HOWTO: A simple, quick way for remote desktops

[darkphoenix16]

Hello, I have been using Gentoo for....lets see....around two years now. I've always wanted to post to the forums but I never had time due to school, or thats what I am going to say anyways . Now that I am done school I would like to *try* and help others out...so here it goes.

I have used these forums greatly and have come across people trying to set up remote desktops and having trouble. This is what I do, it's probably not the best way but it works well.

A few notes on my setup:
I have four computers at home. One is used as a router/firewall. The router has port forwarding all set up so that each computer has its own "ssh" port. For simplicity lets say they are 4444 for the computer with IP A, 5555 for the computer with IP B, and 6666 for the computer with IP C. Computer A wants to be able to hold remote sessions from computers B and C. Heres how I did it.


You will need to have gdm and ssh

Step 1: Set up SSH
Assuming that the router is set up properly (If you are having trouble with your software router I HIGHLY reccommend you trying out coyote linux just for that putpose), we must place SSH on computers A, B, and C. Thankfully this is generally an easy task as we simply use portage.

[tscolari]

just a question whats the diference betwen openssh and ssh?
there are the both for emerge

[ajtidball]

[zaiyon]

one question, I have got a message without X, my "allround" server, who is my primary ssh daemon too, I usually connect to my workstation over it... so how can I get X11 to be forwardet through that non-X11 machine? I tried your howto way, but it does not work like this. do you have any idea for me?
_________________
What do you have when you have six lawyers buried up to their necks in sand? Not enough sand.
My Project - open Outcast

[ian!]

Moved from N&S.
_________________
"To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins

[darkphoenix16]

Im not sure I understand 100%.

If you wanted to forward a X server app you would need an xserver on your server. If you are trying to use X11 apps on another non-X11 machine I would recommend tight vnc.

Just emerge tightvnc and use the vncserver script. Right off that bat it won't be secure but you can tunnel it using ssh. There are plenty of tutorials on this.
_________________
I really wish I could put something witty here.

[zaiyon]

thanks for the answer, but thats not what I meant. I really want X11, no VNC, and forwarding works just fine, my problem is that I connect to my workstation from the server from the outside, so that means to me:

somewhere... :
$ ssh -XC myserver.mydomain
$ ssh -XC myworkstation

but I want to have X11 forwarding from myworkstation to somewhere, not on the server.... so it just has to be delivered - not used... is this somehow possible?
_________________
What do you have when you have six lawyers buried up to their necks in sand? Not enough sand.
My Project - open Outcast

[darkphoenix16]

Interesting...So you want to first get into your server using ssh. Then once in your server you again ssh into the workstation. Then you finally try to use X11 apps on your workstation?

so:

some.computer $ ssh -flags myserver.mydomain (your ssh)
some.computer.myserver $ ssh -flags myworkstation (servers ssh)
some.computer.myserver.workstation $ xcalc (workstations xcalc)

Is the above your situation?

If so can you tell me the output you get? Maybe the X11 info is being sent to the server and not you.

In my situation I had a server too without X. I had portforwarding setup so that when I accessed port 4444 on the server it relayed that to port 22 on the client connected to the server. The client connected to the server had ssh set up to listen to port 22 and X11 forwarding enabled. ssh on the server wasn't present as it wansn't necessary. The commands I wrote (with fake ips) were:

ssh 555.555.555.555 -l phoenix -p 4444 -X -C

where 555.555.555.555 was the address of the server and I already said what port 4444 was for.

This connected me to my client box and the server just acted as a middle man relaying information between us.

Maybe that helps? If not Ill keep trying until you get too frustrated. If you are getting errors on any machine post them. It makes it easier.
_________________
I really wish I could put something witty here.

