Kenneth Massada bio photo

Kenneth Massada


Twitter Google+ Github Stackoverflow

Alright, so after I connect to my VPN at home, I can do a lot of different things, SSH is one of them. I also needed a solution to control my screen from anywhere. VNC is my answer. Ubuntu has a lot of vnc servers, I chose x11vnc, because it works well with lightdm, my default X manager. And I also needed a vnc server that will allow me to connect even before logging in.

As you can see in the two post I've linked, Security is key for me. In the past, i've used SSL certificates, and x11VNC this solution will make you create a CA that will sign a server certificate, and also client certificates, that you can then distribute to different clients. This solution uses 3 passwords and 2 certificates. I've done that because, before even VPN, VNC was the first and only point of entry to my network.

And also x11VNC is very powerful, try to judge for yourself.

The previous solution was great, worked perfect. however, the bVNC supports SSL VNC, but doesn't import the certificates like I needed it to. I also decided to do it over SSH because, normal VNC communications aren't encrypted.

On Server

First of all, I’ve installed x11vnc:

 sudo apt-get install x11vnc

Set a password:

 sudo x11vnc -storepasswd /etc/x11vnc/pass

Its an
Then, I’ve created


 start on login-session-start
x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -rfbauth /etc/x11vnc/pass -auth /var/run/lightdm/root/:0 -forever -bg -o /var/log/x11vnc.log -rfbport 5917

After restart, x11vnc should listen on vnc standard port – 5917.
This script is based on upstart event. 

is because I'm requesting root access to the X manager, if you are using gdm as your default X Manager, try
  -auth /var/lib/gdm/:0.Xauth -display :0
. Or get on board
 sudo dpkg-reconfigure lightdm  
and make lightdm your default. 

at this point you can reboot server. or just run,

 sudo x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -rfbauth /etc/x11vnc/pass -auth /var/run/lightdm/root/:0 -forever -bg -o /var/log/x11vnc.log -rfbport 5917

On nexus 7

install an app called freeb VNC

click on icon to install app.

In app fill in the form. lol.
Self Explanatory, ssh port is 5848, VNC port on server is 5917,

click on use key, then manage key, set a password of course, make encryption  4096 bits, then enter a file name, and select export to file name.

That file contains the following format, ssh-rsa KEY pubkeygenerator@mobiledevice, 
find a way of appending that string to ~/.ssh/authorized_keys on your server. 
the way I do it, is I copy to clipboard, open ConnetBot, ssh into my server, 
then type echo "press menu to PASTE KEY HERE" >> .ssh/authorized_keys
another way is to email yourself the key, and append it in command line by doing 
echo "PASTE KEY HERE" >> .ssh/authorized_keys
then connect 
I'm in, that's my login screen</p>

couple of things to note,

1- the setup on an ubuntu client is simple, i'm however without one for the moment, few logistic problems. I'll add them when I fix my little issue.

-- the concept is simple though, you create the tunnel through ssh. run that process in background, then you use vnc viewer to connect to your localhost:port

2- also I didn't open any other ports on my server, that's because I don't need one. communication is sent through ssh port, tunneled to localhost:VNCPORT.