 |
| Virtual Network Computing logo (Photo credit: Wikipedia) |
I think many know what is Terminal Server and what it is needed for; and who doesn't know can visit the link and read Wiki.
Also I beg to suppose that many already used VNC for one-user connection but what can be done if multiple-users access is needed?
I tried several variants but decide in favour of starting vnc4server via openbsd-inetd.
BTW I want to mention at the very beginning: we will use port 5901 because the default port is occupied by built-in vino service in Gnome. Also it is necessary to remove network-manager and configure web interfaces via old kind /etc/network/interfaces.
And the last but not less important thing: we install GDM instead of current GDM3 because the last one absolutely is not impressed by options [xdmcp] Enable=true that are so necessary for multiple-users access.
Let's start.
On the server side
Remove all unnecessary and install all necessary.
apt-get purge network-manager network-manager-gnome -yapt-get install vnc4server gdm openbsd-inetd openssh-server -y
When installing GDM select it as window manager as a default one.
Now let's configure openbsd-inetd
echo "5901 stream tcp nowait nobody /usr/bin/Xvnc\ Xvnc -inetd -query localhost -once -depth 24\ securitytypes=none" >> /etc/inetd.conf
Fix /etc/gdm/gdm.conf
sed -i -e 's/\[xdmcp\]/\[xdmcp\]\nEnable=true/g' /etc/gdm/gdm.conf
And restart services
/etc/init.d/openbsd-inetd restart Restarting internet superserver: inetd. /etc/init.d/gdm restart Stopping GNOME Display Manager: gdm. Starting GNOME Display Manager: gdm.
If you are going to use server in local net - you may pass to configurating on client side. If you need access via Internet then let's go to configurate firewall.
Configuration of firewall for cases with access via ssh tunnel.
cat > /etc/network/if-pre-up.d/iptables <<EOF #!/bin/bash /sbin/iptables-restore < /etc/iptables.up.rules EOF chmod +x /etc/network/if-pre-up.d/iptables cat > /etc/iptables.up.rules <<EOF *filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows SSH connections -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls (access via 'dmesg' command) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy: -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT EOF /etc/init.d/networking restart
On the client's side
Install client's software
apt-get install vncviewer openssh-client -y
If you are in the local net - you may confidently connect with newly installed client or to use any another one.
If you decided to work via SSH tunnel then let's forward port of remote server to localhost.vncviewer Terminal-Server:5901
ssh -L 5901:localhost:5901 -N -f user1@Terminal-Server
And connect to it.
vncviewer localhost:5901
After connecting you must see the window of enter to the system.
And after the second connecting - the second one. =))
No comments:
Post a Comment