|
Size: 2447
Comment:
|
Size: 8052
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| The following article explains how to access the desktop of a Linux host residing inside the ETH network from another host on the in- and outside. Throughout the article, the following placeholders are used: * Host '''A'''<<BR>> This is a remote host in- or outside the ETH network, i.e. your home computer. It will run the software to view a desktop, the [[#VNC_viewer_software|VNC viewer]]. * Host '''B'''<<BR>> This is the entrance gateway to the ETH network to bypass the firewall restrictions for connections from the outside, by the name of '''login.ee.ethz.ch'''. It is used to tunnel SSH connections. It is not necessary when you're using VPN. * Host '''C'''<<BR>> This is the target host you intend to connect to. If it's your personal PC in your office you know its name. Students can use an arbitrary shared student room PC like tardis-d12. If you're using a shared student PC, [[#Check_.28student.29_host_availability|check it's availability]] at login. |
The following article explains how to access the desktop of a Linux host residing inside the ETH network from another host on the in- or outside by using __V__irtual __N__etwork __C__omputing (VNC)<<FootNote([[https://en.wikipedia.org/wiki/Virtual_Network_Computing|VNC on Wikipedia]])>>. Throughout his article, the following placeholders are used: * '''current_host''': This is a remote host in- or outside the ETH network, i.e. your office computer or home computer; the host you are currently working on. It will run the software to view a remote Linux desktop, the [[#VNC_viewer_software|VNC viewer]]. * '''gateway_host''': This is the entrance gateway to the ETH network to bypass the firewall restrictions for connections from the outside, by the name of '''login.ee.ethz.ch'''. It is used to tunnel SSH connections in case you choose not to use VPN. * '''internal_host''': This is the target host you intend to connect to. If it's your personal PC in your office you know its name. Students can use an arbitrary shared student room PC like tardis-d12. If you're using a shared student PC, [[#Check_.28student.29_host_availability|check it's availability]] at login. * '''eth_username''': This is the username you use to log in anywhere on an ETH provided IT service. * '''eth_password''': This is your password used in combination with your ''eth_username'' which lets you access ETH provided IT services, except for network authentications (see below). * '''eth_network_password''': This is your password also used in combination with your ''eth_username'' which is used for authentication to network services like Wifi and VPN. It is different from your ''eth_password''. |
| Line 12: | Line 12: |
| == How to access a host with VNC == Activate your VPN connection to ETH if your host '''A''' resides outside of the ETH network. The eduroam WLAN is outside the ETH network. Initiate a SSH connection to host '''C''' Start a VNC server on host '''C''' Connect from host '''A''' to host '''C''' |
== Connect to the ETH network == If ''current_host'' resides outside of the ETH network, you need to connect to it by initiating a VPN connection. The following steps explain the necessary prerequisites.<<BR>> If ''current_host'' is alreay inside the ETH network, skip to the next paragraph. |
| Line 18: | Line 16: |
| === Know your ETH network password === If you're unsure about your ''eth_network_password'', login on [[https://password.ethz.ch/|password.ethz.ch]] with your regular ''eth_password'' and change your former ''eth_network_password'' to a new password. === Install the VPN client on your current host === * Go to [[https://sslvpn.ethz.ch/|sslvpn.ethz.ch]] and follow the instructions provided there to download, install and configure the Cisco !AnyConnect VPN client provided by central IT services. * To log in here you have to use your ''eth_username'' in combination with your ''eth_network_password''. * If you have access to additional realms, a.k.a virtual private Zones (VPZ), you can list them by visiting [[https://realms.ethz.ch/|realms.ethz.ch]]. === Initiate a VPN connection to your Linux host === * Now you are ready to connect the VPN client on ''current_host'' to the ETH network and continue with the following steps. == Start a VNC server on your Linux host == To start a VNC server instance on ''internal_host'', you need to initiate a SSH connection to it. === Initiate a SSH connection to your Linux host === * If ''current_host'' is a Linux client, issue the command {{{ ssh eth_username@internal_host }}} in your terminal and log in with your ''eth_password''. * If ''current_host'' is a Windows 10 client you can use the optional installable feature (Apps -> Optional features -> OpenSSH Client) to issue the command as described for a Linux client above. * Alternatively, you can follow the article about [[WindowsDirectSSHAccess]] for a comfortable setup with [[https://www.chiark.greenend.org.uk/~sgtatham/putty/|putty]] on Windows. === Setup and start the VNC server === Configuration and start of a VNC server works with an ISG-provided wrapper script by issuing the command {{{ vncserver }}} in your shell connected to ''internal_host''. ==== Setup and first startup ==== If this is the first time you start `vncserver`, you will be asked to provide a password to allow access to the VNC server instance you start now and in the future. It is possible to set the password to allow only observing or also interacting with the VNC session. Select a strong password, as anyone on the ETH network can connect to your ''internal_host''.<<BR>> The setup followed by the startup process will look like this: {{{ Creating directory /home/eth_username/.vnc...... Creating startup_file /home/eth_username/.vnc/xstartup..... You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n New 'default' desktop is internal_host:N Creating default config /home/eth_username/.vnc/config Starting applications specified in /home/eth_username/.vnc/xstartup Log file is /home/eth_username/.vnc/internal_host:N.log }}} Note the virtual display number '''N''' of your VNC server appearing after ''internal_host:''. It is needed later to connect your VNC viewer on ''current_host'' to the VNC server instance on ''internal_host'' or to kill a vncserver process manually.<<BR>> The default desktop started now is Xfce4. If you prefer a different desktop you have to kill the running vncserver process and start it again with the desktop of your choice.<<BR>> Otherwise the vncserver process terminates after you log out of your desktop environment. ==== Terminating a running VNC server process ==== Issue the command {{{ vncserver -kill :N }}} in a shell on ''internal_host''. ==== Choose a non-default desktop ==== To start the VNC session with a non-default desktop, provide one of the options `[xfce|gnome|kde|light|xterm]`: {{{ vncserver gnome }}} * Option `light` starts the light desktop Fluxbox * Option `xterm` starts a minimal desktop with a window manager and a xterm terminal window. This option should be used if you intend to use your session to run only one application at the time and start said application on the command line. == Use a VNC viewer to view and control the desktop on your Linux host == * If your ''current_host'' is an ISG-managed Linux computer a VNC viewer is installed. * If it is a ISG-managed Windows computer you have to request installation of a VNC viewer. * If you use your self-managed office or your personal home computer you have to install a viewer yourself. |
|
| Line 25: | Line 89: |
| The above list is not meant to be complete, feel free to install other solutions on your own on your home computer.<<BR>> | The above list is not meant to be complete, feel free to install other solutions on your self-managed computer.<<BR>> |
| Line 29: | Line 94: |
| === Connect your VNC viewer to the VNC server on your Linux host === * On a Linux client issue the command {{{ vncviewer internal_host:N }}} * On a Windows client ... /!\ unfinished from here on |
|
| Line 30: | Line 101: |
| If you terminate your VNC viewer without logging out of your desktop environment, your VNC session will stay active and you can reconnect to it later on. | |
| Line 31: | Line 103: |
| == Misc == | |
| Line 36: | Line 108: |
| === Advanced usage === Some advanced configuration or usage examples have not yet been migrated from the [[FAQ/VNCUsage|previous documentation about VNC]]. |
|
| Line 37: | Line 111: |
| == And Mac users? == | === And Mac users? === |
Contents
Remote access to a Linux host's desktop with VNC
The following article explains how to access the desktop of a Linux host residing inside the ETH network from another host on the in- or outside by using Virtual Network Computing (VNC)1. Throughout his article, the following placeholders are used:
current_host: This is a remote host in- or outside the ETH network, i.e. your office computer or home computer; the host you are currently working on. It will run the software to view a remote Linux desktop, the VNC viewer.
gateway_host: This is the entrance gateway to the ETH network to bypass the firewall restrictions for connections from the outside, by the name of login.ee.ethz.ch. It is used to tunnel SSH connections in case you choose not to use VPN.
internal_host: This is the target host you intend to connect to. If it's your personal PC in your office you know its name. Students can use an arbitrary shared student room PC like tardis-d12. If you're using a shared student PC, check it's availability at login.
eth_username: This is the username you use to log in anywhere on an ETH provided IT service.
eth_password: This is your password used in combination with your eth_username which lets you access ETH provided IT services, except for network authentications (see below).
eth_network_password: This is your password also used in combination with your eth_username which is used for authentication to network services like Wifi and VPN. It is different from your eth_password.
Connect to the ETH network
If current_host resides outside of the ETH network, you need to connect to it by initiating a VPN connection. The following steps explain the necessary prerequisites.
