Journal eno2001's Journal: Stupid SSH Tricks Followup 2

Journal by eno2001 on Wednesday February 02, 2005 @06:56PM

Here it is kids. My new setup to tunnel VNC over OpenSSH using Bash+OpenSSH+VNC4 on RedHat 9 and/or Fedora Core 3:

Client Prerequisites:

-Properly configured VNC 4 installation
-OpenSSH with authorization keys for passwordless login to server
-A '.vnc_configs' file in the user's home directory (format explained below)
which contains "profiles" for each vnc connection you plan to use.

Sample '.vnc_configs' profile:

# The '.vnc_configs' file contains profiles for each VNC server connection
# a user may want to make. The format of the profiles is as follows:
# ProfileName, ssh_user@client_host, ssh_user@server_host, vncserver:port
# Some examples follow:

# A simple connection from work to home
home,pete@lab01,pete@home_appserver,home_appserver:5

# A connection to work using an internet domain. The ssh server (lab01) is
# just tunneling the VNC server which is actually on lab05.
work,pete@my_vaio,pete@lab01.firelabs-infinite.com,lab05:1

# A connection to the folk's Linux box with VNC extension enabled for
# their local X server for remote assistance
parents,pete@my_vaio,pete@192.168.1.5,192.168.1.5:0

------------------------------------------------------------------
Server Prerequisites:

-Properly configured VNC 4 installation
-Modified gdm configuration that uses Xvnc as its X server
-OpenSSH with authorization keys for passwordless login to client

------------------------------------------------------------------
Client usage:

1. You can put the 'vncconnect' script anywhere in your PATH. I prefer /usr/local/bin.

2. In your favorite window manager, create some kind of link to run
the vncconnect script. I use GNOME, so I created a launcher, assigned
it an appropriate icon for the connection (movie characters that I name
my servers for) and set the following command line based on the sample
config above:

vncconnect work

That's it for the client end. You can set up a different icon or twm
link or whatever GUI you prefer. Or if you're really nuts, you can
just launch it manually at a prompt by just typing the above command
referencing your own config profiles.

------------------------------------------------------------------
Server end usage:

1. Again, put the 'vncdisconnect' script anywhere in your PATH. I
put mine in /usr/local/bin.

2. For each session you are connecting to, create a link to vncdisconnect.
In GNOME, I put it on my panel at the far upper left corner. That's it.
The script should be able to find the appropriate files in /tmp and
disconnect and lock the session you are connected to.

------------------------------------------------------------------
Basic Premise Behind All This:

Client Host Server Host
1. Start SSH Tunnel ---> Accept SSH Connection for Tunnel

Create a tunnel specifically
for this VNC connection.

Accept auth key for the tunnel
user and open tunnel.

2. Start VNC Viewer using Tunnel ---> Accept VNC Viewer Connection

3. Send Tunnel and VNC PIDS to Server ---> /tmp contains PIDs and
remote ssh username to
to connect in reverse
on exit and kill the
vncviewer on the client

This "send" is done using
ssh to cat the pids and
the local ssh username int
files in /tmp on the server

4. Kill VNC and Tunnel in response *--- Connected client disconnect

Using the PIDs in /tmp, run
a remote kill using ssh to
to the client host in order
to disconnect the vncviewer
and take down the tunnel
thereby ending the session.

5. Lock VNC Server Session

After the disconnection is
complete, run the
'xscreensaver-command -lock'
command on the server host
to lock the Xvnc server that
the client was connected to

-----------------------------------------------------------------------
The scripts follow:

vncconnect:

#!/bin/bash

PATH=$PATH:/usr/local/vnc4

# A simple function to check that at least two args are passed in. If not,
# Then print the usage message.
function check_usage()
{
if test "$1" = ""
then
echo "Usage: vncconnect "
echo
echo "EXAMPLE: vncconnect borkbox"
exit 1
fi
}

