Active Topics
-
Extra softwares in Sailfish using CLI, repositories, etc (117)
to SailfishOS by nieldk - 1 day, 18 hrs ago -
Firefox with Leste (6)
to Maemo 7 / Leste by teroyk - 2 days, 15 hrs ago - more...
| The Following User Says Thank You to Benson For This Useful Post: | ||
 |
|
2008-04-07
, 09:16
|
|
Posts: 48 |
Thanked: 40 times |
Joined on Apr 2008
@ Spain
|
#12
|
Originally Posted by cmdowns
Let me elaborate a bit about what is happening behind the scenes.
Someone please correct me if I am wrong.
Once I have the tunnel established between client and server, all I have to do is launch my VNC viewer and (as long as the VNC server is active at the server end) the VNC session will be secure? I guess I've been working under the assumption that there was something more to it. Is it really that easy?
First, without involving ssh nor tunnels:
You have launched a VNC server on your XP box. This is a process which is listening in the port 5900+N, where N is the number of the display (usually 0 under windows, or 1 under linux, depending on the vncserver used). In your home lan, you can connect to this server using an VNC client, giving it the address: the.ip.of.your.windows.box:0 (where 0 is the display number). This causes the VNC client to connect with the port 5900+0 (=5900) of your windows box, where the VNC server is listening.
Now, use ssh to create an encrypted tunnel:
When you launch in your Nokia the command
ssh -L5901:localhost:5900 user@the.ip.of.your.windows.box, the following occurs:
- The process ssh in the Nokia tries to connect with the process sshd in your windows box (it uses port 22 for this, unless you have configured sshd to use a different non-standard port). sshd requires your authentication (this can be done via a password or via a public key, depending on your configuration. Using public keys saves you from entering passwords at this step)
- After a successful login, the process ssh in the nokia keeps listening to port 5901 (the first number after the -L). Any data received by the nokia in this port, is sent to the XP box, where the process sshd redirects it to the address "localhost:5900" (the second part of the -L option)
Then, you can launch your VNC client in the nokia, and when it asks you for the host to which connect, you answer "localhost:1". Here "localhost" represents the nokia, since the VNC client is running in the Nokia. So the VNC client will try to connect to the port 5901 (5900+1) in the Nokia. At this port ssh is listening, and the traffic is forwarded to the process sshd in the Windows machine. There, sshd will forward it again to "localhost:5900" (here localhost represents the windows mahcine, since sshd it is running in the windows machine). So the traffic finally arrives to the port 5900 in windows, where the VNC server is listening.
All traffic between ssh and sshd is encrypted. The unencripted traffic occurs locally, at two points: 1) in your Nokia, between the processes VNC client and ssh, 2) in your windows machine between the processess sshd and the VNC server.
Confusing? Yes, it is... A diagram would be useful here...
A final note: when your VNC client connects your VNC server (through the ssh tunnel), it will probably ask you a password (if you configured the server to do so). You can avoid also this annoyance, if you configure your server for not asking passwords, and for accepting only connections coming from localhost (I think it has a checkbox for this). If you combine this strategy with the use of ssh public keys, you can avoid typing any password at all in the whole process, and still have the maximum security.
__________________
--ル Diaz
--ル Diaz
Last edited by jldiaz; 2008-04-07 at 09:40. Reason: Addition of final note about passwords
 |
|
2008-04-07
, 10:49
|
|
Posts: 100 |
Thanked: 13 times |
Joined on Mar 2008
|
#13
|
Wow. . .this is certainly the most interesting/challenging thing I worked through with the tablet so far. And doing this kind of stuff is precisely why I got the tablet in the first place.
Early on in this process, Benson referred me to this post. Now some it it makes sense.
However, what doesn't is the reference to "Change the line in /usr/bin/x11vnc:" in step 1. I attempted to follow these directions, buy was stymied early on by not being able to find x11vnc through xterm. I've dowloaded it, installed it, and run it. I know it's on the nokia. But it isn't in /usr/bin (assuming that this is the /usr/bin in the root directory).
I'd like to figure out a few more things:
1) What is the purpose of the above mentioned step 1? Is it truly necessary?
2) Does it matter that I was able to establish the ssh connection without following this step?
3) Why can't I find x11vnc? Is there a way to preform an automated search for something in xterm?
4) Am I correct in assuming that x11vnc is the vnc server app for my nokia? I've already managed to connect to the nokia vnc server via my XP VNC client (on my home WLAN). I did so by setting up an SSH between the two, running x11vnc in xterm and using the tightVNC viewer on my XP box.
If I am correct in my assumption in 4), I would like to be able to locate x11vnc within xterm so I can tweak it if need be.
