Instead of running around working on a few machines, wouldn't it be nice to be able to remote-control all of them? Remote administration of Linux systems is not a new subject, there are many options but most of them involves the terminal (ie command prompt in Windows speak).
As an aside, the terminal in Linux is NOT an inferior mechanism for administrating systems. We need to remember that Linux is UNIX-like. The breadth and depth of functions available on a Linux terminal far exceed what you can imagine (if you're coming from a Windows/DOS world). I really must rant as some people think that working on a terminal is limiting, slow, un-cool and so behind the times. Personally, I use a combination of GUI and terminal, whichever that allows me to get things done quickly. Anyway...
What if you have the network bandwidth and the need to remotely administer via the desktop GUI? Again, there are a couple of options but I will focus on open source software that are readily available on most Linux distributions... in particular, openSUSE and the SUSE Linux Enterprise Desktop (SLED) and Server (SLES).
Method 1:
This applies to openSUSE 10.x-11, SLED and SLES 10. Will partially apply to any Linux distribution with the Vino (GNOME VNC Server).
1) This is disabled by default. To enable it, click Computer -> Control Center -> Remote Desktop.
2) In the dialog box, check off the "Allow other users to view your desktop" and "Allow other users to control your desktop" option.
3) Optionally, you may want to disable the "Ask you for confirmation" option since you won't be at your desktop to allow remote access (duh...) unless you are helping a friend/colleague to configure their system and they want to learn from observing your steps.
4) For security (not fullproof), you may want to enable a password before anyone can remotely control your desktop.
5) Don't forget to open a port in the Firewall. This is a common oversight. To open the port (5900) in the Firewall, use YaST -> Security & Users -> Firewall. In Firewall Configuration, select Allowed Services followed by Advanced... button. In the dialog box, enter 5900 in the TCP Ports field and click OK. Click Next and Accept to save the changes and restart the Firewall.
Finally, note the IP address of the machine (eg 10.0.0.1) either via the network manager icon on the bottom-right of the screen or just issue the command ip addr at the terminal.
On the client machine where you are going to remotely control the machine (eg 10.0.0.1), issue the following command at the terminal:
vncviewer 10.0.0.1:0
You may be prompted for a password (if you did step 4 above). DONE!
Note: Remember that the remote machine must be logged in before you can remote-control it. Also, all your actions on that desktop will be visible to anyone looking at its monitor. If this is not desirable, see Method 2.
Method 2
This method allows the same remote administration with GUI. However, the remote system does not have to be logged in and no one will see your actions as it will not show up on the remote machine's monitor.
This applies to opensuse, SLED 10 and SLES 10. Its applicable to any Linux distribution with vncserver package installed (see Manual/Standalone section of Method 2).
1) YaST -> Network Devices -> Remote Administration. In Remote Administration, select the Allow Remote Administration radio button. Also check the Open Port in Firewall checkbox. Click Finish.
2) You will need to log out to allow the display manager to be restarted. Or you can issue the following command at the terminal:
rcxdm restart
Just like in Method 1, note the IP address of the system (eg 10.0.0.2) via ip addr at the terminal.
On the client machine where you are going to remotely control the machine (eg 10.0.0.2), issue the following command at the terminal:
vncviewer 10.0.0.2:1
Ta-Da!
Note: This uses vncserver via the xinetd service. The remote system does not have to be logged in and no one can see your actions on the remote machine's monitor. However, once you log out or close the remote session, your session on the remote machine will close as well. This means you cannot have a GUI application running (ie Firefox downloading something) after closing the session. To workaround this particular limitation, use the Manual/Standalone method below.
Manual/Standalone
To invoke the vncserver command manually, issue the following command:
vncserver :1 -geometry 1024x768 -depth 16
you will be prompted for a session password. Don't forget this password.
On the client machine, issue the vncviewer command as follows:
vncviewer 10.0.0.3:1
where 10.0.0.3 is the IP address of the remote machine running vncserver
Try leaving a window or GUI application open and close the window. Now, issue the same vncviewer command again and you will see the same window and GUI application still running on the remote machine.
Good.
Now, all the above is well and good if your client machine and the remote machines are on the same (trusted) network. What if you are in an untrusted network (public wifi, hotel Internet port etc) and want to do a remote desktop to the machine back at home? You may want to secure the data stream as it travels over the Internet. Stay tuned for Part 2...
Hey
ReplyDeleteI am looking for a tool that reverse the connection part. I would like to support my brother running a ubuntu desktop behind a fireware. I have full support over mine end, so basically "call/connect to a support buddy" where I give him the IP and port (or configured once).
He should prob. manually give me right to take over..
@schafdog: You might wanna try a reverse ssh tunnel. You just have to open the ssh port, and then give the command to your brother to type, and then you can access a port on his computer, even behind a firewall.
ReplyDeleteThere is also proprietary remote desktop software that can easily take care of this issue, and it is fully compatible with Linux machines. Proxy networks, linked to above, is one example. I am a grad student and I use this software to access data from the lab that is constantly being updated in real time on a linux machine.
ReplyDelete