Skip to content

Computer support

2010/02/07

Many people working with computers are also doing unofficial support for friends and relatives, myself included.

VNC is a great way to make things easier when doing typical software support.

However sometimes using direct connection with VNC might not possible. In these cases one might be able to use a public server as a bridge.

This can be done in very many ways of course. One simple way would be to use an openssh-daemon on an existing server.

Generate a crypto key pair and add public part to authorized_keys as usual. You can also add some limitations to allow only limited access.

command="/bin/sleep 60",permitopen="localhost:8989",no-pty,no-agent-forwarding,no-X11-forwarding  ssh-rsa xxxxxxxxx user@computer

The ssh key can then be used to reverse forward any connection on the server to the localcomputer.

ssh \
        -i id_rsa.remote_support.key  \
        -o StrictHostKeyChecking=no \
        -o PasswordAuthentication=no \
        -R 8989:localhost:5900 \
        -N \
        user@server 

For unix x11vnc can then be used to forward the screen to the remote host.

x11vnc -display :0.0 -localhost 

I can then easily connect to the the remote computer by letting ssh forward a port,

 ssh -L 8989:localhost:8989 support@server sleep 20  &
vncviewer -encodings "copyrect tight hextile" -compresslevel 7  -quality 5 \
-bgr233 localhost:8989

One could easily automate the process by several small scripts or possibly by having a little java applet on a webserver (a signed applet allowing it to download and execute the script for instance )

Please note that booth x11vnc as well as vncviewer have several strange settings than might be used to improve bandwidth consumptions etc.

Please not that the above assumes that port 8989 on the server is only reachable by trusted users

*Added minor spelling corrections and improvments x 4567 times

Annonser

From → Uncategorized

One Comment
  1. Sample script

    #!/bin/bash
    #
    # Remote connect to closest support
    #
    # Purpose: Allow client to connect to a support server
    #
    # Installation:
    #     Server: Create an ssh keypair with empty passphrase.
    #	      Install public @ support_server  (cat xxx >> authorized_keys )
    #	      Install private@ end of this script  ( cat xxx.pub >> $SCRIPT )
    #
    #	Install this script on client computers using java  applet or whatever..
    #         or possibly a webpage asking people to download and run this script
    #
    #      Authorized_keys ought to only grant limited logins...
    #       -> modify it as shown below ..:
    #	command="/bin/sleep 60",permitopen="localhost:8989",\
    #	no-pty,no-agent-forwarning,no-X11-forwarding \
    #	ssh-rsa xxxxxxxxx user@computer
    #
    #   
    # Support should connect 
    #
    # ssh -o port=$port -L 8989:localhost:8989 support@server sleep 20  &
    # vncviewer -encodings "copyrect tight hextile"  -bgr233 localhost::8989
    #
    # or somesuch
    # for instance ..
    # vncviewer -encodings "copyrect tight hextile" -compresslevel 7 \
    #  -quality 5 -bgr233 localhost:8989
    #
    # BUGS: SCRIPT assumes port 8989 is not accessible for trusted users.
    #
    
    server=server
    user=user
    sshport=22
    
    #
    # open this script in a new xterm !! 
    #  (but still allow it to be run without opening a new terminal ofc)
    #
    if [ "x$1" != "x-noterm" ]
    then
    	SCRIPT=$(cd $(dirname $0);pwd)/$(basename $0)
    	exec /usr/bin/xterm -e /bin/bash "$SCRIPT" -noterm "$@"
    fi
    	
    
    cd $(dirname $0)
    SCRIPT=$(basename $0)
    if which x11vnc > /dev/null && which ssh > /dev/null
    then
    	:
    else
    	echo Missing x11vnc or ssh
    	echo You must install x11vnc and openssh-client
    	echo "TODO might suggest sudo aptitude install .... emerge etc "
    	echo Press enter to exit
    	read dummy
    	exit 11
    fi
    
    umask 0077
    cat $SCRIPT | awk '/BEGIN /, /END /' | grep -v cat > $SCRIPT.key
    ssh \
    	-o UserKnownHostsFile=$SCRIPT.hosts \
    	-i $SCRIPT.key \
    	-o StrictHostKeyChecking=no \
    	-o PasswordAuthentication=no \
    	-R 8989:localhost:5900 \
    	-o port=$sshport \
    	 $user@$server -N &
    sshpid=$!
    
    
    #
    # discarding x11vnc output makes tracing a bit difficult ...
    #   .. but anyone undestanding x11nv does not need support :/
    #
    ## x11vnc -display :0.0 -ncache 20 -localhost -many > /dev/null 2>&1 &
    x11vnc -display :0.0 -localhost -many > /dev/null 2>&1 &
    vncpid=$!
    
    sleep 1
    if kill -0 $sshpid >  /dev/null 2>&1
    then
    	echo started ssh as pid $!
    else
    	echo Error connect to server failed
    fi
    if kill -0 $vncpid >  /dev/null 2>&1
    then
    	echo started x11vnc as pid $!
    else
    	echo Error failed to start VNC
    fi
    
    
    echo Press enter to exit
    read dummy
    
    kill -9 $vncpid $sshpid
    
    #
    # Activate keyrepeat once again ... 
    # ... since i assume it has been turned off by x11vnc ..
    #
    xset r on
    
    exit 0
    
    ##
    ## Add the private key here 
    ##
    

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com Logo

Du kommenterar med ditt WordPress.com-konto. Logga ut / Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )

Google+ photo

Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s

%d bloggare gillar detta: