PDA

View Full Version : Remote login to Linux



NBCthreat
01-13-2003, 11:39 PM
Is it possible to remote login to a PC running knoppix via telnet?

Flibble
01-14-2003, 01:30 AM
Depends if you are running a telnet daemon or not and whether you have your firewall set to allow entry. Personally I would use SSH, its far more secure (telnet sends password in clear text, albeit one packet per letter. Check out dsniff by Dug Song for why that's still a problem).

Dave_Bechtel
01-14-2003, 08:38 AM
On server side (all as root:)

...set up networking (man ifconfig) so you have a valid IP address on eth0... (192.168.0.1 or whatever)
then:

' /etc/init.d/ssh start ' == Start the Secure Shell login daemon

(' man ssh ' ; ' man sshd ' == For more info)

On the client side (if Linux: )
' ssh -2 -C 192.168.0.1 ' == Start secure shell with protocol version 2 and compression. If you'd like more than 1 terminal for the remote session, see ' man screen '; personally, I use ' screen -aA ' and then Ctrl-A,C to start new sessions; Ctrl-A,[spacebar] to toggle between sessions.


Depends if you are running a telnet daemon or not and whether you have your firewall set to allow entry. Personally I would use SSH, its far more secure (telnet sends password in clear text, albeit one packet per letter. Check out dsniff by Dug Song for why that's still a problem).

NBCthreat
01-14-2003, 02:23 PM
Gentlemen:

I'm wanting to telnet from a Windows 2k computer on the same intranet. How would I go about that?

NBCthreat
01-14-2003, 02:35 PM
I did, by the way, get ssh to work using putty from the Windows 2k machine. Thanks for the help. Telnet would be a good thing to know how to do as well, however, since it's preinstalled on all windows machines.

RockMumbles
01-14-2003, 06:58 PM
Neither telnetd nor telnetd-ssl are on my knoppix system. You would have to install a telnet server daemon to be able to telnet into your knoppix box, which would be easy with a hdd install, not so easy if you are running from CD.

HTH,

rock

NBCthreat
01-14-2003, 09:47 PM
Thanks Rock.

A. Jorge Garcia
10-04-2003, 02:22 AM
OK, tell me if I can do this. I have my students booting "poor man's install" on 24 networked PCs in my lab. Can I setup one of the PCs to run linux 24x7 installing debian to the hdd and then setting up user accounts there that my students could login to remotely, retrieve and save their work, etc? Also, could I make this "server" accessible from my students' home PCs?

What would be the best way to do this.

TIA,

hw-tph
10-06-2003, 08:28 AM
Jorge,
this should be possible (and possibly even simple to accomplish), but first we need to know some stuff:

1. This computer you intend to use as a server, does it have a public IP (meaning, an IP that can be directly connected to from the Internet)? If not you will have to talk to your administrator to set up SSH and FTP forwaring to your server.

2. With Debian, installing the needed software should be easy. The SSH daemon is installed by default so that's no problem. Then you'll need an FTP server so the students can store and retrieve files easily. Or you could set up SSH to allow file transfers but that can be a little tricky for the students to get used to. I recommend ProFTPd. It's easy to set up and works very well.

If you don't need the users to be able to log in and use the computer remotely (except for downloading and uploading their work) you can set their accounts' shell to /bin/false. This will make it impossible for them to log in (from the terminal or using SSH). Then set the variable RequireValidShell in /etc/proftpd.conf for "no" and your students should be able to log in (if you have created accounts for them on the server).

You could also set up NFS shares so the users can copy their files to and from the server even easier. If you have Windows machines in your classroom (or on your network) you could use Samba to create Windows shares on the server as well.


hw

A. Jorge Garcia
10-06-2003, 06:00 PM
I can get an ip address from the "server" pc when I run ifconfig. I don't know if its availbale outside the building howerver, I 'll have to look into that.

Well, a few years ago I had slackware set up so the students automatically logged into a remote "server" just using xserver? I don't recall. However, this would require an hdinstall on every pc. I'd like to keep the students booting the CD - its just more goof-proof....

I'm hdinstalling the "server" of course!