# Set all the needed variables
function set_vars()
{
MY_LOCAL_USERNAME=`echo $1 | cut -d@ -f1`
MY_LOCAL_HOSTNAME=`echo $1 | cut -d@ -f2`
MY_REMOTE_USERNAME=`echo $2 | cut -d@ -f1`
MY_REMOTE_HOSTNAME=`echo $2 | cut -d@ -f2`
VNCSERVER_HOSTNAME=`echo $3 | cut -d: -f1`
VNC_PORT=`echo $3 | cut -d: -f2`
VNC_FORWARD_PORT=590$VNC_PORT
}

while read config
do
config_name=`echo $config | cut -d\, -f1`
if test "$1" = "$config_name"
then
a=`echo $config | cut -d\, -f2`
b=`echo $config | cut -d\, -f3`
c=`echo $config | cut -d\, -f4`

set_vars $a $b $c
fi
done /tmp/current-user-:$VNC_PORT"
echo $VNCVIEWER_PID | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - >> /tmp/current-user-:$VNC_PORT"
echo $MY_LOCAL_USERNAME@$MY_LOCAL_HOSTNAME | ssh $MY_REMOTE_USERNAME@$MY_REMOTE_HOSTNAME "cat - > /tmp/remote-user-:$VNC_PORT"

#end

-----------------------------------------------------------------------------
vncdisconnect:

#!/bin/bash

# Set the needed variables
VNC_PORT=`echo $DISPLAY | cut -d. -f1`
PID_FILE="current-user-$VNC_PORT"
REMOTE_SSH=`cat /tmp/remote-user-$VNC_PORT`

# Read through the PID_FILE and use ssh to remotely kill the vncviewer and
# vnc tunnel
while read CURRENT_USER_PID
do
ssh $REMOTE_SSH "kill -9 $CURRENT_USER_PID"
done /tmp/$PID_FILE

# Lock the desktop session on the server after disconnect
xscreensaver-command -lock

# Clean up /tmp files
rm -f /tmp/$PID_FILE /tmp/remote-user-$VNC_PORT

#end

-------------------------------------------------------------------------
Sample .vnc_configs file:

# Profile Name, Local SSH User, Remote SSH User, VNC Server:port
parents,pete@my_vaio,pete@mom_n_dad,mom_n_dad:0
work,pete@my_vaio,pete@lab01.fireburning-infinite.com,lab05:1
apps,pete@my_vaio,pete@app_server,app_server:2
wife,pete@my_vaio,pete@app_server,app_server:3
app_console,pete@my_vaio,pete@app_server,app_server:0

-------------------------------------------------------------------------

I'm sure there's lots that's a little dodgy in here, but it works for me. Remember, it's essential that you have authorization keys for ssh set up, otherwise you will get prompted for an ssh password. Unless you don't mind that. The other thing that's esential is setting up your "app server" so that you modify your /etc/X11/gdm/gdm.conf file to use Xvnc for each display you want running. I'll dig around in my JEs, but I think I explained both of these things in the past. Have fun. Let me know what you think. Right now this should work pretty much any Unix-to-Unix set up. I don't know how this can be done with CMD on Windows. If anyone wants to pursue that and wants a little assistance from me on the logic, let me know.

UPDATE: Go to the following location for information on configuring GDM to use Xvnc as it's X server:

http://slashdot.org/~Trolling4Dollars/journal/82527

Taco's an ass. There shouldn't be a space between the 2 and the 7 above. I didn't bother to do this in HTML because it would have been too much work. Bleh.

This discussion has been archived. No new comments can be posted.

Stupid SSH Tricks Followup

Load All Comments

Search 2 Comments Log In/Create an Account

Comments Filter:

Please Note (Score:2)

by eno2001 ( 527078 ) writes:

Taco's Perl may have mangled my scripts above. If they don't run, look for odd spaces inserted at random. Feel free to ask a question if you are inclined. I'll answer what I can. Also note that I couldn't use the less than sign to make an arrow pointing from the server to the client in my above explanation and instead used an asterisk.
Can't wait (Score:2)

by nizo ( 81281 ) * writes:

I can't wait to try this out, I just haven't had time to fiddle with VNC yet. But once I do I will let you know :-)

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Journal eno2001's Journal: Stupid SSH Tricks Followup 2

Stupid SSH Tricks Followup More Login

Stupid SSH Tricks Followup

Please Note (Score:2)

Can't wait (Score:2)

Slashdot Top Deals

Slashdot