And thanks to everyone who's contributed to the thread. You've all been a lot of help.
Early on in this process, Benson referred me to this post. Now some it it makes sense.
However, what doesn't is the reference to "Change the line in /usr/bin/x11vnc:" in step 1. I attempted to follow these directions, buy was stymied early on by not being able to find x11vnc through xterm. I've dowloaded it, installed it, and run it. I know it's on the nokia. But it isn't in /usr/bin (assuming that this is the /usr/bin in the root directory).
I'd like to figure out a few more things:
1) What is the purpose of the above mentioned step 1? Is it truly necessary?
2) Does it matter that I was able to establish the ssh connection without following this step?
3) Why can't I find x11vnc? Is there a way to preform an automated search for something in xterm?
4) Am I correct in assuming that x11vnc is the vnc server app for my nokia? I've already managed to connect to the nokia vnc server via my XP VNC client (on my home WLAN). I did so by setting up an SSH between the two, running x11vnc in xterm and using the tightVNC viewer on my XP box.
If I am correct in my assumption in 4), I would like to be able to locate x11vnc within xterm so I can tweak it if need be.
And thanks to everyone who's contributed to the thread. You've all been a lot of help.
|
|
2008-04-07
, 13:44
|
|
Posts: 100 |
Thanked: 13 times |
Joined on Mar 2008
|
#14
|
And while people are still paying attention to this thread. . .I guess I need some more help establishing the ssh between my n800 and my XP box when I'm using the WAN (eg public wifi, not on my home network).
From what I can tell. I can set up the ssh between the n800 and the XP box and use VNC with no problem when I've got both devices on my home wlan. Of course, I don't really need to use an ssh on my personal wlan because it's protected by WPA.
This morning, I tried to replicate the setup through the WAN. No luck. I'm thinking I need to tweak the settings on my router (D-Link DI-524). I used the router's browser page to set up a virtual server (which I understand is what D-Link call port forwarding) that is configured as so:
[name] [my.XP.box's.IP] TCP 22/22 always
Sooooo . . . this is where my ideas start to run out. If I want to ssh from the n800 to the XP box, do I ssh to the IP for the router or the XP box? I tried both options and neither worked, so there is probably some other problem as well.
Does anyone know what I'm doing wrong?
From what I can tell. I can set up the ssh between the n800 and the XP box and use VNC with no problem when I've got both devices on my home wlan. Of course, I don't really need to use an ssh on my personal wlan because it's protected by WPA.
This morning, I tried to replicate the setup through the WAN. No luck. I'm thinking I need to tweak the settings on my router (D-Link DI-524). I used the router's browser page to set up a virtual server (which I understand is what D-Link call port forwarding) that is configured as so:
[name] [my.XP.box's.IP] TCP 22/22 always
Sooooo . . . this is where my ideas start to run out. If I want to ssh from the n800 to the XP box, do I ssh to the IP for the router or the XP box? I tried both options and neither worked, so there is probably some other problem as well.
Does anyone know what I'm doing wrong?
|
|
2008-04-07
, 14:41
|
|
Posts: 833 |
Thanked: 124 times |
Joined on Nov 2007
@ Based in the USA
|
#15
|
Originally Posted by cmdowns
as root:
<snip><snip> I would like to be able to locate x11vnc within xterm so I can tweak it if need be.
And thanks to everyone who's contributed to the thread. You've all been a lot of help.
# find / -name x11vnc -print
__________________
N810, iGo bt kb, Diablo, 10Gb storage onboard instead of a Thinkpad
OTG w/ unlimited storage!!
Put a penguin in your pocket!!
PLEASE use the Wiki
N810, iGo bt kb, Diablo, 10Gb storage onboard instead of a Thinkpad
OTG w/ unlimited storage!!
Put a penguin in your pocket!!
PLEASE use the Wiki
| The Following User Says Thank You to gemniii42 For This Useful Post: | ||
 |
|
2008-04-07
, 15:34
|
|
Posts: 4,930 |
Thanked: 2,272 times |
Joined on Oct 2007
|
#16
|
Originally Posted by cmdowns
Adjusts the settings with which x11vnc is started; equivalent to the changes you can make through the tightVNC GUI.
Wow. . .this is certainly the most interesting/challenging thing I worked through with the tablet so far. And doing this kind of stuff is precisely why I got the tablet in the first place.
Early on in this process, Benson referred me to this post. Now some it it makes sense.