Regards,

hw-tph
10-06-2003, 08:52 PM
You could set up SSH to allow X forwarding.
When you do this, your students can log in to the server using SSH in an xshell (xterm, Eterm, Konsole, whatever) and launch apps on the server and have them displayed on their workstations, as if they were running the application on their own computer. This should work well even if the student's computers run Linux off of the CD-ROM.

If several users are to be using the server at the same time running applications on it, you should of course be looking at a server with some muscle since the applications are run on the server and only displayed on the workstations.

hw

A. Jorge Garcia
10-06-2003, 10:32 PM
What about a thin-client? In other words reduce the bandwidth by running on the remote server only those jobs that need to.

Regards,

A. Jorge Garcia
10-07-2003, 10:43 PM
OK, I got knx-hdinstall done on one machine and created a user called mrg (that's me: Mr. G). Then I booted another PC on the LAN with the KNOPPIX CD. I could get rlogin and ssh to login in as mrg@primeCentauri (10.10.2.64 intranet). But I could not use anything but shell!

How do I use apps from the KNOPPIX PC attaching to files on the Remote Server PC? Do I have to knx-hdinstall every PC and use xdm server or kdm to login remotely just as if I were to login locally?

Regards,

hw-tph
10-08-2003, 12:27 AM
What about a thin-client? In other words reduce the bandwidth by running on the remote server only those jobs that need to.

Yes, that's what I had in mind. Sorry if I wasn't clear enough on that.

On the server you need to edit the /etc/sshd_config file and set the "X11Forwarding" line to "yes" instead of "no". This way you can log in using SSH to the server, execute a program - say, xeyes - and have it displayed on the local screen. It will act exactly as if you had it installed locally. If you open up a graphical editor (vim, kedit, or something) and save files the files will be stored on the server.

If you want to let apps launched on your local computer use the server's disk for storage (saving work, etc) that would mean setting up a little more advanced setup (possibly involving NFS shares). I haven't done that so I can't help you with it - sorry.

But you could do it the quick and ugly way by simply running the application locally, and when done upload your files to the server using FTP. I imagine that's not a very attractive option though.

hw

A. Jorge Garcia
10-08-2003, 02:11 AM
OK, so if I enable X11forwarding, I can login the the remote PC from my local PC with ssh and save files there. Can I then run an app like KATE and save files remotely? I'm confused, b/c you say I can then run an app like xeyes and its running remotely, but looks like it srunning locally, right? But then you say if I run a app that creates a file, I can't save it remotely?

BTW, ssh is just a secure shell version of rlogin, right?

OK, what about the quick and dirty ftp option? I tried ftp 10.10.2.64 and it seemed to connect. The I tried to login mrg and it asked for a password, I supplied it and everything seemed ok. But then if I tried to ls the remote home dir, I got a timeout. Also, if I try to put a file on the remote home dir from the local home dir or get a file from the remote home dir to the local home dir I also get a timeout as if I'm not connected via ftp.

What gives here? Do you have any ideas?

TIA,

Stephen
10-08-2003, 04:48 AM
OK, so if I enable X11forwarding, I can login the the remote PC from my local PC with ssh and save files there.

Yes but you do not need X forwarding to copy files you would want to use scp (secure copy) for that, it uses ssh to copy files securely over the network and would have been installed along with ssh. The scp syntax is like your regular copy command except you put the user name at the IP you are copying too e.g. scp file.txt user@123.456.789.012:/home/user/ would copy the file.txt to the home directory of the user.


Can I then run an app like KATE and save files remotely? I'm confused, b/c you say I can then run an app like xeyes and its running remotely, but looks like it srunning locally, right? But then you say if I run a app that creates a file, I can't save it remotely?

You would be running the application on the server with it being displayed over the network any files being created would be on the server.



OK, what about the quick and dirty ftp option? I tried ftp 10.10.2.64 and it seemed to connect. The I tried to login mrg and it asked for a password, I supplied it and everything seemed ok. But then if I tried to ls the remote home dir, I got a timeout. Also, if I try to put a file on the remote home dir from the local home dir or get a file from the remote home dir to the local home dir I also get a timeout as if I'm not connected via ftp.

What gives here? Do you have any ideas?

TIA,

Open Konqueror and in the address bar fish://mgr@10.10.2.64 and that will pop up a password dialog enter the password and then you have access to your machine.

