Posts Tagged by dns

vnc ssh tunnel for remote graphical support

07-Jul-2012 Posted by Sonia Hamilton under , ,
No Comments

I was doing remote internet support the other day for a friend in England (and noticing how cheap their internet access is eg a fast unlimited O2 package is £21 ($AU31) versus the $AU60-80 we pay in Australia). Here’s how I connect remotely to the person’s desktop in graphical mode, using vnc and an ssh tunnel.

1. I setup a dyndns client (eg dyndns, tinydyndns, ez-ipupdate) so I can connect to the changing ip address of their machine by a dns name eg fredbox.dyndns.org

local% sudo apt-get install ez-ipupdate

2. I copy my ssh key to their account – this way I’ll always have access and they can change their password in the future:

local% ssh-copy-id fred@fredbox.dyndns.org

3. I want to connect to vnc running on their desktop, so I can see what they see. But vnc runs on port 5900 and I don’t want to leave that open to the Internet. So I build an ssh tunnel, and startup vnc on the remote machine:

fredbox% ssh -L 5900:localhost:5900 fred@fredbox.dyndns.org
fredbox% x11vnc -safer -usepw -localhost -once -noxdamage \
         -nowf -ncache 0 -scale 2/3 -display :0

4. And finally, I start up my vncviewer on my local Linux/Mac machine, and enter my vnc password when prompted:

local% vncviewer -encodings "copyrect tight zrle hextile" \
  -bgr233 -compresslevel 5 localhost

So here’s a little script that brings it all together:

#!/bin/bash
# kill any previous/hung vnc's
ssh fred@fredbox.dyndns.org 'pkill x11vnc'
ssh -f -L 5900:localhost:5900 fred@fredbox.dyndns.org \
    'x11vnc -safer -usepw -localhost -once -noxdamage \
      -nowf -ncache 0 -scale 2/3 -display :0' \
    && sleep 5 \
    && vncviewer -encodings "copyrect tight zrle hextile" \
         -bgr233 -compresslevel 5 localhost

Ssh SOCKS proxying, DNS proxying, Tunnelling

12-Jun-2008 Posted by Sonia Hamilton under , , , , , , ,
No Comments

Mary Gardiner answered one of Voytek Eymont’s questions on the SLUG list by referring to the ssh socks proxying post on Ubuntu Blog. I was already familiar with ssh socks proxying, but that page has a good set of comments and links. A summary of that post, plus some other notes:

  • setup via $ssh -D 9999 username@ip-address-of-ssh-server, configure web browser socks 5 host (not http proxy) to localhost:9999 (On Firefox: Preferences, Advanced, Network, Settings, Manual, SOCKS Host. FoxyProxy really helps with this – you can setup wildcards to send certain URLs via certain proxies eg for when connecting via a VPN to work)
  • http proxying can be setup at the command line (for use by wget, apt, etc) with the http_proxy environment variable. For example export http_proxy=’http://user:password@1.2.3.4:3128/’; cmd1; cmd2; export http_proxy=”
  • configure apt to use a proxy via /etc/apt/apt.conf by using Acquire::http::Proxy “http://username:password@proxyserver:port/”; See Using apt-get behind a proxy.
  • there’s also corkscrew (preferred), connect.c, and proxychains to secure other traffic or setup tunnels automagically in ~/.ssh/config. For example:
% sudo aptitude install corkscrew

% cat ~/.ssh/config
Host foo.bar.com
    User me
    Port 443
    ProxyCommand corkscrew 1.2.3.4 8080 %h %p ~/.ssh/proxyauth

% cat ~/.ssh/proxyauth
username:password

Jan/2011:

export http_proxy='http://219.93.2.113:3128/'