Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Jan 2010 19:53:15 -0700 (MST)
From:      Warren Block <wblock@wonkity.com>
To:        "Karl J. Runge" <runge@karlrunge.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Remote assistance for X
Message-ID:  <alpine.BSF.2.00.1001011942150.90095@wonkity.com>
In-Reply-To: <E1NQqZJ-0005bH-00@haystack.runge.home>
References:  <E1NQqZJ-0005bH-00@haystack.runge.home>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 1 Jan 2010, Karl J. Runge wrote:

>> remotehost="lightning"
>> cmd="x11vnc -display :0 -localhost -connect localhost -ncache"
>> ssh -t -c blowfish -R 5500:$remotehost:5500 localhost "$cmd"
>
> I think you mean:
>
>  ssh -t -c blowfish -R 5500:localhost:5500 $remotehost "$cmd"
>
> right?  You want to ssh to $remotehost and have the 5500 traffic go
> through ssh to localhost:5500, no?  The use of '-R 5500:$remotehost:5500'
> implies a unencrypted leg going over the network (which may or may not
> be acceptable to you, i.e. inside your LAN, but I'm not sure.)

[Having spent some time today fighting my own firewall, I'm
reconsidering the use of relative names like "remote".]

Ideally, the supportee will start x11vnc and the ssh tunnel on their
system and not need to open port 22 on their firewall..  So maybe:

ssh -t -c blowfish -N -f -L 5500:$supporterhost:5500 $supporterhost && \
x11vnc -display :0 -localhost -connect localhost -ncache 10

> There are some ways to emulate UltraVNC single click with x11vnc:
>
> 	http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
>
> and SSL encrypted connections are described at the end of that FAQ.
> The ssvnc GUI wrapper (but not the bare ssvncviewer) can establish the
> SSL tunnel for you.

That looks more elegant.  Are the security and speed comparable to ssh?

> However, since you have ssh access to the supportee machine, I
> suggest using that.

The test machine is inside my LAN now, but once it goes out into the
wild, it will probably be behind a consumer-grade firewall with very few
incoming ports open.

-Warren Block * Rapid City, South Dakota USA

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1001011942150.90095>