However, what doesn't is the reference to "Change the line in /usr/bin/x11vnc:" in step 1. I attempted to follow these directions, buy was stymied early on by not being able to find x11vnc through xterm. I've dowloaded it, installed it, and run it. I know it's on the nokia. But it isn't in /usr/bin (assuming that this is the /usr/bin in the root directory).
I'd like to figure out a few more things:
1) What is the purpose of the above mentioned step 1? Is it truly necessary?
2) Does it matter that I was able to establish the ssh connection without following this step?
3) Why can't I find x11vnc? Is there a way to preform an automated search for something in xterm?
Oh, and if you can run a program (as indicated below), which will tell you where it is:
Code:
which x11vnc
4) Am I correct in assuming that x11vnc is the vnc server app for my nokia? I've already managed to connect to the nokia vnc server via my XP VNC client (on my home WLAN). I did so by setting up an SSH between the two, running x11vnc in xterm and using the tightVNC viewer on my XP box.
For remotely connecting from your N800 (out on the internet somewhere) to your PC (on a LAN behind a NAT with a port forward for SSH), you'll need to connect via the NAT's WAN-side IP.
Last edited by Benson; 2008-04-07 at 17:00.
|
|
2008-04-07
, 16:43
|
|
Posts: 48 |
Thanked: 40 times |
Joined on Apr 2008
@ Spain
|
#17
|
Originally Posted by cmdowns
x11vnc is an VNC server. Assuming that you are trying to use your nokia as a client, you don't need it.
Early on in this process, Benson referred me to this post. Now some it it makes sense.
However, what doesn't is the reference to "Change the line in /usr/bin/x11vnc:" in step 1. I attempted to follow these directions, buy was stymied early on by not being able to find x11vnc through xterm. I've dowloaded it, installed it, and run it. I know it's on the nokia. But it isn't in /usr/bin (assuming that this is the /usr/bin in the root directory).
I'd like to figure out a few more things:
1) What is the purpose of the above mentioned step 1? Is it truly necessary?
The purpose of x11vnc is to "capture" an existent X session in a linux box, and to "serve" the display through VNC protocol. In case of the n810, this means that you can see the screen of your Nokia, remotely, from any other computer, using a VNC client.
The purpose of adding -localhost option when launching x11vnc, is to disallow the access to your display from any external host. Only connections from localhost are allowed. This, apparently, goes against the objective of using VNC in first place, but it makes sense when you plan to use ssh tunnels. Remember that, when the tunnel is properly configured, the connection to the VNC server does occur from localhost (from the sshd process). [See my previous post]
Originally Posted by cmdowns
It is not closely related. You can make an ssh sesion, with or without tunnels. If the session is with a tunnel like -L5901:localhost:5900, then the conection in the vnc server side is from localhost, so in this case you get an extra level of security by using the -localhost option, because this option will not prevent you to use the tunnel, but it wil prevent to any other trying to connect the vnc server without using the tunnel.
2) Does it matter that I was able to establish the ssh connection without following this step?
Originally Posted by cmdowns
It is not installed by default. You need to install the x11vnc package.
3) Why can't I find x11vnc? Is there a way to preform an automated search for something in xterm?
Originally Posted by cmdowns
You are correct in your assumption. However, now I'm not following you... So, finally you have found x11vnc for your nokia or not? And, is this what you were looking after, or it was the reverse scenario (vnc server in your windows an vnc client in your Nokia)? I'm a bit perplexed.
4) Am I correct in assuming that x11vnc is the vnc server app for my nokia? I've already managed to connect to the nokia vnc server via my XP VNC client (on my home WLAN). I did so by setting up an SSH between the two, running x11vnc in xterm and using the tightVNC viewer on my XP box.
If I am correct in my assumption in 4), I would like to be able to locate x11vnc within xterm so I can tweak it if need be.
__________________
--ル Diaz
--ル Diaz
Last edited by jldiaz; 2008-04-07 at 16:45. Reason: Minor typos
|
|
2008-04-07
, 16:58
|
|
Posts: 4,930 |
Thanked: 2,272 times |
Joined on Oct 2007
|
#18
|
Originally Posted by jldiaz
From the man page, it appears you are right; I guess I was thinking tightVNC, which defaults to forbid local connections.
The purpose of adding -localhost option when launching x11vnc, is to disallow the access to your display from any external host. Only connections from localhost are allowed. This, apparently, goes against the objective of using VNC in first place, but it makes sense when you plan to use ssh tunnels.
Edited above.
|
|
2008-04-07
, 17:28
|
|
Posts: 100 |
Thanked: 13 times |
Joined on Mar 2008
|
#19
|
Okay, since everyone has been helpful I feel like I must come clean about one really dumb mistake I made. The reason I couldn't find x11vnc in xterm was simply because I didn't really understand how to change directories. I was working under the (wrong) assumption that if I was in root (/) I could cd to /usr, and then once in /usr I could simply enter "cd /bin", expecting that to drop me into cd/usr/bin.
Now I realize that was totally wrong. Of course telling xterm to cd /bin, it's going to change the directory to /bin. I'm sure there must be a way to cd [current dir]/[desired dir] without having to enter the full path. I just don't know what it is yet.
So yes, x11vnc is in /usr/bin, just as Benson said it would be in the post I referenced earlier.
Also, I'd like to apologize about the confusion regarding my desired goals. Indeed I started this thread explicitly stating that I wanted to figure out how to VNC from the nokia client to the XP server. However, as I began to understand how this works, I thought that I might as well figure out how to VNC in both directions. Everyone has been so helpful, I'm sorry if I've been obtuse about what I'm trying to do.
From best I can tell, if I can figure out how to set up an SSH and VNC from my nokia client to my XP server (my primary interest), then I should be able to figure out how to do it from an XP client to the nokia server. I'm just interested in learning as much about accessing my network as possible.
So when I was setting up the SSH before, I was doing so as so:
ssh -L5901:localhost:5900 [name]@[XP.server's.actual.IP]
Now according to this:
OK, from my limited knowledge, I know that 127.0.0.1 refers to the local address. Soooo. . .I'm guessing that the :01 part of 127.0.0.1:01 somehow tells VNC to go to the other end of the SSH tunnel. Does this sound right? For example:
ssh -L5901:localhost:5900 [user]@[local.IP.address]:0
Is this correct? Do I add :0 because the other end of the tunnel is defined as :5900? Would I add :1 to the localhost if I defined it as :5901?
OK, that's enough questions for now. If I ask too many in one post, I can't keep all the answers straight.
Thanks for the help. You guys rock.
Now I realize that was totally wrong. Of course telling xterm to cd /bin, it's going to change the directory to /bin. I'm sure there must be a way to cd [current dir]/[desired dir] without having to enter the full path. I just don't know what it is yet.
So yes, x11vnc is in /usr/bin, just as Benson said it would be in the post I referenced earlier.
Also, I'd like to apologize about the confusion regarding my desired goals. Indeed I started this thread explicitly stating that I wanted to figure out how to VNC from the nokia client to the XP server. However, as I began to understand how this works, I thought that I might as well figure out how to VNC in both directions. Everyone has been so helpful, I'm sorry if I've been obtuse about what I'm trying to do.
From best I can tell, if I can figure out how to set up an SSH and VNC from my nokia client to my XP server (my primary interest), then I should be able to figure out how to do it from an XP client to the nokia server. I'm just interested in learning as much about accessing my network as possible.
So when I was setting up the SSH before, I was doing so as so:
ssh -L5901:localhost:5900 [name]@[XP.server's.actual.IP]
Now according to this:
Originally Posted by Benson
It appears that my VNC session (nokia client to XP server) was not going through the SSH. Is this correct? In order to send the VNC through the SSH, I need to specify the an IP of 127.0.0.1:1?
Assuming you told tightVNC to connect to 127.0.0.1:1 (or some such), you're going through the SSH tunnel(which you shouldn't be able to, without tweaking the x11vnc script)Wrong, see jldiaz's post below. If, OTOH, you used your actual N800 IP or hostname, then it wasn't going through SSH, and should work.
OK, from my limited knowledge, I know that 127.0.0.1 refers to the local address. Soooo. . .I'm guessing that the :01 part of 127.0.0.1:01 somehow tells VNC to go to the other end of the SSH tunnel. Does this sound right? For example:
ssh -L5901:localhost:5900 [user]@[local.IP.address]:0
Is this correct? Do I add :0 because the other end of the tunnel is defined as :5900? Would I add :1 to the localhost if I defined it as :5901?
OK, that's enough questions for now. If I ask too many in one post, I can't keep all the answers straight.
Thanks for the help. You guys rock.
 |
|
2008-04-07
, 17:39
|
|
Posts: 90 |
Thanked: 5 times |
Joined on Dec 2007
|
#20
|
Interesting thread, and will come in handy indeed.
Can someone tell me where I can download VNC client for the N810?
And if anyone has ever heard of "Radmin" or Remote Administrator (www.famatech.com) is there any way to connect to a Windows box which is using this for remote control?
Can someone tell me where I can download VNC client for the N810?
And if anyone has ever heard of "Radmin" or Remote Administrator (www.famatech.com) is there any way to connect to a Windows box which is using this for remote control?
(I got your PM for help; it looks like you already got it, though?)