This guide will show you how to connect via VNC to your mythtv (or any LINUX box) using ssh to tunnel your VNC connection securely. This also works with http so you can totally secure mythweb.
I HIGHLY recommend that you use ssh tunnels when communicating w/ your computers (mythtv or otherwise) if you are doing so OUTSIDE the protection of your wired LAN. If you have a wireless LAN at home, it is even more important that you keep everything encrypted! After all, you don't want your personal info stolen or your machines to get
haxored!
I'll give two scenarios:
#1 Connecting from Linux to LinHES/Knoppmyth
#2 Connecting from Windows to LinHES/Knoppmyth
I know most KM/LinHES users probably have a Windows machine as their primary desktop, but the Linux to Linux tunneling is so easy, I wanted to present it first.
I'm assuming you have ssh setup and working on your mythtv box. Also, if your windows machine is outside your LAN, you'll obviously need to have the port that you've used for ssh (default is 22) forwarded to the IP addy of your LINUX box so that ssh is freely open to the outside world. If you can't ssh into your box, you can't do this.
You'll be using ssh tunneling which is a very powerful and secure way to connect connect two machines on various ports. Note: it'll work for
anything that runs on the port you select, not just vnc. I'll give you an example using http as well so you can securely access mythweb from a PC outside your LAN.
As a side note: you can make your ssh even more secure by following
mihanson's guide.
Special note for x11vnc
It is highly recommended that you amend the startup line for x11vnc in your
/home/mythtv/.fluxbox/apps adding the
-listen localhost switch which forces x11vnc to ONLY accept connections from itself. Since you're tunneling your connection through ssh, you are in effect connecting from the localhost so your connection -- provided it is tunneled through ssh -- will be allowed. All other connections to the vnc server will not be allowed.
This is advantageous for machines on wireless networks as well as machines who are either directly connected to the internet (i.e. no router) or for those behind routers with forwarded ports.
LINUX to LinHES/Knoppmyth
As mentioned above, ssl tunneling from Linux to Linux is trivial and is accomplished in a single shell command which you can even make into a script and call with one word or add to your ~/.bashrc as an alias also available via a single word.
The syntax is:
Code:
$ ssh IP.ADDY.OF.MYTHTV -l USERNAME -L 222/localhost/5900
Example, my mythtv box is 192.168.1.4 and my user on that box is disturbed:
Code:
$ ssh 192.168.1.4 -l disturbed -l 222/localhost/5900
Again, if you have an entry in your /etc/hosts for your LINUX server, you can use the hostname instead of the IP addy. To connect, just open your vnc client and again, connect to
localhost:222 and you should be in business.
Windows to LinHES/Knoppmyth
If you're connecting from a Windows machine, doing so is trivial with
PuTTY.
Load up PuTTY and create a new or edit an existing session for your LINUX machine setting up the IP addy or hostname (if you have it in your c:\windows\system32\drivers\etc\hosts file). Give the session a name and then expand the
Connection>SSH>Tunnels option in PuTTY.
I. For source port, enter a number that you'll be connecting to on your WINDOWS box. I used
222.
II. For destination, use
localhost:5900 since you're using the default 5900 port on your LINUX box.
Click the
Add button and then save your session and connect.
Once you're into your LinHES/Knoppmyth box, PuTTY is tunneling (via ssh) connections on the LINUX end from port 5900 to port 222 on your Windows box.
To connect via VNC to the LinHES/Knoppmyth box, simply point your
VNC client on the Windows box to
localhost:222 and the magic begins. LEAVE THE PUTTY WINDOW OPEN or else the encrypted tunnel will collapse!
Very cool, no? Not only are you circumventing the need to open (forward) an additional port on your router, you're using a very secure connection to access your mythbox.
This technique is useful for ANY network service on your LinHES/Knoppmyth box. For example, http. Now you can access your mythweb from away securely as well.
Source port: 10080
Destination: localhost:80
This configuration will securely tunnel port 80 on the mythtv box to port 10080 on your windows box. Therefore, simply point your windows browser to
http://localhost:10080 and you should have your mythweb root displayed in the browser.
Related Articles
SSH Tunneling by example - Excellent article showing ssh usage beyond what I have shown here.