iCIS Intra Wiki
categories: Info - Support - Software - Hardware | AllPages - uncategorized
Remote Access: Difference between revisions
No edit summary |
|||
| Line 107: | Line 107: | ||
server | |||
------ | |||
1) enable Remote Login (SSH) on your mac | |||
2) install vine server | |||
https://github.com/stweil/OSXvnc/releases/tag/V5.3.2 | |||
=> download dmg and install | |||
start vine server (vnc server) | |||
and configure it: | |||
authentication | |||
VNC Password -> select none. (because via ssh port forwarding authenticated) | |||
turn checkbox for 'Require Remote Login (SSH)' on | |||
`-> allows only connections to localhost, and not on externel ip, | |||
so it enforces you to make an ssh tunnel into the machine! | |||
3) in System Settings -> Privacy & Security -> Screen & System Audio Recording (Allow the application to record the content of your screen and audio, even while using other applications) | |||
enable | |||
Vine Server (none-system instance) | |||
OSX-vncserver (system instance) | |||
in System Settings -> Privacy & Security -> Accessibility (allow the application control your computer) | |||
enable | |||
Vine Server (none-system instance) | |||
OSX-vncserver (system instance) | |||
client | client | ||
------ | ------ | ||
1) create tunnel to vine server from your | |||
sshtunnel 5900 lilo8.science.ru.nl mymacmachinerunningvnc 5900 | |||
-> if we are on same local vast network , another vast network or | |||
eduroam -> it always works!! | |||
2) in "RealVNC Viewer" open server at 'localhost' | |||
-> it warns you about insecure connection, | |||
but that is not true because we use ssh tunnel we setup ourselves | |||
=> so make it ignore these warnings in the future | |||
in Options, in Expert tab, set | |||
ScrollWheelThreshold to value 3 | |||
this fixes slow scrolling from connection not having a 4K monitor to | |||
apple with 4K monitor! | |||
Revision as of 08:36, 3 September 2024
VPN
Not all network resources available at the university are not available when you are outside the university.
However when connected to a VPN one can have access to all network resources as like you are working on a computer located at the university locally.
Ssh terminal
You can always log in to one of the linux login servers with ssh. (eg. lilo.science.ru.nl).
You can also log in to a ssh server behind the university firewall, by using lilo as a jumping server:
ssh -J [USER1@]lilo.science.ru.nl [USER2@]SSH_SERVER
The USER between brackets is optional.
Remote desktop: from Home on your work machine's desktop
Protocol
There are multiple protocols to share your machine's desktop over the internet. The best protocol is RDP (Remote Desktop Protocol) from Microsoft. For both Windows and Linux there is a RDP server available. So for these platforms we advise to use RDP.
However on Macos there is currently no a RDP server available. Therefore we have to fallback to the VNC protocol on MacOS.
The RDP protocol is encrypted via SSL, however the VNC protocol is not encrypted. So for the VNC protocol we can setup an end-to-end ssh tunnel to provide a safe encrypted channel for the VNC protocol.
The RDP protocol by default uses port 3389. The VNC protocol by default uses port 5900. Although the RDP protocol is already encrypted, we still need a ssh tunnel to cross the firewall.
Remote desktop using RDP protocol
On Windows you can enable a RDP server builtin windows.
On Linux you can install xrdp to enable a RDP server on linux. Below are 2 manuals found in the internet describing the installation:
- https://ultahost.com/knowledge-base/install-and-connect-to-linux-server-with-xrdp/
- https://www.turbogeek.co.uk/how-to-install-xrdp-server-on-ubuntu-22-04/
- https://www.howtogeek.com/devops/how-to-install-a-desktop-environment-on-your-headless-linux-server/
Remote desktop via VPN
Although it is possible to set up a Remote Desktop connection via an SSH-tunnel, the preferred way (according to C&CZ) is to do it over VPN.
This basically means that if you have setup a VPN connection with the faculty's VPN-server, you only need to make sure that your targetmachine is reachable from the VPN-server and that you are in the Local Remote Desktop users group. This typically needs to be configured by C&CZ.
Remote desktop via SSH tunnel
Assuming that you want to run a remote desktop via a login server such as lilo.science.ru.nl you can do that via an SSH tunnel.
Note: these instructions assume that the port 3389 is open on the targetmachine and that you have an account that is part of the Local Remote Desktop user group. If you are trying to connect to a Windows Managed PC you should ask C&CZ to set these settings.
linux/mac
On linux/mac you can do something like:
ssh -L 13389:targetmachine:3389 username@lilo.science.ru.nl
It causes a ssh tunnel to be created from localhost:3389 to lilo.science.ru.nl, where from lilo all traffic is forward to port 3389 on the targetmachine. The latter forward is not protected anymore with an ssh encrypted tunnel. Latter is also not needed because RDP by itself is already encrypted usin SSL.
followed by the command:
rdesktop -u username localhost:13389
windows
If you are on Windows you can use the program Tunnelier.
In the Login tab you should set the following parameters:
Host: lilo.science.ru.nl Port: 22 Username: your username at the login server
In the C2S Fwding tab you should Add a row and set the following parameters:
Status: enabled Listen Interface: 127.0.0.1 List. Port: 13389 Destination Host: targetmachine Dest. Port: 3389
Now first connect to the login server using the Login button. Then you can start RemoteDesktop and connect to the address:
127.0.0.1:13389.
Remote desktop using VNC protocol
creating a secure remote VNC connection to your mac
server ------
1) enable Remote Login (SSH) on your mac
2) install vine server
https://github.com/stweil/OSXvnc/releases/tag/V5.3.2
=> download dmg and install
start vine server (vnc server)
and configure it:
authentication
VNC Password -> select none. (because via ssh port forwarding authenticated)
turn checkbox for 'Require Remote Login (SSH)' on
`-> allows only connections to localhost, and not on externel ip,
so it enforces you to make an ssh tunnel into the machine!
3) in System Settings -> Privacy & Security -> Screen & System Audio Recording (Allow the application to record the content of your screen and audio, even while using other applications)
enable
Vine Server (none-system instance)
OSX-vncserver (system instance)
in System Settings -> Privacy & Security -> Accessibility (allow the application control your computer)
enable
Vine Server (none-system instance)
OSX-vncserver (system instance)
client
------
1) create tunnel to vine server from your
sshtunnel 5900 lilo8.science.ru.nl mymacmachinerunningvnc 5900
-> if we are on same local vast network , another vast network or
eduroam -> it always works!!
2) in "RealVNC Viewer" open server at 'localhost'
-> it warns you about insecure connection,
but that is not true because we use ssh tunnel we setup ourselves
=> so make it ignore these warnings in the future
in Options, in Expert tab, set
ScrollWheelThreshold to value 3
this fixes slow scrolling from connection not having a 4K monitor to
apple with 4K monitor!