iCIS Intra Wiki
categories: Info - Support - Software - Hardware | AllPages - uncategorized
Remote Access: Difference between revisions
| Line 60: | Line 60: | ||
* https://www.howtogeek.com/devops/how-to-install-a-desktop-environment-on-your-headless-linux-server/ | * https://www.howtogeek.com/devops/how-to-install-a-desktop-environment-on-your-headless-linux-server/ | ||
==== | ==== via VPN ==== | ||
Although it is possible to set up a Remote Desktop connection via an SSH-tunnel, the preferred way (according to C&CZ) is to do it | Although it is possible to set up a Remote Desktop connection via an SSH-tunnel, the preferred way (according to C&CZ) is to do it | ||
| Line 67: | Line 67: | ||
This basically means that if you have setup a VPN connection with the faculty's VPN-server, you only need to make sure that your targetmachine is reachable from the VPN-server and that you are in the Local Remote Desktop users group. This typically needs to [https://cncz.science.ru.nl/en/howto/thuiswerken/#remote-desktop-last-resort be configured by C&CZ]. | This basically means that if you have setup a VPN connection with the faculty's VPN-server, you only need to make sure that your targetmachine is reachable from the VPN-server and that you are in the Local Remote Desktop users group. This typically needs to [https://cncz.science.ru.nl/en/howto/thuiswerken/#remote-desktop-last-resort be configured by C&CZ]. | ||
==== | ==== via SSH tunnel ==== | ||
Assuming that you want to run a remote desktop via a login server such as lilo.science.ru.nl you can do that via an SSH tunnel. | Assuming that you want to run a remote desktop via a login server such as lilo.science.ru.nl you can do that via an SSH tunnel. | ||
| Line 90: | Line 90: | ||
followed by the command: | followed by the command: | ||
rdesktop -u username localhost:13389 | rdesktop -u username localhost:13389 | ||
=== Remote desktop using VNC protocol === | === Remote desktop using VNC protocol === | ||
Revision as of 09:13, 3 September 2024
Remote access from Home to your Work
VPN
Not all network resources available at the university are not available when you are outside the university.
However when connected to a VPN one can have access to all network resources as like you are working on a computer located at the university locally.
Ssh terminal
You can always log in to one of the linux login servers with ssh. (eg. lilo.science.ru.nl).
You can also log in to a ssh server behind the university firewall, by using lilo as a jumping server:
ssh -J [USER1@]lilo.science.ru.nl [USER2@]SSH_SERVER
The USER between brackets is optional.
Remote desktop: from Home on your work machine's desktop
Protocol
There are multiple protocols to share your machine's desktop over the internet. The best protocol is RDP (Remote Desktop Protocol) from Microsoft. For both Windows and Linux there is a RDP server available. So for these platforms we advise to use RDP.
However on Macos there is currently no a RDP server available. Therefore we have to fallback to the VNC protocol on MacOS.
The RDP protocol is encrypted via SSL, however the VNC protocol is not encrypted. So for the VNC protocol we can setup an end-to-end ssh tunnel to provide a safe encrypted channel for the VNC protocol.
The RDP protocol by default uses port 3389. The VNC protocol by default uses port 5900. Although the RDP protocol is already encrypted, we still need a ssh tunnel to cross the firewall.
Conclusion
- RDP server
- use on Windows and Linux
- uses port 3389
- already encrypted with SSL
- only need ssh tunnel to pass the firewall (or ask C&CZ to configure VPN)
- VNC server
- use on Mac
- uses port 5900
- does not provide encryption
- need ssh tunnel to provide end-to-end encryption
Remote desktop using RDP protocol
On Windows you can enable a RDP server builtin windows. If you are trying to connect to a Windows Managed PC you should ask C&CZ to set these settings.
On Linux you can install xrdp to enable a RDP server on linux. Below are 2 manuals found in the internet describing the installation:
- https://ultahost.com/knowledge-base/install-and-connect-to-linux-server-with-xrdp/
- https://www.turbogeek.co.uk/how-to-install-xrdp-server-on-ubuntu-22-04/
- https://www.howtogeek.com/devops/how-to-install-a-desktop-environment-on-your-headless-linux-server/
via VPN
Although it is possible to set up a Remote Desktop connection via an SSH-tunnel, the preferred way (according to C&CZ) is to do it over VPN.
This basically means that if you have setup a VPN connection with the faculty's VPN-server, you only need to make sure that your targetmachine is reachable from the VPN-server and that you are in the Local Remote Desktop users group. This typically needs to be configured by C&CZ.
via SSH tunnel
Assuming that you want to run a remote desktop via a login server such as lilo.science.ru.nl you can do that via an SSH tunnel. We setup an SSH tunnel which does local port forwarding. It forwards all traffic that goes into the port 13389 on the local host to the port 3389 on the targetmachine.
Note: these instructions assume that the VNC server on the targetmachine is open on port 3389.
Run in a terminal the ssh command you can create this tunnel with the following command:
ssh -L 13389:targetmachine:3389 username@lilo.science.ru.nl
It causes a ssh tunnel to be created from localhost:3389 to lilo.science.ru.nl, where from lilo all traffic is forward to port 3389 on the targetmachine. The latter forward is not protected anymore with an ssh encrypted tunnel. Latter is also not needed because RDP by itself is already encrypted usin SSL.
To run above command on a Windows machine install Git for Windows which provides you with a terminal running the bash in which you can run above ssh command.
followed by the command:
rdesktop -u username localhost:13389
Remote desktop using VNC protocol
creating a secure remote VNC connection to your mac
Below are the instructions to setup the Vine VNC server on your mac, and setup an end-to-end encryption to protect the VNC traffic from earsdropping. We use the "RealVNC Viewer" app as VNC client because its free and gives best performance.
server
------
1) enable Remote Login (SSH) on your mac
2) install vine server
https://github.com/stweil/OSXvnc/releases/tag/V5.3.2
=> download dmg and install
start vine server (vnc server)
and configure it:
authentication
VNC Password -> select none. (because via ssh port forwarding authenticated)
turn checkbox for 'Require Remote Login (SSH)' on
`-> allows only connections to localhost, and not on externel ip,
so it enforces you to make an ssh tunnel into the machine!
3) in System Settings -> Privacy & Security -> Screen & System Audio Recording
(Allow the application to record the content of your screen and audio, even while using other applications)
enable
Vine Server (none-system instance)
OSX-vncserver (system instance)
in System Settings -> Privacy & Security -> Accessibility
(allow the application control your computer)
enable
Vine Server (none-system instance)
OSX-vncserver (system instance)
client
------
1) create tunnel to vine server from your
sshtunnel 5900 lilo8.science.ru.nl mymacmachinerunningvnc 5900
-> if we are on same local vast network , another vast network or
eduroam -> it always works!!
2) in "RealVNC Viewer" open server at 'localhost'
-> it warns you about insecure connection,
but that is not true because we use ssh tunnel we setup ourselves
=> so make it ignore these warnings in the future
in Options, in Expert tab, set
ScrollWheelThreshold to value 3
this fixes slow scrolling from connection not having a 4K monitor to
apple with 4K monitor!