A couple of links:
public key authentication (http://huizen.dto.tudelft.nl/devries/security/ssh2_pubkey_auth_config.html)
VNC article (http://newsforge.com/article.pl?sid=03/05/15/2054251)

A. Jorge Garcia
10-08-2003, 06:37 PM
Stephen, as always, you are a god! This sounds just like what I need!!

OK, let me get this straight:
I don't need X11forwarding to use scp or fish, right?
I have to use ssh before I can use scp, right?
I don't need to use ssh to use fish right?

Also, what benefit would I get from using X11forwarding, then. I'm a bit fuzzy here....

TIA,

Stephen
10-08-2003, 08:05 PM
Stephen, as always, you are a god! This sounds just like what I need!!

OK, let me get this straight:
I don't need X11forwarding to use scp or fish, right?
I have to use ssh before I can use scp, right?
I don't need to use ssh to use fish right?

Also, what benefit would I get from using X11forwarding, then. I'm a bit fuzzy here....

TIA,
You do not need the forewarding for ssh to work it is just text based so works from the command line no problem. With scp it is a seperate command that just uses ssh when you transfer the files over the network there is no need to use ssh first when you scp somefile user@123.456.789.012.:/desitination/directory it will ask you for the user's password while using ssh to encrypt the connection. For the fish it is the same as scp except you get to do it graphically it pops up a dialog to enter the password while using ssh for the connection and for what you are thinking of doing is probably perfect for the job you would just need accounts for each user on the server and they would have their own /home to save the files too.

The benefit of the X forewarding over ssh is security for running an application and having the results displayed over the network without it anyone could sniff the packets on the network and get the un-encrypted transmission.

A. Jorge Garcia
10-08-2003, 09:02 PM
This is perfect! I'm going to show my students how to do this tomorrow (after I add some more users to the server of course).

OK, so we still work locally off the KNOPPIX CD (well, its really the "Poor Man's Dual Boot" using the huge KNOPPIX file from the CD - works the same), but when it comes time to save a file, they go
scp file1.java nancy@10.10.2.64:/home/nancy
or retrieve a file, they go:
scp nancy@10.10.2.64:/home/nancy/file2.java .

This will not be too different from what we do now. Now we use the "FastDOSBoot floopy" to boot the "Poor Man's Dual Install." There's plenty of room left on that floppy to save files. So when they save a file, they go:
cp file1.java /mnt/floppy
and to retrieve a file, they go:
cp /mnt/floppy/file2.java .

The only difference is instead of
ls /mnt/floppy
now they'll have to
shh -l nancy 10.10.2.64
first and then ls from the remote shell, right?

In any event, I won't need shh for anything else and I really can live without fish. Or am I missing something nice about fish? Well I guess "Konqueror fish://nancy@10.10.2.64" can replace ls without shh.

Now, I won't need a floppy for saving anymore!

I'm tempted to knx-hdinstall all the PCs with lilo in the mbr so we don't need boot floppies either - no floppies, no CDs, so much happiness! There's two problems with that. Whenever I do an hdinstall, I can't get printers to work with Kapps (KATE, KWrite, etc). Also, I've not had good experiences playing with the mbr....

Oh, thanx for the VNC link, I may just want to use it instead on a blackboard! I had a projection device attached to my PC in the back of the room so the kids could see me coding "real-time" last year in another lab. I really miss that! Maybe I can do something similar with VNC.

Thanx!

Stephen
10-09-2003, 01:38 AM
This is perfect! I'm going to show my students how to do this tomorrow (after I add some more users to the server of course).

OK, so we still work locally off the KNOPPIX CD (well, its really the "Poor Man's Dual Boot" using the huge KNOPPIX file from the CD - works the same), but when it comes time to save a file, they go
scp file1.java nancy@10.10.2.64:/home/nancy
or retrieve a file, they go:
scp nancy@10.10.2.64:/home/nancy/file2.java .

Yes you got the idea right it's just the same as copy except it uses ssh.


This will not be too different from what we do now. Now we use the "FastDOSBoot floopy" to boot the "Poor Man's Dual Install." There's plenty of room left on that floppy to save files. So when they save a file, they go:
cp file1.java /mnt/floppy
and to retrieve a file, they go:
cp /mnt/floppy/file2.java .

