Notices


Reply
Thread Tools
JayOnThaBeat's Avatar
Posts: 1,028 | Thanked: 578 times | Joined on Mar 2009 @ Chicago
#1
Getting VNC set up through an SSH Tunnel between your N8x0 (possibly 770) and your MS Windows PC!


Disclaimer:
If you are not comfortable with altering settings on your pc or using the terminal on your tablet, turn away now.

Note:
I use Windows as my primary OS. Much of this should be adaptable to Linux. (If you use Linux as your primary OS, you're already pretty smart, right? )


FYI:
VNC allows you to remotely control a remote PC, provided you have the proper credentials.

SSH is a secure shell that allows you an encrypted connection.

VNC alone has no encryption, and is therefore a security risk. By operating thru an SSH tunnel, you provide encryption to your VNC connection.



The first 3 parts will all be done on your pc.





|-1-| Setting Up a SSH Server on your Windows PC |-1-|


Re: VNC Viewer: Not necessary, but is the only way to establish an SSH tunnel.

Re: SSHFS remote drive mounting: Necessary.


a.
Install Copssh
http://sourceforge.net/projects/sere...r.zip/download

This is all pretty straightforward.

During the process it will create a user account. DO NOT delete this account. (I did, then the service stopped working, so I had to reinstall ... )


b. Activate a user account.

Go over to the Start Menu, and in the Copssh folder, there will be an option to "Activate User."

You can choose any account on the computer. Of course, to really get that great remote usage feeling, you're gonna want to activate your windows account.

MAKE SURE YOU HAVE A PASSWORD ON THE ACCOUNT YOU ACTIVATE!!!

After you select the options for activation (I just leave them as they are), it will prompt you to set a 10 - 30 character passphrase. What you want to do, for awesome security, is open notepad, and type 30 random characters (numbers, letters, #@$ type things, spaces) all mixed up then, copy it and paste it twice into the two boxes. You will never need to remember the passphrase, but the crazier it is, the more secure your tunnel will be (at least, i think.. you might want to save the notepad file just in case... somewhere secure of course, like on a flash drive).

Copssh runs as a service in the background, so the only way to tell if it's running is to use it (after all steps) or run services.msc (which isn't necessary... just assume its running until something leads you to believe otherwise.)


c.
Edit Copssh config files
It's just two strings in two files, so relax

Navigate explorer to the install directory (Program Files\ICW\ by default). Then open the etc directory.

Open file ssh_config in a text editor (notepad does NOT handle these files well...)

(I personally prefer PSPad ( http://www.brothersoft.com/download-...tor-24977.html ) It seems to work much better AND it doesn't have weird incompatibilities like notepad does.)

One of the first lines under the comments should look like
Code:
#Port 22
At this point, pick a random 4 digit port number... anything, really (well mostly). Let's say we pick 2222.

You want to make that line read
Code:
Port 2222
Now save the file, and exit your text editor.

Now, open sshd_config.

Again, find the line
Code:
#Port 22
and change it to
Code:
 Port 2222
Now, save that file and exit.

The reason I suggest to change the port, is because port 22 is the default, and if anyone is going to try to get into your system, that's one of the first places they will start.

NOTE: When I refer to Port 2222 in the rest of this guide, I will be referring to that port.




|-2-| Setting up a VNC Server |-2-|


Re: VNC Viewer: Duh! Yes, absolutely necessary.


The three servers I have found are UltraVNC, TightVNC, and RealVNC. They all seem to perform the same functions, it's just a matter of preference and compatibility.

UltraVNC: http://www.uvnc.com/download/1065/1065full.html

TightVNC: http://www.tightvnc.com/download.php
TightVNC mirror driver: http://www.demoforge.com/dfmirage.htm

RealVNC: http://www.realvnc.com/cgi-bin/download.cgi

The following are instructions in regards to UltraVNC.

This is the one that I use, because it seems to be the only one of the three that seems to be fully compatible with VIsta 64bit. By that, I mean that it runs as a service correctly, which means that it loads even if you are not logged in.

It is best to play around with the options once installed (to test what works best for you), but the important ones to set are

Admin Preferences dialog:
  • VNC Password,
  • [x] Allow Loopback Connections
Server Properties Page dialog:
  • Video Hook Driver

Also, you definitely want to make sure your Video Hook (mirror) Driver is working properly. I believe on most systems, it should work by default, but if it isn't, you can download an alternative one (for UltraVNC specifically) from http://sc.uvnc.com/105/drivers.zip .


