Friday, August 25, 2006

FreeBSD TightVNC

For the HITB2006 training, since Wireshark(Ethereal), netdude and some others tools need demonstration, I'm considering of letting users to access to FreeBSD VMware image remotely, while ssh is a shiny choice for CLI, I think most prolly access is needed for GUI applications as well, I remember I used to use VNC on windows and digging in the FreeBSD port, I found tightvnc. Installing tightvnc is in a glance, just pkg_add will do. After installation done, you may find vnc related application under /usr/X11R6/bin,

shell>ls -la vnc*
-r-xr-xr-x 1 root wheel 3948 Mar 17 05:49 vncconnect
-r-xr-xr-x 1 root wheel 12284 Mar 17 05:49 vncpasswd
-r-xr-xr-x 1 root wheel 15226 Mar 17 05:29 vncserver
-r-xr-xr-x 1 root wheel 81476 Mar 17 05:49 vncviewer

You will run the vncserver at the first time, and it will ask you to assign remote access password, then it will ask to assign for view only password. Once assigning the password, you can start running vnc server by execute

shell>vncserver

I have the problem at the first time and I figure out it searches for ~/.Xresources, hence I just create a blank file called .Xresources will do. To run vncserver with geometry,

shell>vncserver -geometry 1024x768

shell>ps auxww | grep vnc
root 1239 0.0 12.1 12228 10848 p1 I 10:10AM 0:35.05 Xvnc :4 -desktop X -httpd /usr/X11R6/share/tightvnc/classes -auth /root/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 120000 -rfbauth /root/.vnc/passwd -rfbport 5904

shell>netstat -an | grep 5904
tcp4 0 0 *.5904 *.* LISTEN

We have verified that vnc server has launched on port 5904 successfully. Now we can just run the vnc client from the other host. Since my vnc server runs on 192.168.0.6, I just need to run

shell>vncconnect 192.168.0.6::5904

After type in the password, there it goes ----->


However the traffics between the vnc server and client is not encrypted, hence I'm thinking of getting it to work with ssh tunnel. As usual I used to read man page before anything, and I found -via gateway option in tightvnc. Maybe that's what I need, just run

[root@trinity ~]# vncviewer -via 192.168.0.6 192.168.0.6::5904
Password:
VNC server supports protocol version 3.3 (viewer 3.3)
Password:
VNC authentication succeeded
Desktop name "root's X desktop (hitb:4)"
Connected to VNC server, using protocol version 3.3
VNC server default format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using default colormap which is TrueColor. Pixel format:
16 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0
Tunneling active: preferring tight encoding

That's cool, I would seriously agree that tightvnc is nifty tool to setup secure remote access especially when there's a need to grant access for GUI.

Cheers :)

1 comment:

Jeff said...

Thanks! This is still relavant in 2012!