Friday, October 19, 2012

VNC Terminal Server on base of Debian Squeeze

Virtual Network Computing logo
Virtual Network Computing logo (Photo credit: Wikipedia)

I think many know what is Terminal Server and what it is needed for; and who doesn't know can visit the link and read Wiki.

Also I beg to suppose that many already used VNC for one-user connection but what can be done if multiple-users access is needed?

I tried several variants but decide in favour of starting vnc4server via openbsd-inetd.

BTW I want to mention at the very beginning: we will use port 5901 because the default port is occupied by built-in vino service in Gnome. Also it is necessary to remove network-manager and configure web interfaces via old kind /etc/network/interfaces.
And the last but not less important thing: we install GDM instead of current GDM3 because the last one absolutely is not impressed by options [xdmcp] Enable=true that are so necessary for multiple-users access.

Let's start.

On the server side

Remove all unnecessary and install all necessary.
apt-get purge network-manager network-manager-gnome -y
apt-get install vnc4server gdm openbsd-inetd openssh-server -y
When installing GDM select it as window manager as a default one.

Now let's configure openbsd-inetd
echo "5901 stream tcp nowait  nobody /usr/bin/Xvnc\
 Xvnc -inetd -query localhost -once -depth 24\
 securitytypes=none" >> /etc/inetd.conf
Fix /etc/gdm/gdm.conf
sed -i -e 's/\[xdmcp\]/\[xdmcp\]\nEnable=true/g' /etc/gdm/gdm.conf
And restart services
/etc/init.d/openbsd-inetd restart
 Restarting internet superserver: inetd.
/etc/init.d/gdm restart
 Stopping GNOME Display Manager: gdm.
 Starting GNOME Display Manager: gdm.
If you are going to use server in local net - you may pass to configurating on client side. If you need access via Internet then let's go to configurate firewall.

Configuration of firewall for cases with access via ssh tunnel.
cat > /etc/network/if-pre-up.d/iptables <<EOF 
/sbin/iptables-restore < /etc/iptables.up.rules

chmod +x /etc/network/if-pre-up.d/iptables

cat > /etc/iptables.up.rules <<EOF 

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d -j REJECT

# Accepts all established inbound connections

# Allows all outbound traffic
# You could modify this to only allow certain traffic

# Allows SSH connections 
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy:


/etc/init.d/networking restart

On the client's side

Install client's software
apt-get install vncviewer openssh-client -y
If you are in the local net - you may confidently connect with newly installed client or to use any another one.
vncviewer Terminal-Server:5901
If you decided to work via SSH tunnel then let's forward port of remote server to localhost.
ssh -L 5901:localhost:5901 -N -f user1@Terminal-Server
And connect to it.
vncviewer localhost:5901
After connecting you must see the window of enter to the system. 

And after the second connecting - the second one. =))

Enhanced by Zemanta

No comments:

Post a Comment