Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
User Journal

Journal eno2001's Journal: Stupid SSH Tricks Followup 2

Here it is kids. My new setup to tunnel VNC over OpenSSH using Bash+OpenSSH+VNC4 on RedHat 9 and/or Fedora Core 3:

Client Prerequisites:

-Properly configured VNC 4 installation
-OpenSSH with authorization keys for passwordless login to server
-A '.vnc_configs' file in the user's home directory (format explained below)
which contains "profiles" for each vnc connection you plan to use.

Sample '.vnc_configs' profile:

# The '.vnc_configs' file contains profiles for each VNC server connection
# a user may want to make. The format of the profiles is as follows:
# ProfileName, ssh_user@client_host, ssh_user@server_host, vncserver:port
# Some examples follow:

# A simple connection from work to home
home,pete@lab01,pete@home_appserver,home_appserver:5

# A connection to work using an internet domain. The ssh server (lab01) is
# just tunneling the VNC server which is actually on lab05.
work,pete@my_vaio,pete@lab01.firelabs-infinite.com,lab05:1

# A connection to the folk's Linux box with VNC extension enabled for
# their local X server for remote assistance
parents,pete@my_vaio,pete@192.168.1.5,192.168.1.5:0

------------------------------------------------------------------
Server Prerequisites:

-Properly configured VNC 4 installation
-Modified gdm configuration that uses Xvnc as its X server
-OpenSSH with authorization keys for passwordless login to client

------------------------------------------------------------------
Client usage:

1. You can put the 'vncconnect' script anywhere in your PATH. I prefer /usr/local/bin.

2. In your favorite window manager, create some kind of link to run
the vncconnect script. I use GNOME, so I created a launcher, assigned
it an appropriate icon for the connection (movie characters that I name
my servers for) and set the following command line based on the sample
config above:

    vncconnect work

That's it for the client end. You can set up a different icon or twm
link or whatever GUI you prefer. Or if you're really nuts, you can
just launch it manually at a prompt by just typing the above command
referencing your own config profiles.

------------------------------------------------------------------
Server end usage:

1. Again, put the 'vncdisconnect' script anywhere in your PATH. I
put mine in /usr/local/bin.

2. For each session you are connecting to, create a link to vncdisconnect.
In GNOME, I put it on my panel at the far upper left corner. That's it.
The script should be able to find the appropriate files in /tmp and
disconnect and lock the session you are connected to.

------------------------------------------------------------------
Basic Premise Behind All This:

Client Host Server Host
1. Start SSH Tunnel ---> Accept SSH Connection for Tunnel

                Create a tunnel specifically
                for this VNC connection.

                                                                              Accept auth key for the tunnel
                                                                              user and open tunnel.

2. Start VNC Viewer using Tunnel ---> Accept VNC Viewer Connection

3. Send Tunnel and VNC PIDS to Server ---> /tmp contains PIDs and
                                                                              remote ssh username to
                                                                              to connect in reverse
                                                                              on exit and kill the
                                                                              vncviewer on the client

                This "send" is done using
                ssh to cat the pids and
                the local ssh username int
                files in /tmp on the server

4. Kill VNC and Tunnel in response *--- Connected client disconnect

                                                                              Using the PIDs in /tmp, run
                                                                              a remote kill using ssh to
                                                                              to the client host in order
                                                                              to disconnect the vncviewer
                                                                              and take down the tunnel
                                                                              thereby ending the session.

5. Lock VNC Server Session

                                                                            After the disconnection is
                                                                            complete, run the
                                                                              'xscreensaver-command -lock'
                                                                              command on the server host
                                                                              to lock the Xvnc server that
                                                                              the client was connected to

-----------------------------------------------------------------------
The scripts follow:

vncconnect:

#!/bin/bash

PATH=$PATH:/usr/local/vnc4

# A simple function to check that at least two args are passed in. If not,
# Then print the usage message.
function check_usage()
{
if test "$1" = ""
then
    echo "Usage: vncconnect "
    echo
    echo "EXAMPLE: vncconnect borkbox"
    exit 1
fi
}

