Keith C. Perry via plug on 12 Jul 2020 10:31:27 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Remote to an Ubuntu desktop |
Generically speaking... one of the things to first investigate is what your organization will allow in terms of authorized remote access methods. In the old days of my corporate life I spent a lot of time knocking things down because everything thought they had kids smarter than the IT department. Worse, IT and HR policy-fu always wins... Assuming that is not an issue, what I do these days for client that have problematic firewalls or those who don't have static IP's, is use a reverse SSH tunnel back to a my network. I've been using this process for about 4 years and it allows me to manage anything I want. I'm able to display gui apps like Firefox so I can even update other web based services from that one connection. A little of scripting restarts the connection when it goes down as well so its been bomb proof give all other things held the same. Also keep in mind SSH can run on any port you want so that allows a bit more creativity in your deployment. That can as sometime help the local IT folks feel a bit better about what you are doing :D It occurs to me that this might be a complicated for a single use scenario but its such a simple thing that every Linux box can do I wanted to mention it. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ----- Original Message ----- From: "Walt Mankowski via plug" <plug@lists.phillylinux.org> To: plug@lists.phillylinux.org Sent: Saturday, July 11, 2020 8:12:57 AM Subject: Re: [PLUG] Remote to an Ubuntu desktop Thanks to everyone for all the tips! I think Chrome Remote Desktop won't work for me since I might be viewing patient data (I work for a research lab in Penn's med school) and it sounds like it might be a HIPAA violation. x11vnc over a SSH tunnel sounds like what I was looking for. I'll give it a try this weekend and report back. Walt On Fri, Jul 10, 2020 at 09:28:08PM -0700, Charles Hathaway via plug wrote: > It's been mentioned on here with usual caveats of using a hosted solution, > but Chrome Remote Desktop (https://remotedesktop.google.com/?pli=1) has been > mentioned here before. It is capable of starting a different WM by setting > up a ~/.chrome-remote-desktop-session with what would be in your .xinit > file, or something like that (this SO <https://superuser.com/questions/778028/configuring-chrome-remote-desktop-with-ubuntu-gnome-14-04> > has some answers). I know at least a few larger companies use this, and use > it work... It works reasonably well. > > Charles > > On 7/10/20 7:34 PM, Mike Joseph via plug wrote: > > To add to this, I typed up some instructions for some folks in my office > > to use to remote into their Ubuntu workstations during the quarantine. > > In these, the focus was not to assume control of an existing > > graphical session, but to spawn a new, lightweight one. In case anyone > > would find these instructions helpful, here they are... > > > > On my workstation at the office: > > > > apt install tigervnc-standalone-server fvwm chromium-browser > > > > The last one (chromium-browser) is optional. It’s just because I don't > > want to kill my currently-running chrome instance on my main X session. > > > > I commented out the last line (Xsession) and added fvwmin > > `~/.vnc/startup` as follows: > > > > mj@mj-desktop:~$ cat .vnc/xstartup > > > > #!/bin/sh > > > > xrdb $HOME/.Xresources > > > > xsetroot -solid grey > > > > #x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP > > Desktop" & > > > > #x-window-manager & > > > > # Fix to make GNOME work > > > > export XKL_XMODMAP_DISABLE=1 > > > > #/etc/X11/Xsession > > > > fvwm & > > > > That prevents your normal environment (Gnome, KDE, etc) from starting > > and runs fvwminstead, in this X session. FVWM is smaller, faster, less > > graphics-intensive, and also doesn’t conflict with an already-running > > desktop environment. > > > > Then, you can run: > > > > vncserver > > > > The first time it runs, it will prompt you to set a session password, > > then it starts an X session using vncon your workstation. > > > > Now, you can port forward to your workstation from your laptop (over VPN): > > > > ssh -L 5901:localhost:5901 10.X.X.X > > > > Then, you can connect using VNC to localhoston your laptop on port > > 5901. If you are on a Mac laptop, the client is built-in! Just go to > > finder and press Command+k. > > > > Fill in the VNC dialog: > > > > It’ll prompt for your password (the one you set when you ran > > vncserverfor the first time) and you’ll find yourself with an FVWM > > desktop. From there, click anywhere on the screen to bring up a menu, > > launch an xtermand you can run whatever programs (e.g. chromium-browser) > > you want. > > > > If you get disconnected, you can always reconnect by starting at the SSH > > command above. > > > > > > -MJ > > > > > > On Fri, Jul 10, 2020 at 6:48 PM David Collins via plug > > <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote: > > > > And you can tunnel either of them through the existing ssh > > connection that you've been using. I use the x11vnc package in the > > standard Ubuntu repository to connect to my machine at work > > regularly. It connects to an existing physical X session. There > > are other VNC servers, like TigerVNC, that can connect to an > > existing X session or create a virtual session that isn't > > connected to the physical keyboard/mouse/monitor. > > > > If you aren't going to tunnel VNC through ssh make sure you use a > > VNC server with TLS capabilities and confirm that TLS is working. > > I still prefer the ssh method because it's easier to secure. If > > you restrict VNC to accept connections only from the local machine > > itself then you can use it over the port-fowarded connection > > through ssh but no one else can initiate connections to it from a > > remote machine. > > > > X2Go is based on an older version of the NX protocol. Even though > > you are already connecting across a VPN I'd still say make sure > > you setup TLS with X2Go. > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Friday, July 10, 2020 9:25 PM, christine via plug > > <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> > > wrote: > > > > > X2Go has always been good for me. Also, any VNC client. > > > > > > All my best, > > > Christine > > > > > > > > > On Fri, Jul 10, 2020 at 9:23 PM Walt Mankowski via plug > > > <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> > > > wrote: > > > > > > Hi, > > > > > > My workstation at work is running Ubuntu 18.04. I usually ssh > > > into it > > > over our VPN and that's fine, but I realized today that I > > > could have > > > saved myself a rare (and today, very wet) trip into work if I > > > had a > > > way to run the equivalent of Windows Remote Desktop. Nothing like > > > walking a few blocks through several inches of flooding water > > > to focus > > > the mind on alternative solutions! > > > > > > Anyone have any suggestions of packages I should look at? I > > > don't need > > > to do anything fancy, mostly just drag some files from > > > nautilus to a > > > browser tab in Firefox. > > > > > > Walt > > > ___________________________________________________________________________ > > > Philadelphia Linux Users Group -- > > > http://www.phillylinux.org > > > Announcements - > > > http://lists.phillylinux.org/mailman/listinfo/plug-announce > > > General Discussion -- > > > http://lists.phillylinux.org/mailman/listinfo/plug > > > > > > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org > > Announcements - > > http://lists.phillylinux.org/mailman/listinfo/plug-announce > > General Discussion -- > > http://lists.phillylinux.org/mailman/listinfo/plug > > > > > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org > > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > > -- > Charles Hathaway, PhD > Phone: +1 (518) 817-8024 > > charles@mcom:~$ fortune -s computers > A programming language is low level when its programs require attention > to the irrelevant. > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug