VNC help?

[Mail List]

On Saturday 22 September 2007 05:34:25 pm Frank Cox wrote:
> On Sat, 22 Sep 2007 14:26:51 -0700
>
> Dave Stevens <geek at uniserve.com> wrote:
> > Tha part I don't understand is whether I need my ISP to park an IP
> > address on me and if not what do I do? Do I need to get a domain name? or
> > what?

  ..
>
> You can log into your machine remotely using your static address (if you
> have one) like this:
>
> ssh 192.168.0.1
>
> That will take you to 192.168.0.1.
>

   Additional comment or 2. Once you have a way to get your home IP address, 
whether static or otherwise, you should NEVER leave vnc server port open to 
the internet. Instead use vnc via a ssh tunnel. I'm assuming your runnign vnc 
on the root X - so you can see whatever is on the screen at home. 

   1) Set up ssh on a different port than 22 (will keep your secure log 
clean). Say you pick 12345 for the port. Use your internet router to forward 
12345 to port 22 on your home linux machine - or if your machine is on the 
DMZ then add Port 12345 to /etc/ssh/sshd.conf (Not required but recommended)

  2) Set up ssh tunnel to your pc which forwards vnc port

      Can do on command line, but for convenience add this to your 
~/.ssh/config

     Host   home
     Hostname  [your ip here]
     Port            12345
     LocalForward  15900 localhost:5900
     ForwardAgent  yes

  3) Now to set up the tunnel for vnc you just do this:
      ssh home

   4) Connect vnc to localhost:15900 (which is tunneleed to your home pc)

       vncviewer -passwd <your vnc pass file> localhost:15900 

   Which shud bring up vnc client securely inside the ssh tunnel. 

   Test this inisde your network before you venture to external connections. 
Good luck.