If current_host is alreay inside the ETH network, skip to the next paragraph.
Know your ETH network password
If you're unsure about your eth_network_password, login on password.ethz.ch with your regular eth_password and change your former eth_network_password to a new password.
Install the VPN client on your current host
Go to sslvpn.ethz.ch and follow the instructions provided there to download, install and configure the Cisco AnyConnect VPN client provided by central IT services.
To log in here you have to use your eth_username in combination with your eth_network_password.
If you have access to additional realms, a.k.a virtual private Zones (VPZ), you can list them by visiting realms.ethz.ch.
Initiate a VPN connection to your Linux host
Now you are ready to connect the VPN client on current_host to the ETH network and continue with the following steps.
Start a VNC server on your Linux host
To start a VNC server instance on internal_host, you need to initiate a SSH connection to it.
Initiate a SSH connection to your Linux host
If current_host is a Linux client, issue the command
ssh eth_username@internal_host
in your terminal and log in with your eth_password.
If current_host is a Windows 10 client you can use the optional installable feature (Apps -> Optional features -> OpenSSH Client) to issue the command as described for a Linux client above.
Alternatively, you can follow the article about WindowsDirectSSHAccess for a comfortable setup with putty on Windows.
Setup and start the VNC server
Configuration and start of a VNC server works with an ISG-provided wrapper script by issuing the command
vncserver
in your shell connected to internal_host.
Setup and first startup
If this is the first time you start vncserver, you will be asked to provide a password to allow access to the VNC server instance you start now and in the future. It is possible to set the password to allow only observing or also interacting with the VNC session. Select a strong password, as anyone on the ETH network can connect to your internal_host.
The setup followed by the startup process will look like this:
Creating directory /home/eth_username/.vnc...... Creating startup_file /home/eth_username/.vnc/xstartup..... You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n New 'default' desktop is internal_host:N Creating default config /home/eth_username/.vnc/config Starting applications specified in /home/eth_username/.vnc/xstartup Log file is /home/eth_username/.vnc/internal_host:N.log
Note the virtual display number N of your VNC server appearing after internal_host:. It is needed later to connect your VNC viewer on current_host to the VNC server instance on internal_host or to kill a vncserver process manually.
The default desktop started now is Xfce4. If you prefer a different desktop you have to kill the running vncserver process and start it again with the desktop of your choice.
Otherwise the vncserver process terminates after you log out of your desktop environment.
Terminating a running VNC server process
Issue the command
vncserver -kill :N
in a shell on internal_host.
Choose a non-default desktop
To start the VNC session with a non-default desktop, provide one of the options [xfce|gnome|kde|light|xterm]:
vncserver gnome
Option light starts the light desktop Fluxbox
Option xterm starts a minimal desktop with a window manager and a xterm terminal window. This option should be used if you intend to use your session to run only one application at the time and start said application on the command line.
Use a VNC viewer to view and control the desktop on your Linux host
If your current_host is an ISG-managed Linux computer a VNC viewer is installed.
- If it is a ISG-managed Windows computer you have to request installation of a VNC viewer.
- If you use your self-managed office or your personal home computer you have to install a viewer yourself.
VNC viewer software
The listed VNC software contains a viewer component and is available for both Linux and Windows:
TightVNC: Opensource
TigerVNC: Opensource, a fork of TightVNC with additional features
TurboVNC: Opensource, a fork of TightVNC with peak 3D/video performance as a goal
RealVNC: Freeware
The above list is not meant to be complete, feel free to install other solutions on your self-managed computer.
- TigerVNC viewer is installed on managed Linux clients
- On managed Windows clients, RealVNC viewer is installed on request
Connect your VNC viewer to the VNC server on your Linux host
On a Linux client issue the command
vncviewer internal_host:N
- On a Windows client ...
![/!\](/static/comp/img/alert.png "/!\"){kind=small}
unfinished from here on
If you terminate your VNC viewer without logging out of your desktop environment, your VNC session will stay active and you can reconnect to it later on.
Misc
Check (student) host availability
Check with the command htop if any other users are using C's resources right now. If they do, log out and log in to a different host.
A list of student hosts can be shown by issuing the command grep tardis /etc/hosts
Advanced usage
Some advanced configuration or usage examples have not yet been migrated from the previous documentation about VNC.
And Mac users?
To be documented. Hint: Everything you need is already available in macOS.