Linux Format

Networking Remote computing..........

That’s not a ghost in the machine, it’s a remote Mats Tage Axelsson playing around with your desktop from the comfort and safety of his bunker hideout.

- Mats Tage Axelsson has finally realised that one computer isn’t enough for his needs, so he’s spreading his bets all over the web. Watch out world!

That’s not a ghost in the machine, it’s a remote Mats Tage Axelsson playing around with your desktop from the comfort and safety of his concrete bunker hideout.

We all want to work from wherever we tend to be, so access systems remotely is a handy skill. Many remote working systems are for connecting to and configurin­g other nodes. This is ideal for businesses, but what do hobbyists want it for? Of course, as enthusiast­s, we want to have more than one machine and in this case, it can be useful to connect over your own network or even over the web.

There are some applicatio­ns that we don’t want to have running on our own machine. There could be a large number of reasons for this: for example, you may want to appear to be home even when you’re abroad. This can also be achieved with a VPN solution, of course. You may also want to use a special setup for specific tasks, or simply administer home automation systems.

A common reason for enthusiast­s may be performanc­e issues. A laptop that can render your newest animation or compile your latest iteration of software will be very expensive, whereas the same desktop system can be had for a relatively modest amount.

If you run Blender, rendering can either be done remotely or you can have the whole applicatio­n only displayed on your local machine. Your developmen­t environmen­t may require a lot of memory and while you wait for the program to compile, it can be useful to be able to disconnect and do something else. So what options do you have?

In the beginning, there was an X option for ssh (-X) . This works reasonably well when you have the remote computer next to you and a guaranteed bandwidth of 100mbits/s. Using ssh this way is only useful when you have a headless server to handle your needs, most likely a file server or the like. If you want to use an old desktop computer you’ve got stacked in your closet or when you’re out and about, then this won’t be good enough.

Double the fun

There are a number of abilities that you’ll miss out on when using ssh that are implemente­d by other systems. The two most important ones are compressio­n and session-resuming features. In the commercial space you may have heard of Citrix − this solution has a vast amount of functions that many enterprise­s find useful, but will only make things complicate­d for regular users.

Clients, or viewers, for your local machine are plentiful and many have been adapted to your desktop environmen­t. As usual, anything that starts with a ‘g’ is for the gtk toolkit. Most of the viewers are included in your distributi­on and can be added using your package manager. This author uses the tigervnc viewer and an ssh tunnel to access his servers.

When you’re testing this you must start by installing and configurin­g the server before you can bring in the various clients. Installing the VNC server on the remote end requires root privileges, unless you decide to use a user-space tool such as Linuxbrew.

The install procedure uses the ordinary package management commands, either

$ sudo apt install vncserver

or

$sudo yum install vncserver

To configure the server you can actually just leave it the way it is, because there are sensible defaults.

Now the tricky part is to make sure all ports are open, and so here we need root privileges again. The vncserver usually starts with port 5901 and goes up. However, the value can be chosen at will, as long as you don’t confuse your fellow man or use common ports. Because the VNC protocol isn’t secure, this approach isn’t recommende­d unless you use it inside your own network and on wired networks.

However, to increase security you need to stop port 59xx from being used. To do this, add the “localhost” option as a single line in ~/.vnc/config. The following is the example shown above, but in this format:

~/.vnc/config ## Supported server options to pass to vncserver upon invocation can be listed ## in this file. See the following manpages for more: vncserver(1) Xvnc(1). ## Several common ones are shown below. Uncomment and modify to your liking. geometry=1200x700 alwaysshar­ed dpi=96 localhost

A system with these settings requires an SSH tunnel to operate. Speaking of which…

Tunnelling the SSH out of here

To make sure you have encrypted communicat­ion you need to create an ssh tunnel from your local machine.

When you open the ssh tunnel you need to know the port you’ll use for the VNC connection. Fortunatel­y, you can decide the port in advance if you’re the only user of the remote server. This is how to do it.

First, pick a port. Here, we’ve chosen 5906 and therefore the display (6). To avoid other VNC sessions on the local PC we start with 5910 on the local side of the tunnel. Choose more memorable port ranges when you set up a full system: $ ssh -L 5910:localhost:5906 user@remotehost

On the remote host run vncserver, you may need to use a few parameters to tweak the screen and display value.

In this case, we want to run a session that survives even if we lose the connection or close the viewer. When this mode is enabled you should set a VNC password. So on the remote server run the following:

$ vncpasswd [your_password]

This password is separate from the user password but can be anything that’s memorable.

To start an instance of the server, just run the command and it’ll assign the next display. In our case we want to start display (which is 6), so the command becomes the following:

$ tigervncse­rver -xstartup /usr/bin/xterm :6 New ‘DS-Tage.matstage:6 (matstage)’ desktop at :6 on machine DS-Tage.matstage Starting applicatio­ns specified in /usr/bin/xterm Log file is /home/matstage/.vnc/DS-Tage.matstage:6.log

Use xtigervncv­iewer -SecurityTy­pes VncAuth -passwd /

home/matstage/.vnc/passwd :6 to connect to the VNC server. As you can see, the server starts and informs you what to do to use the server. We need to reach it from another machine though, so we must run a slightly different command to achieve the correct view. The number 6 in the instructio­n refers to the display and will need to be tunnelled through your ssh connection, in this example, we tunnelled 5910 to 5906. Choose more memorable port ranges when you set up a full system.

If you start the viewer without a password a window will appear for you to type it in:

$ xtigervncv­iewer localhost:5910 There’s also another mistake that’s easy to make, which is connecting to the wrong port. If you do this you’ll see a message on the server side stating: ‘ channel 3: open failed: connect failed: Connection refused . This is a good sign that

?? ??
?? ?? Using the ssh command with parameter X will enable you to run applicatio­ns over the connection, but the responsive­ness will suffer over the internet.
Using the ssh command with parameter X will enable you to run applicatio­ns over the connection, but the responsive­ness will suffer over the internet.
?? ??
?? ?? There are a multitude of options in the menu that pops up when you press F8 during an open ssvnc session.
There are a multitude of options in the menu that pops up when you press F8 during an open ssvnc session.

Newspapers in English

Newspapers from Australia