Secure Screen Sharing with Linux Ubuntu 18.04 LTS

-
To share screen from Ubuntu Workstation securely, we need to configure the pre-installed VNC server Vino and then we also need to install ssh server if we have not already done so. 

Server side configuration are as follows:
  1. Configure Vino server
  2. Install and configure ssh server 

We have 2 methods of launching VNC client. They are as follows:

Method 1
  1. Established ssh connection over VNC port
  2. Launch VNC client over ssh tunnel

Method 2
  1. Using a VNC client that can perform both at the same time.


Server Side Configuration

Configure Vino Server

Install and Configure SSH Server

Please refer to this post
Install and Configure SSH Server on Linux


Client Side Connection

Method 1A: Launching VNC from Linux/Mac OS X

Established SSH Tunnel from Client
At this point we assume that we have installed and tested the ssh server. To established secure ssh tunnel over VNC port, we must have the ip address of the VNC server and the port number it is using.

We can use the following command to established connection:

ssh -f -L 5999:localhost:5900 ipAddress -l username sleep 60

We have obtain the above command from the man page. The details are as follows:
  • -f is to ask the ssh to fork a separate process. This way the terminal will be free up. We can use ps -A | grep ssh to see if the process is still alive.
  • -L 5999:localhost:5900 This is the most important option. It tell ssh to use port 5999 as the local port for our local host and the ssh is to forward the data from local port to port 5900 at the remote host. Local port 5999 can be any unused port number. 5900 is the port used by the VNC server. If your VNC server uses different port, please change accordingly.
  • ipAddress is the ip of the VNC server
  • -l username is for us to login with username 
  • sleep 60 tell ssh to keep alive the connection for 60 seconds if there is no network activity. This way we  do not need to kill the process when we are done.
We also have tested the following command:

ssh -L 5999:localhost:5900 -N -f -l username ipAddress

We have obtained this command via web search. It is pretty much the same. The option -N ask ssh not to execute a remote command as the connection is for port forwarding only. Therefore sleep command cannot be used with -N. The ssh connection will be there until we kill it.

We would recommend to use the first command, unless you prefer to establish a permanent connection.


Launch VNC Client
To use VNC client over ssh, we need to use localhost and the local port number established earlier. Simply, we can use the following command:

vnc://localhost:5999

Whatever VNC client we use, we must configure such that the VNC server will be localhost or 127.0.0.1. The port number will be 5999 or whichever local port number you have configured using ssh.

Method 1B: Launching VNC from Windows

We need to download and install Putty. Putty is a remote connection tool. The setting is similar, if in doubt please research the web for information. Then you need to launch your VNC client using localhost and local port number you have configured in Putty.


Method 2: Launching VNC with SSH from VNC Client

We can perform both function using certain VNC client. Currently we only can confirm that the app Remmina can support this function. Remmina is only available in Linux platform. Open the app and create a new connection.


Enter the name of connection, server with port number, username and password. Then click on the third tab named SSH:


Over here we can configure the SSH settings.

Once the settings is done, we can click save and connect to established VNC connection. If you are on Linux platform, we would recommend Remmina.




***








Comments

Post a Comment

Popular posts from this blog

Revive Old Mac Mini (2009) with Linux

-
Image
We have an old Mac Mini (late 2009 version) lying around. The latest Mac OS X it could support was Mac OS X El Capitan. The machine is still good although the DVD drive does not worked anymore.  Apple will drop security update for El Capitan very soon. Running OS X El Capitan without any security update is not an option.  Instead of disposing a good piece of hardware, we can install Linux. However, before we start playing around with the Linux installation, we need to take stock of the hardware capability. We might need to upgrade some hardware so that we can run Linux smoothly. Mac Mini 2009 Specification This Mac has Core 2 Duo CPU (P8700) running at 2.53GHz. It support PC3-8500 DDR3 RAM running at 1066MHz. This Mac Mini has a Nvidia Geforce 9400M video card. It support 2 display output. Wifi specification is 802.11a/b/g/n. This is pretty high end at the time.  However, this WiFi uses Broadcom chipset (BCM4321), which is not very well supported in Linux since it
Read more

Configure Unattended Upgrades on Raspberry Pi

-
If we were to run Raspberry Pi headless (without attached monitor), it would be nice if we can perform unattended system upgrades. In Debain/Ubuntu class of software, we can perform unattended upgrades using the software package unattended-upgrades.  To install the software, use the command below:  sudo apt-get install unattended-upgrades # Following are additional software required # we only need mailutils or bsd-mailx, choose 1 sudo apt-get install mailutils sudo apt-get install bsd-mailx sudo apt-get install update-notifier-common Next, we need to edit the configuration files: sudo nano /etc/apt/apt.conf.d/50unattended-upgrades The configuration should be similar as below: Unattended-Upgrade::Origins-Pattern { // Codename based matching: // This will follow the migration of a release through different // archives (e.g. from testing to stable and later oldstable). // "o=Debian,n=jessie"; // "o=Debian,n=jessie-update
Read more

Install and Configure RealVNC in Linux Ubuntu 18.04 LTS

-
Image
RealVNC is a commercial company that sell VNC license for the enterprise market. However, the company allow home user to setup VNC server for personal use. The limitation is that you are only allow 5 connection. User must register an ID with the company. The configuration of your VNC will be stored on the company's server. Since RealVNC is professionally produce, it is much better compare to the open source product in Linux. The main advantage is easy configuration although there are steps to install and start the server especially on Linux platform. We do not need to worry about ip address and port number. What the server and client required is our RealVNC ID which we have created. Unlike the default Vino server that comes with Ubuntu, RealVNC will start without user login. The system is created with security in mind. Encryption is done transparently without any intervention from user. We will be showing a simple guide on how to install and Configure RealVNC Connect (serv
Read more