From owner-freebsd-questions@FreeBSD.ORG Sat Jan 2 02:53:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55C231065676 for ; Sat, 2 Jan 2010 02:53:17 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) by mx1.freebsd.org (Postfix) with ESMTP id 0FC048FC19 for ; Sat, 2 Jan 2010 02:53:16 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.3/8.14.3) with ESMTP id o022rFjp090122; Fri, 1 Jan 2010 19:53:15 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.3/8.14.3/Submit) with ESMTP id o022rFK0090119; Fri, 1 Jan 2010 19:53:15 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Fri, 1 Jan 2010 19:53:15 -0700 (MST) From: Warren Block To: "Karl J. Runge" In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (wonkity.com [127.0.0.1]); Fri, 01 Jan 2010 19:53:15 -0700 (MST) Cc: freebsd-questions@freebsd.org Subject: Re: Remote assistance for X X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jan 2010 02:53:17 -0000 On Fri, 1 Jan 2010, Karl J. Runge wrote: >> remotehost="lightning" >> cmd="x11vnc -display :0 -localhost -connect localhost -ncache" >> ssh -t -c blowfish -R 5500:$remotehost:5500 localhost "$cmd" > > I think you mean: > > ssh -t -c blowfish -R 5500:localhost:5500 $remotehost "$cmd" > > right? You want to ssh to $remotehost and have the 5500 traffic go > through ssh to localhost:5500, no? The use of '-R 5500:$remotehost:5500' > implies a unencrypted leg going over the network (which may or may not > be acceptable to you, i.e. inside your LAN, but I'm not sure.) [Having spent some time today fighting my own firewall, I'm reconsidering the use of relative names like "remote".] Ideally, the supportee will start x11vnc and the ssh tunnel on their system and not need to open port 22 on their firewall.. So maybe: ssh -t -c blowfish -N -f -L 5500:$supporterhost:5500 $supporterhost && \ x11vnc -display :0 -localhost -connect localhost -ncache 10 > There are some ways to emulate UltraVNC single click with x11vnc: > > http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick > > and SSL encrypted connections are described at the end of that FAQ. > The ssvnc GUI wrapper (but not the bare ssvncviewer) can establish the > SSL tunnel for you. That looks more elegant. Are the security and speed comparable to ssh? > However, since you have ssh access to the supportee machine, I > suggest using that. The test machine is inside my LAN now, but once it goes out into the wild, it will probably be behind a consumer-grade firewall with very few incoming ports open. -Warren Block * Rapid City, South Dakota USA