The only difference is instead of
ls /mnt/floppy
now they'll have to
shh -l nancy 10.10.2.64
first and then ls from the remote shell, right?

Exactly.


In any event, I won't need shh for anything else and I really can live without fish. Or am I missing something nice about fish? Well I guess "Konqueror nancy@10.10.2.64" can replace ls without shh.

Yes if you were to login as fish://nancy@10.10.2.64 it would take user Nancy to her /home/nancy directory in effect a ls over ssh. I look at fish as just an easy way to get drag and drop scp if you split the window where your files are before you login in the other window. It sounds like the students are already used to the command line so start them with ssh and scp that way they know how to do it properly without GUI then if you want to give them a break and make it real easy for them show them fish.


Now, I won't need a floppy for saving anymore!

I'm tempted to knx-hdinstall all the PCs with lilo in the mbr so we don't need boot floppies either - no floppies, no CDs, so much happiness! There's two problems with that. Whenever I do an hdinstall, I can't get printers to work with Kapps (KATE, KWrite, etc). Also, I've not had good experiences playing with the mbr....

You could just install lilo to the / of the install instead of the MBR and use the XP bootloader to chainload the partition and let lilo take over from there at least I assume that XP will do that, will it? If you get no option to install to the / decline the offer to install to the MBR make the boot floppy then while still running from the CD sudo chroot /mnt/hd?? /sbin/lilo -b /dev/hd?? replace the ?? with the drive letter and partition number of the /. So you are still getting the same problems with the newer releases, I think all out of ideas from the last time around except if you have internet access on the machine(s) wipe out the entire CUPS install and start over from scratch re-install and get the drivers from http://www.linuxprinting.org for the printers go through the setup and see if it works as it should.



Oh, thanx for the VNC link, I may just want to use it instead on a blackboard! I had a projection device attached to my PC in the back of the room so the kids could see me coding "real-time" last year in another lab. I really miss that! Maybe I can do something similar with VNC.

Thanx!

Your welcome I thought you could most likely use something like that. I was just thinking you might want to check out Bonzai linux (https://developer.berlios.de/projects/bonzai/) it's a pretty easy way to get Debian (Woody) on the system you still have to choose a few modules during the install but most everything you need should already be in the kernel you end up with KDE 3.1.? and kernel 2.4.20 last time I used it (beginning of the summer) and it only takes up about 400-500mb once installed then just get the extra packages you would want get yourself a base image install and just clone it across your network to the other machines.

A. Jorge Garcia
10-18-2003, 11:21 PM
OK, I got my students using ssh and scp. Then I showed them fish and all hell broke loose. They won't use the shell anymore...

One problem though, for some reason some of my students could not access their files remotely in this fashion. It looks like some sort of networking error where the "connection is refused" or "connection closed by remote host." What would cause this? I've never had any networking problems using KNOPPIX in my lab before either for printing or for using the internet. So why a problem like this over the "intranet" (ie: LAN)?

If I can't get this to work, I'll have to break down and knx-hdinstall each PC so I can use x-clients and an x-server. I was looking into PXE, but what a complication!

Regards,

mario
10-28-2003, 02:03 PM
i use SSH to connect to another knoppix machine over the network. prior to running SSH i do a xhost +. after i login to the remote machine, i export the DISPLAY to my_ip:0

however X applications will not run. for example trying to run gvim gives the foll error:


mario@mario:~$ xhost +
access control disabled, clients can connect from any host
mario@mario:~$ ssh chetan@chetan
chetan@chetan's password:
Welcome to Knoppix (Kernel 2.4.22-xfs)

chetan@chetan:~$ export DISPLAY=192.168.1.100:0
chetan@chetan:~$ gvim
E233: cannot open display

as mentioned on this thread i checked my /etc/ssh/sshd_config file, but over there the "X11Forwarding yes" line is already there and is un-commented.

what am i missing??

TIA,
mario

Stephen
10-28-2003, 03:55 PM
i use SSH to connect to another knoppix machine over the network. prior to running SSH i do a xhost +. after i login to the remote machine, i export the DISPLAY to my_ip:0

however X applications will not run. for example trying to run gvim gives the foll error:


mario@mario:~$ xhost +
access control disabled, clients can connect from any host
mario@mario:~$ ssh chetan@chetan
chetan@chetan's password:
Welcome to Knoppix (Kernel 2.4.22-xfs)

chetan@chetan:~$ export DISPLAY=192.168.1.100:0
chetan@chetan:~$ gvim
E233: cannot open display

as mentioned on this thread i checked my /etc/ssh/sshd_config file, but over there the "X11Forwarding yes" line is already there and is un-commented.

what am i missing??

