Remote assistance for X
Warren Block
wblock at wonkity.com
Sat Jan 2 02:53:17 UTC 2010
On Fri, 1 Jan 2010, Karl J. Runge wrote:
>> remotehost="lightning"
>> cmd="x11vnc -display :0 -localhost -connect localhost -ncache"
>> ssh -t -c blowfish -R 5500:$remotehost:5500 localhost "$cmd"
>
> I think you mean:
>
> ssh -t -c blowfish -R 5500:localhost:5500 $remotehost "$cmd"
>
> right? You want to ssh to $remotehost and have the 5500 traffic go
> through ssh to localhost:5500, no? The use of '-R 5500:$remotehost:5500'
> implies a unencrypted leg going over the network (which may or may not
> be acceptable to you, i.e. inside your LAN, but I'm not sure.)
[Having spent some time today fighting my own firewall, I'm
reconsidering the use of relative names like "remote".]
Ideally, the supportee will start x11vnc and the ssh tunnel on their
system and not need to open port 22 on their firewall.. So maybe:
ssh -t -c blowfish -N -f -L 5500:$supporterhost:5500 $supporterhost && \
x11vnc -display :0 -localhost -connect localhost -ncache 10
> There are some ways to emulate UltraVNC single click with x11vnc:
>
> http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
>
> and SSL encrypted connections are described at the end of that FAQ.
> The ssvnc GUI wrapper (but not the bare ssvncviewer) can establish the
> SSL tunnel for you.
That looks more elegant. Are the security and speed comparable to ssh?
> However, since you have ssh access to the supportee machine, I
> suggest using that.
The test machine is inside my LAN now, but once it goes out into the
wild, it will probably be behind a consumer-grade firewall with very few
incoming ports open.
-Warren Block * Rapid City, South Dakota USA
More information about the freebsd-questions
mailing list