which should be mounted
> in G: drive. If I open up a cygwin session on Windows it shows the drive
> mounted.
>
> The answers I have found involve running the sshd service as a different
> user, and using "password authentication" to login via SSH. I understand
> both of these, but am not sure how to implement either. When I SSH in it
> asks me my password (I don't use key sharing), and when I try to change
> the user for the service I am unable to select one that works.
>
> Help me!
>
> Max
>
>
> --
> List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Go to http://tech.erdelynet.com/mailman/options/ssh-l#subscribers
> and enter your email address at the bottom.
> If you don't know your password, have it emailed to you. Then unsubscribe.
>
-- List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/ List Archives: http://erdelynet.com/archive/ssh-l/ To Unsubscribe: Go to http://tech.erdelynet.com/mailman/options/ssh-l#subscribers and enter your email address at the bottom. If you don't know your password, have it emailed to you. Then unsubscribe.Received on Tue Nov 11 12:25:38 2003
This archive was generated by hypermail 2.1.8 : Fri Jul 29 2005 - 17:34:01 EDT