[Gloucs] Remote Desktop over the web with two Linux Computers

Glyn Davies glynd at walmore.com
Sat Sep 23 11:34:00 BST 2006 

Christian Trapp wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Keith,
>
> I am a little unexperienced with networks. My friend in Germany and I
> tried you hint and it still not worked. That has to do, that I
> honestly don't know in detail what we do really. May I ask you some
> more questions about this.
>
> We open the hardware firewall with portforwarding on our routers on
> port 3389
> We open the software firewall on our distributions (guarddog) and tick
> the VNC service.
>
> 1. We use Krfb (Desktop Sharing) from KDE
> 2. He is producing an invitation with a password and the IP 192.168.2.5:0
> 3. He sends me this details
> 4. I am starting Krdc (Desktop Sharing)
> 5. I type in on Krdc his external IP 85.106.243.65:3389
>
> But we still have no connection. Did we forget something like ticking
> the SSH etc.?
>
> Thank you for your help again
> Regards
> Christian
>
> - --
> What is LINUX? Visit http://www.linux.org/info/faq1.html
> This is a signed email, and the signature allows a recipient to check
> that I am, indeed, the author.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFE7HADcwkxcFMxHURAoRdAKD7WtWwttoBnO8n/u860ZgfmcB8IQCdFirt
> Y3qsntm6yYgBBQCywJYFDOM=
> =J04a
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
>
>   
Christian,

I don't know the tools you are using but this may be another way around 
your problem.

Firstly, I'd be a little wary of opening ports to a VNC service. I think 
SSH would be better. They spend a lot of time worrying over security in 
SSH but perhaps less so in VNC. Get your friend to create an account for 
you on his machine. Call it christian15 or something that isn't a normal 
name. An open open SSH port will have people trying to log in on it. 
Best not let them guess the valid login. The SSH server can also be 
setup to only allow christian15 to log in. Do this. It means all those 
hackers trying to log in as root are wasting their time. Your friend 
then only needs to open port 22 on his firwall and distro. On his 
firewall he will have to forward port 22 to his machine. (I have assumed 
he as an external router/firewall)

To find his machine on the internet use a service such as dyndns 
(www.dyndns.org) and get him to run one of the many dyndns clients that 
are out there. I use ddclient which gets around publishing the local IP 
(192.168.x.x) instead of the real Internet one.

You then and log in by

ssh -X -o "Compression yes" mymate.dyndns.org

-X enables X forwarding. Compression helps speed things up. Obviously, 
swap mymate for the name he has chosen for his machine on dyndns.

You can then run the client you are running now on his machine. He can 
then invite you by sending the invite to his own machine. You will get 
the VNC session back tunnelled over SSH.

Anyway, I hope this gives you another way to consider. Certainly what 
you have described before should work (once you get things right) so I 
wouldn't give up on it just yet.

Does his firwall logs show that he is blocking you at all?

Actually, reading what you have said above again, are you sure the KDE 
remote desktop stuff uses VNC? Does it use VNC over SSH?

-- 
Best Regards
Glyn Davies

More information about the gloucs mailing list