TIA,
mario

Why are you using the xhost +? You should try ssh -X chetan@chetan to enable the forewarding then once you connect then just gvim and it will start gvim forewarded to your machine.

A. Jorge Garcia
10-29-2003, 01:30 AM
Why are you using the xhost +? You should try ssh -X chetan@chetan to enable the forewarding then once you connect then just gvim and it will start gvim forewarded to your machine.

Isn't it on the server
/etc/init.d/ssh start
and on the client (to use fish or scp)
/etc/init.d/ssh start
ssh -l name 10.10.2.64
or (to use gvim,...)
/etc/init.d/ssh start
ssh -X -l name 10.10.2.64

What do I know? I can't get SSH or FTP working right! I finally gave up on SSH and tried setting up FTP using the http://www.knoppix.net/docs/index.php/FaqFTP and still got nowhere....

Tell me if I'm wrong, but my understanding was as follows. On the "ftp server" which is knoppix-installed as debian:

rm /etc/hosts.deny
rm /etc/hosts.allow
/etc/init.d/inetd restart

Then on the "ftp client" which is a KNOPPIX live CD (or the CD image for a poor man's dual boot):

ftp 10.10.2.64
login mrg
password ....
ls

would produce a listing of my files on the "ftp server" from /home/mrg, right? BTW, my userid is mrg (short for Mr. G) and my hdd install is at 10.10.2.64. Then I could "get" and "put" files to my heart's content! The ftp line seems to connect, the login line produces the passwd prompt, the passwd is accepted, but ls just gives me a timeout....

Frustrated,

mario
10-29-2003, 06:09 AM
Why are you using the xhost +? You should try ssh -X chetan@chetan to enable the forewarding then once you connect then just gvim and it will start gvim forewarded to your machine.

Thank You Stephen it worked perfectly.

on the same topic, how do i get this to work using telnet? for example our sun servers do not support SSH. prior to using knoppix-hdinstall, i could telnet to a sun server and do a "setenv DISPLAY my_ip:0" after doing the "xhost +" on my local box.

TIA,
mario

A. Jorge Garcia
10-29-2003, 02:00 PM
Oh, could it be that I need to use ftp -u mrg 10.10.2.64 to login remotely to my /home/mrg dir from a shell? Please let me know if that's what I'm doing wrong!

TIA,

A. Jorge Garcia
10-31-2003, 12:47 AM
Finally, I have some success with this networking stuff!

OK, I tried X -broadcast, no good! I tried ftp -u mrg 10.10.2.64, no luck! I even tried Knoppix Terminal Server with PXE, f'get 'bout it!!

Today, I got fish://mrg@10.10.2.64 working without first ssh -l mrg 10.10.2.64. This was part of my error, fish takes care of the client end of setting up ssh. Also, I used <K><KNOPPIX><SERVICES><Start sshd> on the server and everything finally works! Thank God! Now I have knoppix-installed as knoppix clients and a knoppix-installed as debian server and all is well!

As always, I couldn't have done it without y'all! Thanx for all your help guys and dolls!!

Regards,

A. Jorge Garcia
11-06-2003, 01:50 AM
Why are you using the xhost +? You should try ssh -X chetan@chetan to enable the forewarding then once you connect then just gvim and it will start gvim forewarded to your machine.

OK, so its ssh -X mrg@10.10.2.64 to enable X-forwarding via Konsole and not ssh -X -l mrg 10.10.2.64? In other words, I should use the fish address form (ie: mrg@10.10.2.64) and I don't need to use -l with -X?

TIA,

A. Jorge Garcia
11-07-2003, 12:07 AM
OK, ssh -X mrg@10.10.2.64 works like a charm.

I can use fish if I need to copy files to and from the ssh client and server. However, on a daily basis, we'll be using ssh -X to work remotely.

