
Journal eno2001's Journal: Stupid SSH Tricks Followup 2
Here it is kids. My new setup to tunnel VNC over OpenSSH using Bash+OpenSSH+VNC4 on RedHat 9 and/or Fedora Core 3:
Client Prerequisites:
-Properly configured VNC 4 installation
-OpenSSH with authorization keys for passwordless login to server
-A '.vnc_configs' file in the user's home directory (format explained below)
which contains "profiles" for each vnc connection you plan to use.
Sample '.vnc_configs' profile:
# The '.vnc_configs' file contains profiles for each VNC server connection
# a user may want to make. The format of the profiles is as follows:
# ProfileName, ssh_user@client_host, ssh_user@server_host, vncserver:port
# Some examples follow:
# A simple connection from work to home
home,pete@lab01,pete@home_appserver,home_appserver:5
# A connection to work using an internet domain. The ssh server (lab01) is
# just tunneling the VNC server which is actually on lab05.
work,pete@my_vaio,pete@lab01.firelabs-infinite.com,lab05:1
# A connection to the folk's Linux box with VNC extension enabled for
# their local X server for remote assistance
parents,pete@my_vaio,pete@192.168.1.5,192.168.1.5:0
------------------------------------------------------------------
Server Prerequisites:
-Properly configured VNC 4 installation
-Modified gdm configuration that uses Xvnc as its X server
-OpenSSH with authorization keys for passwordless login to client
------------------------------------------------------------------
Client usage:
1. You can put the 'vncconnect' script anywhere in your PATH. I prefer
2. In your favorite window manager, create some kind of link to run
the vncconnect script. I use GNOME, so I created a launcher, assigned
it an appropriate icon for the connection (movie characters that I name
my servers for) and set the following command line based on the sample
config above:
vncconnect work
That's it for the client end. You can set up a different icon or twm
link or whatever GUI you prefer. Or if you're really nuts, you can
just launch it manually at a prompt by just typing the above command
referencing your own config profiles.
------------------------------------------------------------------
Server end usage:
1. Again, put the 'vncdisconnect' script anywhere in your PATH. I
put mine in
2. For each session you are connecting to, create a link to vncdisconnect.
In GNOME, I put it on my panel at the far upper left corner. That's it.
The script should be able to find the appropriate files in
disconnect and lock the session you are connected to.
------------------------------------------------------------------
Basic Premise Behind All This:
Client Host Server Host
1. Start SSH Tunnel ---> Accept SSH Connection for Tunnel
Create a tunnel specifically
for this VNC connection.
Accept auth key for the tunnel
user and open tunnel.
2. Start VNC Viewer using Tunnel ---> Accept VNC Viewer Connection
3. Send Tunnel and VNC PIDS to Server --->
remote ssh username to
to connect in reverse
on exit and kill the
vncviewer on the client
This "send" is done using
ssh to cat the pids and
the local ssh username int
files in
4. Kill VNC and Tunnel in response *--- Connected client disconnect
Using the PIDs in
a remote kill using ssh to
to the client host in order
to disconnect the vncviewer
and take down the tunnel
thereby ending the session.
5. Lock VNC Server Session
After the disconnection is
complete, run the
'xscreensaver-command -lock'
command on the server host
to lock the Xvnc server that
the client was connected to
-----------------------------------------------------------------------
The scripts follow:
vncconnect:
#!/bin/bash
PATH=$PATH:/usr/local/vnc4
# A simple function to check that at least two args are passed in. If not,
# Then print the usage message.
function check_usage()
{
if test "$1" = ""
then
echo "Usage: vncconnect "
echo
echo "EXAMPLE: vncconnect borkbox"
exit 1
fi
}
# Set all the needed variables
function set_vars()
{
MY_LOCAL_USERNAME=`echo $1 | cut -d@ -f1`
MY_LOCAL_HOSTNAME=`echo $1 | cut -d@ -f2`
MY_REMOTE_USERNAME=`echo $2 | cut -d@ -f1`
MY_REMOTE_HOSTNAME=`echo $2 | cut -d@ -f2`
VNCSERVER_HOSTNAME=`echo $3 | cut -d: -f1`
VNC_PORT=`echo $3 | cut -d: -f2`
VNC_FORWARD_PORT=590$VNC_PORT
}
while read config
do
config_name=`echo $config | cut -d\, -f1`
if test "$1" = "$config_name"
then
a=`echo $config | cut -d\, -f2`
b=`echo $config | cut -d\, -f3`
c=`echo $config | cut -d\, -f4`
set_vars $a $b $c
fi
done
echo $VNCVIEWER_PID | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - >>
echo $MY_LOCAL_USERNAME@$MY_LOCAL_HOSTNAME | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - >
#end
-----------------------------------------------------------------------------
vncdisconnect:
#!/bin/bash
# Set the needed variables
VNC_PORT=`echo $DISPLAY | cut -d. -f1`
PID_FILE="current-user-$VNC_PORT"
REMOTE_SSH=`cat
# Read through the PID_FILE and use ssh to remotely kill the vncviewer and
# vnc tunnel
while read CURRENT_USER_PID
do
ssh $REMOTE_SSH "kill -9 $CURRENT_USER_PID"
done
# Lock the desktop session on the server after disconnect
xscreensaver-command -lock
# Clean up
rm -f
#end
-------------------------------------------------------------------------
Sample
# Profile Name, Local SSH User, Remote SSH User, VNC Server:port
parents,pete@my_vaio,pete@mom_n_dad,mom_n_dad:0
work,pete@my_vaio,pete@lab01.fireburning-infinite.com,lab05:1
apps,pete@my_vaio,pete@app_server,app_server:2
wife,pete@my_vaio,pete@app_server,app_server:3
app_console,pete@my_vaio,pete@app_server,app_server:0
-------------------------------------------------------------------------
I'm sure there's lots that's a little dodgy in here, but it works for me. Remember, it's essential that you have authorization keys for ssh set up, otherwise you will get prompted for an ssh password. Unless you don't mind that. The other thing that's esential is setting up your "app server" so that you modify your
UPDATE: Go to the following location for information on configuring GDM to use Xvnc as it's X server:
http://slashdot.org/~Trolling4Dollars/journal/82527
Taco's an ass. There shouldn't be a space between the 2 and the 7 above. I didn't bother to do this in HTML because it would have been too much work. Bleh.
Please Note (Score:2)
Can't wait (Score:2)