7 Jul 2012
I was doing remote internet support the other day for a friend in England - here’s how I connect remotely to the person’s desktop in graphical mode, using vnc and an ssh tunnel.
- I setup a dyndns client (eg dyndns, tinydyndns, ez-ipupdate) so I can connect to the changing ip address of their machine by a dns name eg fredbox.dyndns.org
local% sudo apt-get install ez-ipupdate
- I copy my ssh key to their account - this way I’ll always have access and they can change their password in the future:
local% ssh-copy-id fred@fredbox.dyndns.org
- I want to connect to vnc running on their desktop, so I can see what they see. But vnc runs on port 5900 and I don’t want to leave that open to the Internet. So I build an ssh tunnel, and startup vnc on the remote machine:
fredbox% ssh -L 5900:localhost:5900 fred@fredbox.dyndns.org
fredbox% x11vnc -safer -usepw -localhost -once -noxdamage \
-nowf -ncache 0 -scale 2/3 -display :0
- And finally, I start up my vncviewer on my local Linux/Mac machine, and enter my vnc password when prompted:
local% vncviewer -encodings "copyrect tight zrle hextile" \
-bgr233 -compresslevel 5 localhost
So here’s a little script that brings it all together:
#!/bin/bash
# kill any previous/hung vnc's
ssh fred@fredbox.dyndns.org 'pkill x11vnc'
ssh -f -L 5900:localhost:5900 fred@fredbox.dyndns.org \
'x11vnc -safer -usepw -localhost -once -noxdamage \
-nowf -ncache 0 -scale 2/3 -display :0' \
&& sleep 5 \
&& vncviewer -encodings "copyrect tight zrle hextile" \
-bgr233 -compresslevel 5 localhost