# 100% truly remote access

## cbolin

I have two Gentoo machines that are in my basement.  They are both running tightVNC and I can log into them remotely and use them during that session - but if I close the remote VNC client, that session ends.  (http://gentoo-wiki.com/HOWTO_Use_TightVNC_W/_JPEG_Compression_to_connect_to_existing_X_Sessions)

What I want:

To be able to reboot machines remotely and still be able to login when they come back up via VNC (or any tool really)

AND

Be able to login to a single running session remotely and close the local VNC client without ending the session.

This way I can start downloads, or other tasks and not have to leave the VNC client running locally so they complete.

I have figured out how to do OR of the cases above, but not AND!

I think I know the answer already, but is this possible?

----------

## NeddySeagoon

cbolin,

For remote control, I prefer ssh over VNC. Be sure sshd is in the defuakt runlevel on the remote box.

The defaut VNC server behaviour is to spawn a detached X session, which you then connect to with VNC client.

Closing the  client does not close the server or any apps. You can reconnect later from the same or different machine.

If the big bad internet can have access, you need to disable root logins on ssh and set a stron password on ypur VNC server.

----------

## cbolin

I should have said this first, but I access my linux boxes from windows... is this still possible?

Do you know of a how-to anywhere?

----------

## erikm

My two cents:

I think ssh and CLI is easier, faster and more secure than the GUI solutions. IMO, the real killer app for remote adminning this way is screen ('emerge screen'). It lets you start a bash session, start programs, scripts and tasks as usual, then detach the session, log out of ssh, log back in, and reattach the session as if nothing happened, with no terminal feedback lost.You can also start any number of separate sessions inside screen.

I even use it instead of tabs in my terminal emulator...   :Very Happy: 

----------

## sandcrawler

cbolin,

SSH is certainly available for windows.  You can download  Putty here and give it a whirl.  

Also, ErikM is right, emerge screen as well.  I use this combination the the time to run torrents in the background.  Though I can't do without my tabbed console when I'm working on multiple machines... hehe

----------

## cbolin

I'm thick.  Can I use ssh to view my linux desktops from my window machines?

I want to have persistent sessions using X/Gnome (meaning I can open and close a "viewer" remotely without logging out) *AND* be able to login to X if I'm not logged in and do it all remotely.

I do use Putty to get to a CLI remotely.

I think NeddySeagoon is talking about using VNC **without** XDMCP enabled.

----------

## neuron

login remotly, do

```

nohup vncserver -localhost -geometry 800x600 -depth 16 :1

```

and a vncserver should be running, notice that it's listening only on localhost, so you'll need to connect to it through ssh

for example my command:

```

VNC_VIA_CMD="/usr/bin/ssh -f -c blowfish -L %L:%H:%R %G sleep 20".

vncviewer -passwd /home/<user>/.vnc/passwd -via 192.168.0.1  :1

```

the passwd file is the vnc password, and you still need the ssh password to connect.

----------

## cbolin

thanks neuron.  Forgive my ignorance, so via putty I would login and then do all you say?

I should disable gdm then?  And then I can open and close the putty session and the remote X session is persistent?

Sorry for being so dumb.  I've googled and googeld

----------

## cbolin

I'd be willing to paypal anyone $10-USD if they help me get this working...

----------

## neuron

the first command is run on the server, whether or not you shutdown gdm is up to you, as that X server is confugured to run on :1 and gdm might be configured to run on :0.

the second is a linux command, so it wont work in windows.

what it does is uses vncviewer to connect to localhost, on a port ssh is listening to and forwarding to localhost on the remote system.

try googling for vncviewer ssh putty, that should give some hits on page 1/2.

You need the X server running remotly, and putty needs to be connected to connect port X on your computer to port X on the remote computer (port X being the vnc ports).

----------

## cbolin

yeah, I have VNC running as it says in: http://gentoo-wiki.com/HOWTO_Xvnc_terminal_server

I can logon and use my remote machines desktops exactly as I wish.  Invoking the vncviewer on my WIndowsXP machine brings up gdm to login. 

However if I close VNC on my windows box the session is closed.    

I think I'm coming across even more stupid than I am...  :Smile: 

So I've tried doing what you suggest but when I use putty to connect.

Using PUTTY on my windows machine:

```
 nohup vncserver -localhost -geometry 800x600 -depth 16 :1 
```

then 

```
 vncviewer 192.168.1.11 :1 
```

I get:

Error: Can't open display:

If I try to use my vnc client from windows - I open a bash shell, run emerge sync (cause it takes a long time)  close the vncviewer, relogin and the bash shell is not persistent.

I did google vncviewer ssh putty as you suggest but I dont' see what I'm missing.

----------

## neuron

nohup = dont kill on the signal sent when you close the window, you can also use "screen" for this (if you run a screen session, you need to write exit to close it, and you can use screen --help (screen -list) to connect to old sessions).

a terminal service means it behaves like you've just said, I haven't done any of the steps in that howto at all.

----------

## cbolin

OH I am so close I can taste it.  Would you mind reading thru this last *hopefully* post?

I login using PUTTY on my windows machine with my desired remote linux user desktop account.  

```
$ nohup vncserver -geometry 1280x1024 -depth 24
```

Now I can use my Windows VNC client to open the desktop the way I want.  Start a kernel compile, close the VNC client, open it later and the compile is still running.

Remaining questions I couldn't find in MAN or googling:

1. Is it possible to disable the requirement to use a password when I use the VNC client to connect to the server?  I have to use root password to access my non-root desktop? Why is that?

2. What is the best way to start the X server automatically?  Meaning can I avoid the step of having to use putty to login to my linux box and start the xserver for the user's desktop I choose to use every time I reboot the server. 

Thanks so much neuron for your help.  I'd like to send you the $10- I promised.  Send me a private message with an email address

----------

## erikm

Dunno about the first one, never used VNC. A simple way to get any command run at bootup is to put it in /etc/conf.d/local.start, as in

```
# echo "nohup vncserver -geometry 1280x1024 -depth 24" >> /etc/conf.d/local.start
```

And, as far as I'm concerned at least, we're all part of the Free / Open Source Software community. If you want to return the favor, help someone else!   :Very Happy: 

----------

## cbolin

thanks Erik but won't this start with root credentials?  For it to work in the scenario above it needs to be run as the account of the desktop I want to use.

```
 cd /home/cbolin;sudo -u cbolin nohup vncserver -geometry 1280x1024 -depth 24;cd - 
```

is that a safe way to do it?Last edited by cbolin on Thu Sep 22, 2005 5:19 pm; edited 1 time in total

----------

## erikm

Ok, then do

```
# echo "su - <your username> -c "nohup vncserver -geometry 1280x1024 -depth 24"" >> /etc/conf.d/local.start
```

 :Wink: 

----------

## neuron

yes that will start it as root = bad idea.

you can however put sudo -u <username> <command>

1 : if your connecting through ssh, you dont need the root password unless you connect with the root user.  You can connect as any user to the remote system through ssh, and then connect to vncviewer after that.  The authentication of vnc and ssh are different.

You can use the -passwd option for vncviewer if you dont want to write in the vnc password.

You can use ssh public keys for authentication through ssh without a password.

2 : use local.start + sudo?

And no 10$ neccesary, helping people I do for free  :Smile: .

//edit, ErikM was quicker than me replying, su/sudo doesn't really matter, just dont run it as root  :Wink: .

----------

## erikm

No, with su - <username> -c <command> it will be started by the user. Try it.

----------

## neuron

 *ErikM wrote:*   

> No, with su - <username> -c <command> it will be started by the user. Try it.

 

we posted at the same time  :Wink: , notice the //edit :p

----------

## erikm

Right, I just did.   :Smile: 

----------

## cbolin

 *neuron wrote:*   

> 
> 
> 1 : if your connecting through ssh, you dont need the root password unless you connect with the root user.  You can connect as any user to the remote system through ssh, and then connect to vncviewer after that.  The authentication of vnc and ssh are different.
> 
> 

 

So now I need to figure out how to ssh with VNC client on Windows.  ugh.  Thought I was almost there.  

Any suggestions you haven't already given.

Thanks guys so much.

----------

## neuron

well putty can do that, what you need is to have it work as a tunnel, I can't remember exactly how though.

You can skip that entire step, if you dont use the -localhost switch, but it's far far more secure if you do (as everything will be authenticated using ssh, and be encrypted).

----------

## cbolin

I'll have to figure that out.  I guess putty spawns the local vnc client?  Anyway.

Still don't get why I have to use my root password to logon to the remote desktop - even though it is a non-root account.

----------

## neuron

I'll try to explain it better.

putty/ssh can connect directly, and work as a tunnel for data, it's completely seperate from vncviewer really, it just links the two ports.

example:

on the server system, xvnc listens to port 1

putty connects through ssh, to any account on the server, and starts listening on the client on port 2, to forward it to port 1 on the server system.

when the client connects to port 2 on the client, data from that is forwarded to port 1 on the server.

that way you have a secure connection, all data is sent through ssh encryption, and authenticated using ssh.  Which password when you log into ssh depends on which account you use on connect, and doesn't matter at all.

----------

## NeddySeagoon

cbolin,

Can you install cygwin on Windows so you can have a proper X server ?

----------

## MrBlc

my god there's alot of difficult configs here...

why not just simplify it all, and have 

1:

create a init.d script that can start a desktop with the proper su - username command...

2:

refer to that script in rc-update so it will start with boot (in case of reboots)

3:

screw ssh when it's on the local network, and rather use ssh from the outside (it's obvious that cbolin originally wants this  to happen when on local network)

then, when remote, use ssh to port forward a connection through the ssh tunnel, and use vncviewer to open the desktop through that tunnel with localhost::portnumber as adress.

that would require that portnumber to coincide with the listening port on the server in question (although not opened in the firewall cuz that kinda defeats the purpose)

now.. the init.d script would look a little something like this:

```

#!/sbin/runscript

# Copyright 1999-2005 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: $

depend() {

        need net

}

start() {

        ebegin "Starting VNC desktop 1"

        /path/to/suexecutable - <your username> -c "nohup /path/to/vncserverexecutable -geometry 1280x1024 -depth 24" 

}

stop() {

        ebegin "Stopping VNC desktop client"

        /path/to/vncserverexecutable -kill :1

}

```

save it as net.vnc or something that is easily identified..

that will start and stop a vncserver with init.d commands rather than whatever you're trying to pull..

using 'rc-update add -nameofvncinitdfile- default' will give you the same function at boot time

that is a persistent vncserver as well.. so no more hassle..

-blc

----------

## Randy R

What do you think of free-nx?

----------

## brot

Yes, freenx is really the best solution for this  :Smile: 

http://gentoo-wiki.com/HOWTO_FreeNX_Server

It works really really well, secure (everything tunneled through ssh), and is amazingly fast even on old hardware and not really fast connections..

give it a try, it will be well worth it...

----------