[zaiyon]

thanks, I've been too stupid to think about that solution, I could just redirect every stuff received on port 4444 from my router to my workstation, and 22 connections to my Server, that of course works, but it is kinda not the nice way.... is there no other way to.. "tunnel" the data through ssh, over the server from client to client? If you find a way, plz tell me, I'll use the portfw way since that day comes
_________________
What do you have when you have six lawyers buried up to their necks in sand? Not enough sand.
My Project - open Outcast

[darkphoenix16]

Yah, I like using strange ports like 4444 so hackers wont know where to look for entry points. I am sure they attack known open ports like 22,21,80 so I just close them up and use other random ones.

I am not sure if there is another way to tunnel the data (other than front-ends and utilities that do the same thing. Ill let you know if I do though.

And dont be too hard on yourself
_________________
I really wish I could put something witty here.

[ljuti]

Slightly OT, but do not ever rely on security through obscurity. Using "strange ports" won't make you any safer, because a quick port scan reveals them anyway.

Just try

[darkphoenix16]

I stand corrected
_________________
I really wish I could put something witty here.

[BlindSpy]

GREAT GUIDE! I've always known abou the ssh config settings but never enough to know how to propperly set it up and use the GNOME session thing - thats just cool. Great great work. Took me about 10 minutes to read/do completely though and worked great.
_________________
Symlinks to:
xorg.conf

[nightblade]

[koroumel]

I have a hardware firewall/router, in which... I cannot ssh (obviously) . Is this solution still useable? And by the way, if I login though GDM, and let D4X download, if I dissconnect and then reconnect, will I have to relogin? And if so, will I see the same desktop (and D4X I left running) as before? gemvnc is too slow to rely on so, will this thread be a replacement?
_________________
"Yep linux is an alternative. Windows on the other hand isn't even an option"
Registered Linux User No #242616

[darkphoenix16]

Hi, thanks for the good comments Im glad others have gotten use out of it.

You can use this technique with a firewall/router, you just have to make sure the proper ports are open so that you can connect.

Im not to sure, but in the ssh configs you can set which X display you log in to. If you set that one to zero, and were also logged in at home, I believe you would be able to start a program up and it also start up at home. This way when you start an app remotely and then log out, it should still be there an progressing when you log in later as there is an instance of it at home. Does that make sense? Can anyone confirm this?
_________________
I really wish I could put something witty here.

[vdboor]

Hi,
I've read your tutorial, and there is one thing I have to mention; you don't need to enable ForwardX11 by default in ssh_config (the client config), just use the -X switch if you want to enable X11 forwarding for your session. There is a reason why these options are off by default:

From the ssh_config manual:

[darkphoenix16]

Ok, cool. thanks
_________________
I really wish I could put something witty here.

[CarlUman]

RE ssh_config
I know you comment a full line by putting # at the start of line but I'm getting an error on some of the lines where I have # to add a comment to the end of a line. Is there a way to put a comment on line like this...

[CarlUman]

Bump for any ideas on my question (see previous post)

[Lepaca Kliffoth]

Thanks! Helped me too.
_________________
It isn't enough to win - everyone else must lose, and you also have to rub it in their face (maybe chop off an arm too for good measure).
Animebox!

[RiverRat]

There is another way to do the full Gnome session remotely as well but it eludes me at the moment. These little tricks are excellent to know but exceptionally hard to find. Here is another one:

Log into a Linux system graphically (either w/ [xgk]DM or startx).
Goto one of the text consoles and login.
Type "startx -- :1" (and another xsession is started)

I don't see why you couldn't login twice w/ the same user name but every program that you run twice (including gnome-session) has the potential for some serious race conditions. That is why I use it primarily for root to login without me, and all of the crap that stays open for months at a time on my computer, having to close down and log off. By the way you can use the command multiple times; just increment the display number (:1, :2... ) each time and see how much memory you can consume!!!

Tres

[senduran]

[squeegee]

Well, this is what I do, with TightVNC.

1. Start an ssh session (sshd set up to only allow authentication by key).

2. run a startvnc script on the server, which only accepts a single connection, on localhost only, and cannot be disconnected by another user