Running ssh -X mrg@10.10.2.64 on the client PC in a shell automatically gives me a Konsole on the remote PC. Running apps from this shell with X forwarding works great too. If I want to see my home dir, all I do is type knoqueror in this remote shell and my home dir pops right up! If I want to edit a file, I just click on it in konqueror or run kate from the remote shell. If I want to compile anything, I'll do it directly from the remote shell. This is great!!

Thanx for all your help, everyone!!!

Now, the only problem I have is printing from an hdinstall. <KNOPPIX><CONFIGURE><CONFIGURE PRINTERS> doesn't help anymore. I'm having no luck with localhost:631....

Regards,

datakid
04-14-2004, 07:17 AM
ok, so I'm trying to get the info from my knoppix hd install to my flatmates XPwin box - I've got putty going on her computer, and I can log into mine, but scp doesn't seem to work...?? is there a special syntax for the win file structure (apart from all the slashes being the wrong way around?)...for some reason the ftp server doesn't work - I may have to use two knoppix cd images unless anyone has some more ideas?

roger_girardin
04-22-2004, 12:34 AM
lol

to upload from windows to linux (wan network) :

1) create an account at dyndns.org to get a dns name (your_name.dyndns.org)
2) apt-get install ddclient (a soft which will send your ip adress to dyndns update their tables)
3) if your linux server is not a router you have to install iptables and figure it to forward ssh requests to the server
4) install winscp (freeware) on the windows comps

then it works as a ftp client

A. Jorge Garcia
04-22-2004, 12:41 AM
OK, what's this putty? Is that a windows ssh client? I would like to ssh from a WIMPdoze box to my KNOPPIX server.

TIA,
AJG

garyng
04-22-2004, 04:15 AM
OK, what's this putty? Is that a windows ssh client? I would like to ssh from a WIMPdoze box to my KNOPPIX server.

TIA,
AJG

A ssh client, at least it runs on windows. It is a single executable, no DLL no nothing. Very handy. just do a search on google and you would be leaded to the website.

eco2geek
04-22-2004, 08:14 AM
There's also a really nice open source Windows SFTP/SCP client called WinSCP (http://winscp.sourceforge.net) that lets you move stuff back and forth between Windows and Linux using the ssh protocol, with a File Manager-like GUI.

And, of course, there's always good old Cygwin (http://www.cygwin.com).

A. Jorge Garcia
04-23-2004, 02:13 AM
OK, I tried putty from home (WIMxP) to my ssh server (KNOPPIX) at work. Now I can access my files and run console apps. I've not used a console only version of Linux in eons. What apps do you find useful in this kind of setup?

I seem to remember lynx for surfing, pico for editting, talk for IMing and pine for email. Of these only lynx is in KNOPPIX. I apt-get installed talk but can't get it to work.....

TIA,
AJG

eco2geek
04-23-2004, 03:39 AM
seem to remember lynx for surfing, pico for editting, talk for IMing and pine for email. Of these only lynx is in KNOPPIX. I apt-get installed talk but can't get it to work.....

Pine and pico evidently have licenses that are too restrictive to be in Debian "free." Nano is a free pico clone, and mutt is a good replacement for pine. (Midnight Commander has a good editor, too: try "mcedit filename".)


BTW, you're welcome to login to my server and see what you can do in console mode

You're a brave man. :!: I'm almost afraid to, for fear of being prosecuted!

OErjan
04-23-2004, 05:38 PM
my favorite messagin app is centericq.
it can use msn, icq (ofcource), yahoo, irc and a few more. al in the same consolewindow:-)
vhat is wrong with VI as editor? it is in virtually ALL *ix'es so... yeah, i know not as easy as notepad/kedit/gedit...

Hunkah
04-24-2004, 01:59 AM
Here is a walk through:
http://www.start-linux.com/articles/article_193.php

A. Jorge Garcia
04-24-2004, 02:41 AM
OK, putty is good in a pinch. Is there some sort of xclient or x11 emulator or kde emulator for use with something like putty?

TIA,
AJG

OErjan
04-24-2004, 09:04 AM
not aware of one, but there is cygwin... and vnc ofcource.

c123
04-24-2004, 04:32 PM
Just use VNC, using a putty tunnel for security... you don't have to install anything server-side, and the VNC viewer for windows is a very small download (couple of hundred kb).

If you're not sure of how to do any of this, do a quick google of post back here.