# Set all the needed variables
function set_vars()
{
MY_LOCAL_USERNAME=`echo $1 | cut -d@ -f1`
MY_LOCAL_HOSTNAME=`echo $1 | cut -d@ -f2`
MY_REMOTE_USERNAME=`echo $2 | cut -d@ -f1`
MY_REMOTE_HOSTNAME=`echo $2 | cut -d@ -f2`
VNCSERVER_HOSTNAME=`echo $3 | cut -d: -f1`
VNC_PORT=`echo $3 | cut -d: -f2`
VNC_FORWARD_PORT=590$VNC_PORT
}

while read config
do
    config_name=`echo $config | cut -d\, -f1`
    if test "$1" = "$config_name"
    then
        a=`echo $config | cut -d\, -f2`
        b=`echo $config | cut -d\, -f3`
        c=`echo $config | cut -d\, -f4`

        set_vars $a $b $c
    fi
done /tmp/current-user-:$VNC_PORT"
echo $VNCVIEWER_PID | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - >> /tmp/current-user-:$VNC_PORT"
echo $MY_LOCAL_USERNAME@$MY_LOCAL_HOSTNAME | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - > /tmp/remote-user-:$VNC_PORT"

#end

-----------------------------------------------------------------------------
vncdisconnect:

#!/bin/bash

# Set the needed variables
VNC_PORT=`echo $DISPLAY | cut -d. -f1`
PID_FILE="current-user-$VNC_PORT"
REMOTE_SSH=`cat /tmp/remote-user-$VNC_PORT`

# Read through the PID_FILE and use ssh to remotely kill the vncviewer and
# vnc tunnel
while read CURRENT_USER_PID
do
    ssh $REMOTE_SSH "kill -9 $CURRENT_USER_PID"
done /tmp/$PID_FILE

# Lock the desktop session on the server after disconnect
xscreensaver-command -lock

# Clean up /tmp files
rm -f /tmp/$PID_FILE /tmp/remote-user-$VNC_PORT

#end

-------------------------------------------------------------------------
Sample .vnc_configs file:

# Profile Name, Local SSH User, Remote SSH User, VNC Server:port
parents,pete@my_vaio,pete@mom_n_dad,mom_n_dad:0
work,pete@my_vaio,pete@lab01.fireburning-infinite.com,lab05:1
apps,pete@my_vaio,pete@app_server,app_server:2
wife,pete@my_vaio,pete@app_server,app_server:3
app_console,pete@my_vaio,pete@app_server,app_server:0

-------------------------------------------------------------------------

I'm sure there's lots that's a little dodgy in here, but it works for me. Remember, it's essential that you have authorization keys for ssh set up, otherwise you will get prompted for an ssh password. Unless you don't mind that. The other thing that's esential is setting up your "app server" so that you modify your /etc/X11/gdm/gdm.conf file to use Xvnc for each display you want running. I'll dig around in my JEs, but I think I explained both of these things in the past. Have fun. Let me know what you think. Right now this should work pretty much any Unix-to-Unix set up. I don't know how this can be done with CMD on Windows. If anyone wants to pursue that and wants a little assistance from me on the logic, let me know.

UPDATE: Go to the following location for information on configuring GDM to use Xvnc as it's X server:

http://slashdot.org/~Trolling4Dollars/journal/82527

Taco's an ass. There shouldn't be a space between the 2 and the 7 above. I didn't bother to do this in HTML because it would have been too much work. Bleh.

This discussion has been archived. No new comments can be posted.

Stupid SSH Tricks Followup

Comments Filter:
  • Taco's Perl may have mangled my scripts above. If they don't run, look for odd spaces inserted at random. Feel free to ask a question if you are inclined. I'll answer what I can. Also note that I couldn't use the less than sign to make an arrow pointing from the server to the client in my above explanation and instead used an asterisk.
  • I can't wait to try this out, I just haven't had time to fiddle with VNC yet. But once I do I will let you know :-)

The last thing one knows in constructing a work is what to put first. -- Blaise Pascal

Working...