Want to be very secure?

If you are planning to use VNC over an SSH tunnel (which I highly recommend), you can set UltraVNC to only accept incoming connections from your tablet.

In explorer, goto program files\Ultravnc and edit ultravnc.ini. There will be a line that says
Code:
AuthHosts=
Change it to read
Code:
AuthHosts=-:+127.0.0.1
This will allow only your tablet access to your pc. (Well, technically anyone setup to access your pc that can use localhost:1 to login... for most of you, this is just your tablet).

I did not realize how much of an issue this was until suddenly I received an incoming access request from some random IP address. I had the box come up with a 10 second delay, and then auto accept.... that would not have been good.

If you have your settings set how I have them, I can't imagine why it wouldn't work (that's not to say that it will work...)


If you choose to use another VNC server program, I would imagine you can adapt the above settings to work in that program. The important thing is to find one that works well for you. (I could not really test them properly because VIsta64 = poop).




|-3-| Setting Up a Local Static IP and Port-Forwarding |-3-|

Re: Everything: Necessary!

NOTE:

I have a router. I would imagine that most out there do to. Even if not, you should still be able to adapt my strategy to fit your circumstance. Hopefully..........


a.
Setting Up a Local Static-IP
The purpose of this step is to guarantee that your router always assigns the same local IP address to your PC. Otherwise, the Port-Forwarding (later...) will stop working.

Here is a really great guide for this. (I followed the Vista one for obvious reasons...)

For Vista Users
For XP Users

Finished? Awesome!

Here's a rundown of what you just did (for those of you reading ahead

You told your network adapter that rather than getting a local IP address automatically, it would demand the same one every time it connects.

For example's sake (for the rest of this guide) we will call the new static ip address 192.168.1.10.

Again, yours will probably be different, but whenever I refer to that IP above (192.168.1.10), I am talking about your new local static IP.


b.
Port-Forwarding
For most of us, our good friends over at PortForward. com have made this fairly easy to get started.

(remember your new local static ip address, and your VNC port... you will need it soon!)

First, visit PortForward.com, and find your router on the list.

Then, a big advertisement page will pop up. Simply, click "Skip this ad" at the top.

You will be brought to a page where it asks you to select the program you are trying to set up. TightVNC is on the list. (Its settings seem to be universal for VNC servers).

From here, it gives you illustrated instructions on how to set the program up (note that the instructions it gave me told me to open 3 ports, whereas I only really needed to set up port 5900 . Of course, results may vary.

Remember 192.168.1.10? The local static-ip you set up? You're gonna need that during this process!


NOTE:
For anyone having issues on this part (maybe your router wasn't on the list...) this is the bottom line of this section:

You are telling your router that trafftic coming in to your.ip.add.ress:2222 and your.ip.add.ress:5900 should point to your local static-ip (192.168.1.10 in my examples). So if you can figure it out how to make it do that, you are all good.


***
So, by now you should have just set up forwarding for VNC. Now, go back and do the same thing for the ssh port [port 2222 (or whichever you chose) from earlier].


c.
Opening the Ports on your Firewall
I use Windows Firewall, and all I had to do was go to exceptions, and add ports 2222 (tcp) 5900 (tcp)


Now, reboot your machine!


If all has gone well, your PC is set up!




|-4-| Setting Up Your Tablet |-4-|

This assumes you are establishing the SSH tunnel. IF NOT, then skip the parts regarding SSH and Personal Menu.


a.
Install VNC Viewer, openSSH, and Personal Menu on your tablet.

Should all be in Extras.


b.
Set up an openSSH Personal Menu Entry

I just want to preface this part by saying you guys are lucky that you don't have to go thru the hell I went thru figuring this out.

Originally Posted by Addison
I've read through your posts, tried to comprehend your troubles, and even watched daily as you nearly had a mental breakdown because of it. *lol*
So, it's simple now!


Feel free to thank me! (stskeeps isn't the only Karma-whore )

1. In personal menu, goto Create a new command (the +).

2. Name it. (SSH Tunnel or something)

3. command to execute =
Code:
ssh -L5901:127.0.0.1:5900 your.ip.add.ress -lWinUsername -p 2222 -v
So lemme break this part down

  • ssh = the command, duh!
  • -L5901:127.0.0.1:5900 = ...well, i'm still fuzzy... sufficed to say, you base the 5901 and 5900 off of the port you picked for tightvnc. so, if you stuck with 5900, just keep this the way it is. If you picked, say 3000, u'd put 3001 and 3000... get it?
  • -lWinUsername = (that's a lowercase L)... for example, I put -lJay... get it?
  • -p 2222 = specifies the port to use. thats the port we set for CopSSH on the pc.
  • -v = thats just for verbose mode, so you can see what it's doing.
Then, check "Run in terminal", select your icon, and hit save.


***
NOTE that this all assumes highspeed connections. If you are connecting over a super slow DUN connection (like I am also doing over my Boost Phone, in addition to wifi) then create a second PM entry, and repeat all the steps above, adding -C to the command string.
***

Now, to test it!

Go ahead, and run your SSH Tunnel PM entry.

It should prompt you for your windows password. Give it.

Also, at some point, it will ask you if you are sure you want to connect. Type YES of course!

If everything works correctly, u should get a linux prompt. This means, you are now connected via an ssh tunnel to your home pc!


Now, open VNC Viewer.


Hit the connect button (the little connected plug).

For VNC server, enter localhost:1

If all is configured properly, you will be prompted for a password. This is the password set up in TightVNC, the one that allows mouse and keyboard control.

Once that is entered, you will see your desktop!

Ta-Da!




|-5-| Optional Stuff |-5-|


A) Access your PC Files thru the Tablet's Filemanager (by qole)

1. Install sshfs

In a terminal:
Code:
sudo apt-get install sshfs
2. Follow THESE instructions!




B) Set up a free DynDNS.com account


Most people do not have STATIC IP addresses assigned to them by their ISP. That means that every so often, your external IP address changes.

You can use this service to create a [FREE] customized url that will redirect to your currently assigned IP address.

By installing the accompanying software, your DynDNS account is updated whenever your IP address changes.

In short, you can replace the your.ip.add.ress in the SSH tunnel command string with your new custom url and never have to worry about changing it.



C) Create batch files on your PC desktop to easily adjust screen resolution


1. Install 12noon Display Changer ( http://www.12noon.com/files/dc-setup.exe )

2. Create two different batch files on your desktop.

[NOTE: my executable is dc64cmd.exe b/c I am using Vista 64bit. Adjust this accordingly.]

The first, called tabletres.bat:
Code:
@echo off
cd "\progra~1\12noon Display Changer"
dc64cmd -width=720 -height=480 -depth=16
The 720x480 fits nicely on the tablet screen.

The other, called pcres.bat:
Code:
@echo off
cd "\progra~1\12noon Display Changer"
dc64cmd -width=1024 -height=768 -depth=32
I use 1024x768 default, adjust accordingly. This is to switch back to after u run tabletres.bat.

These are much easier to access than going thru display properties.


-=*-=*-=*-*=-*=*-=*-*=-**=-*=-*=*-*=-*=*-=*-*=*-=*-*=-*=*-=



Unfortunately, beyond what I have posted in this guide, I don't know what good I will be with troubleshooting. I barely understand it myself.

But, ask anyway, and I'm sure others will answer (others answering my pleas helped me get it working!).

Also, this is the thread that I referenced a lot during my attempts to get it to work (although I didn't get a lot of it... but I'm sure it's just me )



Thanks to luca, qwerty12, qole, Addison and anyone else who helped me get this together!

__________________
maemo.org search
I AM NOT A ROLE-MODEL.

Last edited by JayOnThaBeat; 2009-09-11 at 04:27. Reason: total re-vamp (so read again!)
 

The Following 21 Users Say Thank You to JayOnThaBeat For This Useful Post:
Addison's Avatar
Posts: 3,811 | Thanked: 1,151 times | Joined on Oct 2007 @ East Lansing, MI
#2
Witness!!!!!!!!!!!!!!


Dude that is huge!

Big time thanks chief!

You're a major life saver!
 
JayOnThaBeat's Avatar
Posts: 1,028 | Thanked: 578 times | Joined on Mar 2009 @ Chicago
#3
I just hope it works.

Somebody post back and tell me they got it working or what went wrong.
__________________
maemo.org search
I AM NOT A ROLE-MODEL.
 
qole's Avatar
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#4
Thanks so much for typing that up!

Another VNC server / viewer for Windows is RealVNC. I prefer it because it handles the startup stuff for you (you don't have to put anything in your start folder) and runs as a service, so it will let you log in remotely.

But I use WinXP, I can't guarantee it works with later versions of Windows...
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
 

The Following User Says Thank You to qole For This Useful Post:
JayOnThaBeat's Avatar
Posts: 1,028 | Thanked: 578 times | Joined on Mar 2009 @ Chicago
#5
Originally Posted by qole View Post
Thanks so much for typing that up!

Another VNC server / viewer for Windows is RealVNC. I prefer it because it handles the startup stuff for you (you don't have to put anything in your start folder) and runs as a service, so it will let you log in remotely.

But I use WinXP, I can't guarantee it works with later versions of Windows...
Ya, I tried RealVNC first actually, but I couldn't get it configured correctly (couldn't login from the network, which I could do from the beginning with TightVNC).

Actually, there is an option to run TightVNC as a service, but I am not able to log in without the server program already running, so imo it defeats the purpose. (unless I'm doing something wrong, which is very possible.)

You mean you can have the windows user account logged out, then log into it with RealVNC? Interesting....

///EDIT
I'm looking into this. Update possibly in the near future,
__________________
maemo.org search
I AM NOT A ROLE-MODEL.

Last edited by JayOnThaBeat; 2009-08-26 at 07:18.
 
Posts: 183 | Thanked: 18 times | Joined on Jul 2009 @ italy
#6
I tried it, and , as rDesktop, does not work if i connect via bluetooth or on hotspot other-than-mine... ports are forwarded...i dunno what i can do ç_ç
 
Posts: 250 | Thanked: 300 times | Joined on Sep 2007
#7
Use portableapps TightVNC Portable for a VNC solution that limits what gets written to your Windows registry.
__________________

Last edited by dkwatts; 2009-08-26 at 15:06.
 
JayOnThaBeat's Avatar
Posts: 1,028 | Thanked: 578 times | Joined on Mar 2009 @ Chicago
#8
Originally Posted by pinguino89 View Post
I tried it, and , as rDesktop, does not work if i connect via bluetooth or on hotspot other-than-mine... ports are forwarded...i dunno what i can do ç_ç
That is odd.

I can even connect from my super slow Boost Mobile 19.9kbps DUN hookup.

I wish I was more of a troubleshooter. Are you able to establish the SSH tunnel?
__________________
maemo.org search
I AM NOT A ROLE-MODEL.
 
qole's Avatar
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#9
Originally Posted by JayOnThaBeat View Post
You mean you can have the windows user account logged out, then log into it with RealVNC? Interesting....
Yes, when my XP server reboots due to an "important update" (that Microsoft pushes onto me) reboots the computer without my permission, I can use RealVNC to log back in.

Another cool thing you can do once you get an SSH server onto your Windows computer: you can use sshfs on your tablet to map Windows file folders onto your tablet. So anywhere you can get WiFi (or, if you tether to a phone, anywhere you can get service) you can access your files as though they were on the tablet...
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
 

The Following 3 Users Say Thank You to qole For This Useful Post:
JayOnThaBeat's Avatar
Posts: 1,028 | Thanked: 578 times | Joined on Mar 2009 @ Chicago
#10
OK, so I've been peepin the scene (as much of a scene as there is for VNC server software) and I've drawn 3 conclusions.

1. TightVNC seems to get screen data the fastest, but the "run as a service" aspect of it doesn't appear to work in vista. The service starts, and runs, but no VNC logins are possible and the service helper application never starts. Therefore, of course, you have to have your windows account logged in to use it (at least in vista).

2. RealVNC is probably awesome. Unfortunately, no vista support, so there's not much I can do.

3. UltraVNC appears to be the best alternative, because like RealVNC, it runs as a service (and actually works). The screen refresh seems a tad slower than TightVNC, but I'll take that in exchange for being able to login to my windows account.

<updating the guide to add UltraVNC as a server choice>
__________________
maemo.org search
I AM NOT A ROLE-MODEL.
 

The Following 3 Users Say Thank You to JayOnThaBeat For This Useful Post:
Reply

Tags
ssh tunnel, vnc, windows

Thread Tools

 
Forum Jump


All times are GMT. The time now is 09:34.