This bunch of scripts enables not-IT-aware people (noobs) to get remote support using only free (free like in freedom) SW. It supports both Linux and Windows. For Windows currently pre-compiled Cygwin and TightVNC binaries are used.
- Features:
- Automatic connection between VNC viewer and server. Everything is closed/cleaned-up if vnc-autho has been shut down.
- Configuration can be bundled and is self-hosted: Unzip, execute, run.
- Connection is end-to-end encrypted using OpenSSH.
- Bidirectional authentication using SSH keys. All keys will be generated dedicated for vnc-autho.
- Support to establish SSH tunnel using a "third-party" SSH server if no one's computer is accessible directly. The whole communication is end-to-end encrypted nevertheless!
- Creation of bundle (packages) is supported by scripts.
- No need for root/administration rights. The only exception is listen mode on Windows.
- Remote user is able to adapt configuration easily interactively (using readline).
- Linux:
- Usual Linux environment including the following:
- xtightvncviewer or xtigervncviewer installed (needed to view other screens).
- x11vnc installed (needed to share your screen).
- OpenSSH installed to connect to a remote host or listen for incoming connections.
- Windows:
- All needed tools are included in the bundle as binaries (parts of Cygwin and TigerVNC).
- If listen mode shall be used, the
sshdbinary needs a Windows user 'sshd' to exist. Open 'Computer Management|System Tools|Local Users and Groups|Users' to create the new user. Please also tick the checkbox 'Account is disabled'.
- Use script
./bin/check-setup.shto set-up needed configuration. It will guide you through the configuration. - Ensure that
./etc/host.confis configured completely: SSH_USERhas to be set to your username.SSH_HOSThas to be set to the external IP/DNS of your computer.SSH_PORThas to be set to an unbound port which is accessible from extern.- There are several more environment variables which can be used to influence configuration. The most important ones are
RPORTandLPORTwhich can be used to configure "asymetric" port forwarding which is needed to test the connection locally.
- Ensure that
- Use script
./bin/package.shto create an archive which you can share. This will not include your SSH host key to ensure that nobody else could impersonate you. This script does currently not work in the included Cygwin environment.
Refer to ./start-vnc-SERVER.sh --help (or any other variant) for help.
- How to try out this piece of cake locally ("A first roundtrip"):
- Execute
./bin/check-setup.sh. Answer all questions withy. - Execute
./start-vnc-LISTEN.sh. (Windows user 'sshd' has to exist, see above.) - Execute
./start-vnc-SERVER.sh. Enterlocalhost::3333::4444for the host and press Return. - Enter your choosen passphrase and press Return.
- Connection will be established.
- Execute
- View other screen:
- Ensure
etc/host.confhas been configured properly. This ensures the remote use do not need to adapt anything. - Provide bundle to remote user.
- On you computer: Execute
./start-vnc-LISTEN.shrespectively./start-vnc-LISTEN.bat. - On the remote computer:
- Let
./start-vnc-SERVER.shrespectively./start-vnc-SERVER.batbe executed. - Let remote use accept suggested connection parameters (based on
./etc/host.conf). - Provide remote user the passphrase for the SSH client key.
- Let
- Connection will be established.
- Ensure
- Share your screen:
- Same as above, but let the remote user execute the
VIEWER(instead ofSERVER) script.
- Same as above, but let the remote user execute the
- Ensure that your screen will not be shared:
- Just execute
./start-vnc-VIEWER.sh --listeninstead of./start-vnc-LISTEN.sh.
- Just execute
- Use a remote SSH server as a gateway:
- Execute both, viewer and server, with the argument
--ssh-gw <hostspec>. Both users need permissions to forward ports using their SSH account. - The gateway can be configured statically with
arg_ssh_gw=<hostspec>in./etc/host.confif needed.
- Execute both, viewer and server, with the argument
Beside the obvious fact that host A currently uses an SSH client key (./etc/ssh_key) which is not configured to log-in into SSH server running on host B (./etc/ssh_authorized_keys), there is one more source of fault: sshd accepts keys and related data only in "safe" directories, this affects the whole path to ./etc. The usual permissions on directory /tmp are not allowed for example, hence vnc-autho can not live below that one.