Home

Secure VNC



Purpose

The purpose of these scripts is to use a secure connection for VNC via ssh.

This is realised with two scripts: one for the server on the Solaris box and one for the client on a Windows or OS/2 box.

svs.sh is the script that starts the VNC server on the Solaris box and the batch file svc.cmd / svc_os2.cmd starts the VNC client on the Windows or OS/2 box.

Note: It shouldn't be to difficult to create a shell script for a Unix client using the Windows batch file as template.


Back to top

License


# CDDL HEADER START
#
# The contents of this file and the scripts are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END


Back to top

History


Version
Releasedate
         Description

13.01.2005
0.02
11.05.2005
added more parameter





Back to top

Operating system

Server: Solaris , Client : any Client with an ssh client and a VNC client


Back to top

Language / type

Kornshell Script (Solaris); Batchfiles (Windows, OS/2)


Back to top

Prerequisites

VNC server on the Solaris Box, VNC client on the Windows or OS/2 Box
sshd and ssh on the Solaris box and an ssh on the Windows or OS/2 Box

VNC and ssh should be fully configured and running before using these scripts.

Port forwarding must be enabled for sshd:

# in sshd_config:

# Port forwarding
AllowTcpForwarding yes

Due to the fact that neither ssh nor VNC uses a privileged port this solution can be used by any Unix user account.


Back to top

Usage

on the server:

svs.sh:

bash-2.05# svs.sh -h
Usage: svs.sh {start|startmed|startbig|startuser geometry|startsmall|stop|status|statusall} [displaynumber]


Display resolutions

Parameter
Resolution
start
1280x960
startsmall
1024x768
startmed
1280x960
startbig
1600x1200
startuser
userdefined (geometry must be in the format NxM; where N is the horizontal resolution and M is the vertical resolution)


displaynumber


You may use any number beginning with 1 but svs called with the parameter statusall only displays the status of the VNC server with the display numbers from 1 to 9. The default display number is 1.


on the client:


svc.cmd / svc_os2.cmd:

svc displaynumber targethost ssh_user


Back to top

Examples

On the server:

# start a Secure VNC Server on display 1 (Port 5901, ext 7901) with the resolution 1024x768
svs.sh startsmall 1

# start a Secure VNC Server on display 9 (Port 5909, ext. 7909) with the resolution 1600x1200
svs.sh startbig 9

# start a Secure VNC Server on display 8 (Port 5908, ext. 7908) with the resolution 1000x800
svs.sh startUser 1000x800 8

# show the status of the VNC Server on display 1 (Port 5901)
svs.sh status

# show the status of the VNC Server for display 1 to 9 (Port 5901 to 5909, ext. 7901 to 7909)
svs.sh statusall

# stop the Secure VNC Server on display 1 (Port 5901, ext. 7901)
svs.sh stop 1

On the client

REM start a VNC viewer for display 1 (port 5901) on the host sol9
svc 1 sol9




Back to top

Notes


The ports used are

display
Number
export DISPLAY=
VNC on the server
SSH on the server
SSH on the client
VNC on the Client
1
<hostname>:1.0
5901
7901
7901
5901
2
<hostname>:2.0 5902
7902
7902
5902
...

...
...
...
...
9
<hostname>:9.0 5909
7909
7909
5909


Use "localhost:590{displaynumber}" for the VNC client.

If using these scripts through a firewall, make sure that the port used for the ssh connection (790x) is not blocked by the firewall.

You may use any free port number for the ssh connections. Please change the script if you need to use other port numbers.

The VNC Server started with svs.sh only listens to connections from localhost - you can not connect directly to the VNC Server from another host.


Back to top

Download


Download svs.sh
Download svc.cmd for Windows
Download svc_os2.cmd for OS/2


VNC Homepage (new window)


Back to top