View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 5 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
PostPosted: Sat Nov 15, 2008 10:12 am 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
This guide will show you how to connect via VNC to your mythtv (or any LINUX box) using ssh to tunnel your VNC connection securely. This also works with http so you can totally secure mythweb. I HIGHLY recommend that you use ssh tunnels when communicating w/ your computers (mythtv or otherwise) if you are doing so OUTSIDE the protection of your wired LAN. If you have a wireless LAN at home, it is even more important that you keep everything encrypted! After all, you don't want your personal info stolen or your machines to get haxored!

I'll give two scenarios:

#1 Connecting from Linux to LinHES/Knoppmyth
#2 Connecting from Windows to LinHES/Knoppmyth

I know most KM/LinHES users probably have a Windows machine as their primary desktop, but the Linux to Linux tunneling is so easy, I wanted to present it first.

I'm assuming you have ssh setup and working on your mythtv box. Also, if your windows machine is outside your LAN, you'll obviously need to have the port that you've used for ssh (default is 22) forwarded to the IP addy of your LINUX box so that ssh is freely open to the outside world. If you can't ssh into your box, you can't do this.

You'll be using ssh tunneling which is a very powerful and secure way to connect connect two machines on various ports. Note: it'll work for anything that runs on the port you select, not just vnc. I'll give you an example using http as well so you can securely access mythweb from a PC outside your LAN.

As a side note: you can make your ssh even more secure by following mihanson's guide.

:!: Special note for x11vnc
It is highly recommended that you amend the startup line for x11vnc in your /home/mythtv/.fluxbox/apps adding the -listen localhost switch which forces x11vnc to ONLY accept connections from itself. Since you're tunneling your connection through ssh, you are in effect connecting from the localhost so your connection -- provided it is tunneled through ssh -- will be allowed. All other connections to the vnc server will not be allowed.

This is advantageous for machines on wireless networks as well as machines who are either directly connected to the internet (i.e. no router) or for those behind routers with forwarded ports.

LINUX to LinHES/Knoppmyth

As mentioned above, ssl tunneling from Linux to Linux is trivial and is accomplished in a single shell command which you can even make into a script and call with one word or add to your ~/.bashrc as an alias also available via a single word.

The syntax is:
Code:
$ ssh IP.ADDY.OF.MYTHTV -l USERNAME -L 222/localhost/5900


Example, my mythtv box is 192.168.1.4 and my user on that box is disturbed:

Code:
$ ssh 192.168.1.4 -l disturbed -l 222/localhost/5900


Again, if you have an entry in your /etc/hosts for your LINUX server, you can use the hostname instead of the IP addy. To connect, just open your vnc client and again, connect to localhost:222 and you should be in business.

Windows to LinHES/Knoppmyth
If you're connecting from a Windows machine, doing so is trivial with PuTTY.

Load up PuTTY and create a new or edit an existing session for your LINUX machine setting up the IP addy or hostname (if you have it in your c:\windows\system32\drivers\etc\hosts file). Give the session a name and then expand the Connection>SSH>Tunnels option in PuTTY.

I. For source port, enter a number that you'll be connecting to on your WINDOWS box. I used 222.

II. For destination, use localhost:5900 since you're using the default 5900 port on your LINUX box.

Click the Add button and then save your session and connect.

Image

Once you're into your LinHES/Knoppmyth box, PuTTY is tunneling (via ssh) connections on the LINUX end from port 5900 to port 222 on your Windows box.

To connect via VNC to the LinHES/Knoppmyth box, simply point your VNC client on the Windows box to localhost:222 and the magic begins. LEAVE THE PUTTY WINDOW OPEN or else the encrypted tunnel will collapse!

Very cool, no? Not only are you circumventing the need to open (forward) an additional port on your router, you're using a very secure connection to access your mythbox.

This technique is useful for ANY network service on your LinHES/Knoppmyth box. For example, http. Now you can access your mythweb from away securely as well.

Source port: 10080
Destination: localhost:80

This configuration will securely tunnel port 80 on the mythtv box to port 10080 on your windows box. Therefore, simply point your windows browser to http://localhost:10080 and you should have your mythweb root displayed in the browser.

Related Articles
SSH Tunneling by example - Excellent article showing ssh usage beyond what I have shown here.

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Last edited by graysky on Sat Jun 27, 2009 4:21 am, edited 7 times in total.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Dec 13, 2008 9:31 pm 
Offline
Joined: Tue Jan 18, 2005 2:07 am
Posts: 1532
Location: California
Garysky, this is a great approach. I thought I would mention a variation on the theme that people can use if they aren't running their myth box 24x7. It's the same idea, but instead of connecting to the sshd deamon running on my knoppmythbox, I've replaced the netgear firmware in my router with dd-wrt. dd-wrt supports ssdh, cifs/samba and more. So I do exactly what you've described, but the putty session connects with my router. From there one can use WOL to wake up my knoppmyth box, connect to mythweb, etc.


Marc

_________________
Marc

The views expressed are my own and do not necessarily reflect the views of my employer.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Dec 14, 2008 4:57 am 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
That's cool, I seem to remember reading your guide to setting this up. I'm just too afraid to flash my router's firmware :)

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jan 03, 2009 1:51 am 
Offline
Joined: Tue Jan 18, 2005 2:07 am
Posts: 1532
Location: California
graysky, I wanted you to know that you just saved my a ton of time. I used your "howto" to establish a VNC connection to the mythtv box I built for my daughter to solve a problem. She lives an hour from my place, so you just saved me a ton of time -- thanks!

Marc

_________________
Marc

The views expressed are my own and do not necessarily reflect the views of my employer.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jan 03, 2009 3:52 am 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
Glad to hear someone found it useful :)

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu