In Part I we saw several options for remoting between Linux and Windows machines, and settled on VNC. Part II will address how to configure routers for connections over the Internet,and how to safely encrypt remote graphical desktop sessions.
In Part I
of this two-part tutorial we discovered options on remoting between Linux and
Windows machines. Plus we setup the VNC solution on each platform. Now we'll
continue by configuring our router for connections over the Internet.
Additionally, we'll see how to encrypt the connections and how to remote into
the native display. Let's get started!
Telling your router to forward
Before you can remotely connect to your computer from another location over
the Internet you must properly configure your router. The router acts as an
distributor for your network traffic. If you don't tell your router where to
forward the remote desktop traffic, it won't do anything and your remote
connections won't work. Thus you must create a port forward or virtual server
entry for the appropriate ports to the IP address of the desired computer. Then
when incoming traffic on those ports comes from the Internet, your router will
forward it onto the computer and the remote desktop server will response.
Depending upon the protocol, use one of the following ports (or port ranges):
- RDP uses TCP port 3389
- VNC uses TCP port 5900+ (Each remote connection to a server uses a
different port; display 1 uses 5901, display 2 uses 5902, etc) It's best to
define a port range when creating the forward or virtual server entry, such as
5900 - 5905.
You want to bring up the web-based configuration page for your router, by
typing it's IP address into a web browser. Then go to the Virtual Server or Port
Forwarding page. You'll probably have to name the entry, use a combo box to
select the desired computer or manually
enter the computer's IP address, type in the public and private (both are the
same) port or port range, and click Save.
You need to make sure the computer keeps the same IP address on the network.
If available, use the DHCP reservation feature to force the current IP address
to the particular computer. Otherwise you'll have to set your computer's network
adapter with a static IP address.
If you have multiple computers you want to remotely connect to over the
Internet using VNC, you'll need to a create a separate entry for each computer.
Make sure each computer is on a different port, which is represented by the
tunnel or display number shown when you run the vncserver command in Linux, for
example. Also make sure each entry forwards to different IP addresses.
The password exchange between the VNC client and server is always encrypted,
however everything after that is not. This should be fine when remoting to a
local computer on a secure network. When remoting over the Internet, though, you
should make sure the entire connection is encrypted. This secures everything
from hackers or eavesdroppers that may intercept the traffic while its traveling
the information super highway.
One way to create a secure tunnel between the client and server, for the VNC
traffic to travel within, is to establish a Secure Shell (SSH) connection
between them. To do this, you must install a SSH server on the computers you
want to remotely access, and a SSH client on the computers you want to connect
from. In some cases, you might want to just install both on each computer. On
Windows PCs you can download and use freeSSHd
for the server and
PuTTY for the client; both are GUI based. For the Linux, machines, try
Before you start trying to make SSH connections, be sure to configure your
router to forward the traffic and firewalls to allow it. The default SSH port is
TCP 22. If connecting via the Internet, configure a port forward or virtual
server entry (like discussed earlier for the VNC traffic) for this port on the
router where the remote incoming computer is located. On both the server and
client computers, open the port as discussed in the
After installing the SSH server, create private and public keys, and place
them in the proper place. For the SSH servers on Linux, use the OpenSSH utility
to generate the keys. For Windows PCs, you can use PuTTygen. To connect from
Windows to Linux, bring up PuTTy, go to the SSH Tunnel settings and input the
VNC port you're wanting to use based upon the display number. Then on Session
settings, enter the Linux machine's IP and click Open. On Linux machines, use
the OpenSSH client, also creating a tunnel, to connect to the IP of the remote
computer. Once you have a SSH connection, bring up VNC viewer as discussed in
part, but instead of the remote computer's IP, enter localhost.
As you've probably figured out by now, VNC connections by default use another
X display, rather than using the native display, or the one you see when
physically using the computer. This can be quite an annoyance if you were
working on the computer before remoting into it and you want to resume with the
applications you had opened on the computer itself. One of the easiest ways to
remote into the native display is to use the x0vncserver instead of
vncserver, which we'll discuss next. Another option that's more embracive
but provides for better performance is using the
One of the easiest ways to remote into the native display is to use the
x0vncserver instead of vncserver. From the terminal you can type
x0vncserver password=YOURPASSWORD SecurityTypes=none. This will start
hosting the display 0 for remote connections, protected by the password you
choose. Use a VNC viewer like discussed in the
however you don't have to include a display number with the IP address.
We discussed how to use remote desktop connections between Linux and Windows.
We also configured our firewalls to let the traffic flow and our router to
forward the traffic onto the host computer. Plus we figured out how to secure
the VNC connections that pass through the Internet. Lastly we discovered how to
remote into the native X display, to see exactly what is shown on the computer
rather than a virtual display.
For documentation on the Linux components, remember you can use the manual
pages by running the following in Terminal:
- man vncserver
- man vncviewer
- man x0vncserver
Also, don't forget to review the FAQ and support pages on the website of the
Eric Geier is an author of
many computing and networking books, including Home Networking
All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You
Need to Know about Microsoft Windows Vista (Que 2007).
This article was first published on LinuxPlanet.com.