Setting Up VNC, SSH Tunnels, and RDP

(1)

Setting Up VNC, SSH Tunnels, and RDP

Thomas Pepler April 25, 2016

If you have suggestions for improving this document, please email them to: [email protected]

1 Connecting to DOE Linux Machines with PuTTY

1.1 Download and Setup PuTTY

1. If you do not already have PuTTY installed on your computer, then go to the fol-lowing link, download and install a copy of PuTTY (on Windows OS, I recommend using the Installer executable).

http://www.chiark.greenend.org.uk/˜sgtatham/putty/download.html

1.2 Configure PuTTY with DOE Connection Settings

1. The easiest way to configure PuTTY is to download the Windows registrey keys available from the Department of Electronics (DOE) website, here. (If this link is broken let me know.)

Alternatively, in PuTTY set the ”Host Name”, ”Port”, and ”Connection Type” to those shown in figure 1. Then save these settings by typing a name in the ”Saved Sessions” field (the instructions assume it was ’doe’) and click ”Save”. You can then skip the remaining steps in section1.2.

2. Find where you saved the file and double-click it, this should automatically add the keys to your Windows Registry. The next time you run PuTTY there should be a saved session named ’doe’ (see figure1).

3. Load all the settings for the saved session by selecting the name and click ”Load”. 1.3 Start an SSH Session

1. At the bottom of the Sessions setup page, click Open.

2. If this is the first time logging in to this server, you may be asked to add a security key for it; choose Yes to store the key and you will not get this warning next time. 3. A command prompt should pop up. Enter your DOE username and password at the

prompts. From the SSH server prompt, you can ssh to other Linux machines to run CAD tools, or to start a VNC session.

2 Setting up a VNC Session

(3)

Figure 1: An example of PuTTY with saved sessions, showing the ’doe’ saved session.

2.1 Preparation

(4)

2.2 Creating Your VNC Password

The first and most important thing to do is create a password (not only for your own protection, but anyone else who uses the machine).

1. At the prompt, enter vncpasswd. You will be directed to enter the password (no characters get echoed to the terminal while you enter your password), and then enter it again to verify against any typos.

2. If everything worked fine, you will be back at the prompt and your VNC session logins are now secured with a password.

An example:

o d i n ( t p e p l e r ): ~ $ v n c p a s s w d P a s s w o r d :

V e r i f y :

o d i n ( t p e p l e r ): ~ $

2.3 Changing the Default Desktop Environment and Other Settings

If you have never run VNC before, then your xstartup script will not exist in your .vnc directory yet. In that case, skip to section 2.4 to make a ”dummy” session causing the creation of your xstartup file, then section2.6to kill the session, then return here to change some of the default settings.

1. To get the gnome desktop environment to load when you create your VNC session, uncomment the two lines at the top of the xstartup script just after the comment ”Uncomment the following two lines for normal desktop”. Use any text editor to do this, but the easiest might be: nano ~/.vnc/xstartup, you can replace ’nano’ in the command with ’vi’, ’gedit’, or your own preferred editor.

2. While you’ve got the xstartup script open, you may as well make another change. To allow copy/paste from the VNC viewer window to the client (e.g. Windows) machine, add the line ”vncconfig -nowin &” before the two lines you just uncommented. In general, for vncconfig to work it must be called before the desktop environment startup (in this case, before those two lines).

3. Save the file. Your xstartup should now look similar to this:

# !/ bin / sh

# a l l o w c o p y / paste , but do not pop up a w i n d o w :

(5)

# U n c o m m e n t the f o l l o w i n g two l i n e s for n o r m a l d e s k t o p :

u n s e t S E S S I O N _ M A N A G E R

e x e c / etc / X11 / x i n i t / x i n i t r c

[ - x / etc / vnc / x s t a r t u p ] && e x e c / etc / vnc / x s t a r t u p [ - r $ H O M E /. X r e s o u r c e s ] && x r d b $ H O M E /. X r e s o u r c e s x s e t r o o t - s o l i d g r e y

# x t e r m - g e o m e t r y 80 x24 + 1 0 + 1 0 - ls - t i t l e " $ V N C D E S K T O P D e s k t o p " &

2.4 Creating a New VNC Session

1. Everything should now be set up, so start a new VNC session with a specific resolution and colour depth as follows (note: 24-bit colour is required for some CAD programs, e.g.: Cadence Virtuoso):

o d i n ( t p e p l e r ): ~ $ v n c s e r v e r - d e p t h 24 - g e o m e t r y 1 9 2 0 x 1 0 8 0 New ’ o d i n . doe . c a r l e t o n . ca :9 ( t p e p l e r ) ’ d e s k t o p is

o d i n . doe . c a r l e t o n . ca :9

S t a r t i n g a p p l i c a t i o n s s p e c i f i e d in / h o m e / t p e p l e r /. vnc / x s t a r t u p Log f i l e is / h o m e / t p e p l e r /. vnc / o d i n . doe . c a r l e t o n . ca :9. log o d i n ( t p e p l e r ): ~ $

2. The first line that is printed by the vncserver program tells you which server and display number is associated with this new VNC session. In the example above, the server is ’odin.doe.carleton.ca’ and the display is ’9’. Take note of these, as you will need them to connect using your VNC viewer or when creating an SSH tunnel. 2.5 Listing Your VNC Sessions

1. The vncserver program maintains a set of files in your .vnc directory for each VNC session you have created. Currently running sessions are the files with a .pid exten-sion, so to list your currently running sessions type ”ls ~/.vnc/*.pid”. e.g.:

o d i n ( t p e p l e r ): ~ $ls ~/. vnc /*. pid / h o m e / t p e p l e r /. vnc / l o k i :3. pid

/ h o m e / t p e p l e r /. vnc / o d i n . doe . c a r l e t o n . ca : 1 1 . pid / h o m e / t p e p l e r /. vnc / l o k i :4. pid

(6)

/ h o m e / t p e p l e r /. vnc / l o k i :6. pid

/ h o m e / t p e p l e r /. vnc / o s l o . doe . c a r l e t o n . ca :1. pid o d i n ( t p e p l e r ): ~ $

2.6 Killing a VNC Session

From time to time, you may need to close your VNC session (e.g. a program has locked up and you can’t recover). To do this, you need to know the server and VNC display number. 1. SSH in to the server using PuTTY, as outlined in section 1 and section 2.1. You must be SSH’d (or logged in somehow) to the server with the VNC session you want to kill.

2. Now issue the command ”vncserver -kill :<display number to kill>”. For example, if I wanted to kill my odin:11 session:

ssh ( t p e p l e r ): ~ $ s s h o d i n t p e p l e r @ o d i n ’ s p a s s w o r d :

o d i n ( t p e p l e r ): ~ $ v n c s e r v e r - k i l l :11 K i l l i n g X v n c p r o c e s s ID 7 8 8 1

o d i n ( t p e p l e r ): ~ $

3 Adding an SSH Tunnel for Your VNC Session

This section describes how to use an SSH tunnel to access your VNC session from outside the DOE network (e.g. somewhere else on campus, or off campus completely).

3.1 Find an Available Port to Use For Tunneling

1. On your Windows machine, open cmd.exe by: (a) Using the Start menu search to find a program called ”cmd.exe”; or (b) type [Windows key]+R to open a run dialog, and enter ”cmd”.

2. At the cmd prompt enter ”netstat -ano | find "<port_number>"”. For the<port_number> you can put any number, but I suggest sticking to 4-digit numbers; 1234 seems to be open on most systems.

(7)

Figure 2: Example of finding an open (”1234”) and used (”1972”) port.

3.2 Add an SSH Tunnel to Your VNC Port

1. If you have the PuTTY prompt already open, click on the icon in the top left corner of the window (see figure3) and choose ”Change Settings...”, if you’ve just started PuTTY but not opened a connection, make sure you’ve loaded the settings for ’doe’ first (check that the Host Name and Port fields are set correctly). Either way, you should now see a PuTTY configuration window like that shown in figure1.

2. On the navigation panel on the left, expand (if needed) Connection, and then SSH, then select Tunnels (you may need to scroll down).

3. In the Source port field, type in the open port you found in section 3.1. In the Destination field type in the server and port in the format ”<server>:<port>”; for VNC ports, the port number is calculated as [5900] + [display number] (remember the one I told you to note down in section2.4?).

(8)

Figure 3: The PuTTY window icon to access the ”Change Settings” form.

5. Now select the Session category on the left pane of the PuTTY window, click ’doe’ and choose Save to save the setting you just changed (i.e. added a tunnel).

6. Finally, choose Apply at the bottom to apply the changes.

4 Using a VNC Viewer to Access the VNC Session

4.1 Download, Install, and Run a VNC Viewer

If you already have a VNC viewer installed, that should be fine, if not,RealVNC offers a nice one.

4.2 Launch PuTTY and Log In to the SSH server (if not on the DOE network / off campus)

(9)

(10)

Figure 5: Entering the server in the VNC Viewer dialog.

and connected to the DOE network, SSH tunneling (e..g. through PuTTY) should not be needed.

4.3 Open the VNC Session

1. If you are on campus and connected to the DOE network, open the VNC Viewer program and in the server field enter ”<server>:<display number>” (e.g. odin:9 as per the example from section2.4).

2. If off campus (or not connected to DOE directly), make sure you have PuTTY run-ning and logged in, then in the server field enter ”localhost::<local port>”, where <local port>is the ”Local” port you entered in section 3.2, e.g. see figure 5.

3. Finally, click Connect, if you get a warning about this being an unencrypted connec-tion just continue anyway (and you can opt to not have the warning again), next you should be prompted to enter the password that you set earlier, if that works your VNC session should pop up.

5 Adding and using SSH Tunnels for RDP (Windows machines)

An alternative to VNC is Remote Desktop Protocol (RDP), and is what you would use to access most machines running the Windows OS, e.g. the VLSI Windows servers maintained by Nagui, or your office computer (if it’s running Windows).

(11)

The process for using SSH tunnels to allow RDP access is basically the same as for VNC, as shown below.

5.1 Adding the Tunnel

1. The default port for RDP is 3389 (although this can be changed by the administrator; maybe there’s a way to find what it is, please let me know if you find out how). 2. Follow the same steps as in3.1 and 3.2, except the destination port should be 3389

(or whatever else, if not the default), e.g.: ”134.117.38.203:3389”.

Note: For the VLSI servers maintained by Nagui, you will have to use the IP address rather than the machine name, as the DNS does not seem to be configured for them. Following is a list of the server names and corresponding IPs:

Server IP address Rami 134.117.38.25 Marianne 134.117.38.41 macopeland 134.117.38.70 Tewfik 134.117.38.186 Michel 134.117.38.193 Sobhi 134.117.38.195 Galal 134.117.38.196 Marie 134.117.38.203 eli 134.117.38.204 Mounir 134.117.38.207 gabrielle 134.117.38.242 knight 134.117.38.243 gisele 134.117.39.81 Celine 134.117.38.68

Celine (using IPv6) fe80::716a:8e3e:e63:454b

*_{IPv6 addresses like that shown are only supported in}

the latest (nightly) builds of PuTTY, and should be in-cluded in PuTTY 0.65, when it’s released (I assume). You would need to surround the address in square brackets, e.g.: ”[fe80::1c90:cc21:63ad:da42]:3389”. After trying all of that, it was still not working for me, let me know if you have any success.

5.2 Connecting to the Remote Machine

(12)

Figure 6: Example screenshot of Remote Desktop Connection for a tunnel through local port 2345.

2. Before connnecting, you can adjust display options by clicking ”Show Options”, and then the ”Display” tab (see figure 7). Here you can adjust the screen resolution of the remote session by dragging the slider.

You can also use all monitors (if you have more than 1), by checking ”Use all my mon-itors...” (although this may not work depending on the version of Windows running on the remote machine).

As well, you can change the colour depth (24-bit is recommended since some programs cannot run with less).

(13)

Setting Up VNC, SSH Tunnels, and RDP

Setting Up VNC, SSH Tunnels, and RDP

Contents

1

Connecting to DOE Linux Machines with PuTTY

2

Setting up a VNC Session

3

Adding an SSH Tunnel for Your VNC Session

4

Using a VNC Viewer to Access the VNC Session

5

Adding and using SSH Tunnels for RDP (Windows machines)