[3rd edit / addition]
I'd recommend VNC 'cos it's free, open source, and easy to implement, but you do have two other options as OErjan suggests:

1. cygwin's xfree X Windows server
free, open source, but I'm not sure how easy it is to setup (do you really want to have to setup and configure an X Windows server under MS Windows??).

2. commercial X Windows server
costs money, not open source, however may be easier to setup and performance is likely to be better than with cygwin. one commercial x server I know people use at work is Xceed (see http://fusion.gat.com/docview/x-servers.html which lists and links to this one and others).

HTH

A. Jorge Garcia
04-24-2004, 05:35 PM
OK, if I use a WIMPdoze VNC client, I'll have to leave a vnc server running at school, right?

TIA,
AJG

OErjan
04-24-2004, 07:20 PM
yes

c123
04-25-2004, 01:58 PM
OK, if I use a WIMPdoze VNC client, I'll have to leave a vnc server running at school, right?

TIA,
AJG

Not necessarily, you could start the VNC server only when you need a desktop, from the command line that you get in Putty. It's best to use VNC via an SSH tunnel for the following reasons:

1. security
VNC by itself is not secure, and although I've never heard of anyone sniffing a password or other info from a VNC session, why take the chance? Espceially if you're going to open a putty session for a command line anyway.

2. firewalls
just one port to open (for SSH), and that can be anyone you like (even 80 or 443 etc)

3. resources
you just start a VNC session when you need one ("vncserver 1", in putty you'd connect to "localhost:5901")

HTH

p.s. by default VNC loads a lightweight window manager (like twm), but you can use KDE or anyother if you want.

A. Jorge Garcia
04-25-2004, 06:08 PM
OK, c123, let me see if I understand you. Do you mean for me to open a ssh via putty on my wife's WIMxP box, start a vncserver thru ssh once logged-in and also run the vncviewer localhost:1 thru ssh?

How can this work. Don't I need to run the vncviewer on the XP box to be able to get graphics on there. You must be thinking that I'll be logging-in from a Linux box too. Well, then there's no problem. I can already do this without vnc and get KDE apps to run.

What I'd like to do is get KDE apps to run thru ssh (putty) on the XP box with vnc. Now, I tried this. I used putty to log-in to my ssh server at school. I can do any console app I please, but no X or KDE. For example, I used joe to write a console app java program and I could use javac to compile the code and java to execute it. All went well with no graphics.

Then, I tried vnc thru the ssh as you suggest and got a "can't open display" error when I ran vncviewer localhost:1. I then went to www. realvnc.com and downloaded the WIMPdoze vnc client and tried to connect to a vncserver I setup at school. When I run vncviewer from the XP box, I get a dialog box asking for the vncserver:display which I provided and then nothing happens.

I don't get this. Can I use vnc or not???

TIA,
AJG

garyng
04-25-2004, 07:15 PM
you need to enable the port forwarding in putty. What it does is to forward a local port to the remote host(another port) through ssh. Then on your server, you can start vncserver as usual.

From your xp, you access the local port created by puttyinstead of going to the remote ip) so it would be like 'localhost:1', depending on what local port you tell putty to forward.

edit: forgot to say, it is under the SSH->tunnel section when you start putty

A. Jorge Garcia
04-25-2004, 10:54 PM
OK, I tried connecting as you said, c123, to my KNOPPIX server at school from my KNOPPIX server at home and was asked for a passwd. I didn't make a passwd when starting vncserver and none was generated, so what do a I do in this case?

TIA,
AJG

A. Jorge Garcia
04-25-2004, 11:06 PM
garyng, lets see if I understand you rightly.

I start putty with X11 forwarding on (from ssh/tunneling). I login to my ssh server at school. I start a vncserver. Then I issue the command line vncviewer localhost:x where x is the vncserver desktop generated.

Is that all correct? Well, I must be missing something as it won't connect. This is what I get:

apcs@CentauriPrime:~$ vncviewer localhost:1
VNC viewer version 3.3.7 - built Jul 18 2003 16:45:54
Copyright (C) 2002-2003 RealVNC Ltd.
Copyright (C) 1994-2000 AT&T Laboratories Cambridge.
See http://www.realvnc.com for information on VNC.
X connection to localhost:10.0 broken (explicit kill or server shutdown).


