Making My Grandparents Leet Linux Users - Part 3
Be sure to read Part 1 and Part 2 of this series also.
I use some common Linux tools to remotely support my Grandparents’ PC. These tools are SSH and X11vnc. X11vnc lets me take over the display, and the VNC traffic is tunneled with SSH. They can be a bit of work to set up, but work beautifully.
If these servers are not installed, install them with this command:
sudo apt-get install openssh-server x11vnc
It is a good idea to change the SSH port because there are so many brute force attacks on port 22. Open the file /etc/ssh/sshd_config in a text editor and change the port to a high number. Then restart the SSH server to make the change take effect:
sudo /etc/init.d/ssh restart
Chances are that your average Grandparents don’t have a static IP address. To use SSH you need to know the current IP address of the remote computer. I use a free service called DynDNS to associate a domain with the remote computer. To do this, get a free account at DynDNS and add a dynamic DNS service. When setting it up, the important part is to choose a hostname and enter in the IP that it will initially point to.
Now you need to set up a client that will tell DynDNS if the PC’s IP address changes. I used the “inadyn” client that can be downloaded from here. To run it when the computer starts up, open xfce-autostart-editor and click “Add”. (If you are not using Xfce open the equivalent editor in your environment.) Your inadyn command should look like this:
inadyn -u username -p password -a hostname --iterations 1
Replace “username” and “password” with your DynDNS credentials. Replace “hostname” with the hostname you set up on DynDNS’ website. Once you run inadyn, you can test it by pinging the hostname you set up and making sure it resolves to the global IP of the computer you want it to point to.
Instead of leaving the X11vnc server running all the time, I prefer to SSH in and start it when I need it. The VNC traffic should also be tunneled through SSH to make it secure. Use the following command to connect to the remote computer and start a tunnel.
ssh -p 22 username@hostname -L 1111:localhost:5900
Replace “22” with the SSH port the SSH server is listening on. Replace “username” with a user on the remote computer and “hostname” with your DynDNS hostname. Port 5900 (the VNC port) on the remote computer will be forwarded to port 1111 on your computer. Now start X11vnc on the remote computer with the command line that opened:
x11vnc -usepw
If the connection is slow, I find it is best to scale down the VNC display. This is easy to do, just use the -s option with a fraction to scale by. This command starts X11vnc but scales the output by two-thirds:
x11vnc -usepw -scale 2/3
Now that the X11vnc server is running, it’s forwarded to your local port 1111 because of the SSH tunnel. You can connect to it from from the command line with this command:
vncviewer localhost:1111
That should prompt you for the password and open a window displaying the remote screen. Alternatively, you can connect in Gnome using the Terminal Server Client instead of vncviewer on the command line.
I just love the Linux tools for remote support, they are both powerful and secure. Almost any problem my Grandparents may have I can solve from my own computer. In the past when I ran Windows, I used LogMeIn which was easier to set up but less secure because the client was running all the time and connected through LogMeIn’s servers. That is it for this series, unless I can find some more topics on Linux for Grandparents. Thanks for reading!
Archived Comments
pipi
“to a high number”??
Only he who knows knows what this is, so why telling those who know what they
can undertand if they already know?
pipi
I see that:
x11vnc viewer has built-in SSL encryption and authentication. No need for the ssh tunneling?
And it has mDNS service advertising. How id this used?
Paco
1) I wonder whether the vnc viewer through the ssh tunel could be used with a firewall that filters x11vnc’s server port. If so, then this could be an advantage to Christer’s suggestion about using vncviewer.
2) You haven’t explained what would you exactly see after executing
vncviewer localhost:1111 on you PC. Which desktop, which screen of which user.
3) quote: “To run it when the computer starts up, open xfce-autostart-editor and click “Add”. (If you are not using Xfce open the equivalent editor in your environment.)”
Most users would like to know how to find the equivalent thing without spending hours trying to find it and then asking in forums.
wsfo
Pipi-
IP port numbers go from 0 to 65,536 (2^16).
The ‘lower’ numbers, 0 to 1023 (2^10), are reserved for common standard
functions, like 80 for http.
The higher port numbers, over 1024 are pretty much available for whatever you’d
like to use them for. In fact, some of them also have common uses – 8080 is
often an alternative for http. Just don’t use the same port twice!
David
I really like this, but in my case, my parents have a couple of computers.
They have a static IP address and sit behind a router. Would the solution in this case to set a side a couple of ports to forward to different internal IPs?
Christer Edwards
I haven’t used the x11vnc but there is built-in ssh tunneling in the vncviewer client if you weren’t aware. You can do away with the -L port bindings and just use:
vncviewer -via user@host localhost
There you go. Tunnels the connection for you without all the extra port binding :)