From owner-freebsd-questions@FreeBSD.ORG Sat Jan 2 05:58:49 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3163B1065692 for ; Sat, 2 Jan 2010 05:58:49 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) by mx1.freebsd.org (Postfix) with ESMTP id C30988FC19 for ; Sat, 2 Jan 2010 05:58:48 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.3/8.14.3) with ESMTP id o025wlsZ092740; Fri, 1 Jan 2010 22:58:47 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.3/8.14.3/Submit) with ESMTP id o025wlkt092737; Fri, 1 Jan 2010 22:58:47 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Fri, 1 Jan 2010 22:58:47 -0700 (MST) From: Warren Block To: "Karl J. Runge" In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (wonkity.com [127.0.0.1]); Fri, 01 Jan 2010 22:58:48 -0700 (MST) Cc: freebsd-questions@freebsd.org Subject: Re: Remote assistance for X X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jan 2010 05:58:49 -0000 On Fri, 1 Jan 2010, Karl J. Runge wrote: > On Fri, 1 Jan 2010, Warren Block wrote: >> > Here are some examples that should work, I provide "prompt>" to indicate > which machine the command is run on (and I skip your -c preference): > > supportee_host> ssh -t -N -f -L 5500:localhost:5500 $supporter_host && \ > x11vnc -display :0 -connect_or_exit localhost:0 -rfbport 0 > > which should be the same as: > > supportee_host> x11vnc -display :0 -proxy ssh://$supporter_host \ > -connect_or_exit localhost:0 -rfbport 0 > > i.e. x11vnc has a built-in -proxy that already does what you want it > to do; it runs ssh(1) for you: > > http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy > > Note how I use -connect_or_exit instead of -connect to try to avoid > problems if the connection fails: > > http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit > > I also use the '-rfbport 0' described there to prevent x11vnc from listening > for any connections (which I think is what you want.) > > Aside: Originally I thought you could ssh into supportee_host, for anyone > looking to do that here is the analogous command: > > supporter_host> ssh -t -N -f -R 5500:localhost:5500 $supportee_host \ > x11vnc -display :0 -connect_or_exit localhost:0 -rfbport 0 Yes. In fact, I first tried the x11vnc_ssh script and it worked great. The only catch is that it needs ssh access into the supportee machine. [SSL mode for x11vnc] >> That looks more elegant. Are the security and speed comparable to ssh? > > Speed shouldn't be a problem; I believe both ssh and 'x11vnc -ssl' use > OpenSSL for encrypting the session traffic. If a machine is *really* > slow the choice of encryption cipher may be noticable (I don't see a > big effect even on a 300MHz test machine I have.) I've tried it now and it does just what is needed for my setup! Finally, a little feedback: On a Windows Vista system, AVG screamed that the netcat.exe from ssvnc_windows_only-1.0.25.zip was a virus (don't think it is, just mentioning it). The TightVNC server on that Vista machine will connect with the FreeBSD ssvncviewer, and the ssvncviewer console window shows status information, but no graphic window opens on the FreeBSD system. The FreeBSD TightVNC vncviewer opens a window but has real trouble keeping the display updated, no doubt due to Vista. Finally, the UltraVNC server with special Vista video drivers works usably with ssvncviewer. Can SSL be used with a Windows VNC server? x11vnc talking to ssvnc-gui works noticeably better than all of those combinations. Thanks for your work and your help! -Warren Block * Rapid City, South Dakota USA