What am I doing wrong? Please help, I'd love to get this to work for my students who can't hdinstall KNOPPIX or use a liveCD at home.

TIA,
AJG

garyng
04-26-2004, 03:17 AM
Assuming you want to VNC from windows to linux, here is what you need to do :

1. In putty dialog, enable port forwarding(not X11 forwarding), it is the lower dialog. You choose one for local(the window machine) and one for linux(in ip:port form). So say you choose 5900 for the local(Source Port) and linux.acme.com:5900(Destination).

2. login to linux as usual through putty.

3. start vncserver in the linux prompt(usual parameter), if you use other ports than 5900(if you have local X server), you need to change the Destination in (1)

4. sart vncviewer ON Windows, not on linux and choose local:0(assuming you choose 5900 as the "Source Port" in (1)

Now your vncviewer on XP would go through local port 5900(machine it is running) which is being forwarded by putty(as it is running) to linux port 5900 that you have ssh into. The vncserver on linux is listening to this port and would start a new xsession as usual.

If you also run the putty agent on Windows, you can also use RSA so you don't need to give any username/password(assume the ssh server is setup this way).

As for the password, I believe the vncserver would ask you once when it didn't see any in the home directory. It is a hidden file(.something) and would be used in a future invocation.

c123
04-26-2004, 03:25 PM
Hello again,

Admittedly the first time you tunnel a VNC connection it is a bit tricky and can require a small leap of faith (did for me anyway). However garyng has nicely detailed all the steps you need to do from home (i.e. see your nice linux desktop from school on your winxp laptop at home). Just a couple of points though WRT garyng's post:
- destination should be 'localhost' unless you want to see the desktop of a third linux machine (i.e. a machien differnent to the one you are logging into)
- AFAIK you must use 'localhost' (or its IP address 127.0.0.1); 'local' will not work
- using public keys to authenticate is a great idea, but first of all just get password authentication working :)

Sorry, should have posted the following earlier http://www.benjamin.weiss.name/putty-tunnel.html

The page runs you through a real world example - it's like garyng's guide, except you get pictures too :) Note that in the example above, the author is forwarding port 5904 - this corresponds to display :4. [[ the command to start a VNC server on display :4 is 'vncserver :4'; as you see on the page, on the Windows box the user gives 'localhost:4' as the server to connect to]].

AJG, the reason you tell your VNC viewer to connect to display 4 of localhost (= port 5904) is that Putty is forwarding this port, i.e. anything you send to port 5904 on localhost (your winxp laptop) is actually being forwarded to port 5904 on your linux server...

WRT passwords, VNC should ask you to create one when you create a server if one does not already exist. 'vncpasswd' should allow you to create/modify the password (for the current user).

A. Jorge Garcia
04-27-2004, 12:18 AM
Thanx for all you help an patience, c123 and garyng, but I'm still clueless!

I tried everthing you two said to do. For some reason I only get localhost:7 to connect (I created 6 other vncservers before succeeding) but after connecting I don't get a KNOPPIX desktop. Isn't that what I'm supposed to get so I can manipulte KDE apps remotely in WIMPdoze?

BTW, I know localhost:7 works as I can use it from another PC on the LAN when both PCs are running KNOPPIX. In fact, the password it asks for is the userid passwd! I found a hidden dir called .vnc with a file in it called passwd. When I tried to open it in KATE, it had one word in weird characters I could not decifer.

TIA,
AJG

garyng
04-27-2004, 09:18 AM
the vnc password is encrypted so you need the tool (vncpasswd) to change it.

what window manager/desktop manager is launched depends on your system setup(.xsession etc. in the home directory) I have installed fluxbox and have no problem having it launched. what desktop you get when you do a 'startx' locally on that linux machine ? From the vnc perspective, it is no different than starting a local X server, just the display protocol is different (one to video card for XFree86, one to memory buffer and then remote for vnc). One thing I don't like to use KNOPPIX as a HD installation is that it has its own way of arranging things meaning learning yet another set of convention on top of the debian convention which by itself is already different from the convention used in the raw package like XFree86.

why it needs to go till :7 is beyond me. But as far as I know, they use /tmp/.X11/ to find out empty slot for the display. So it may be that it sees some left over there.