You want to use more convenient than proprietary solutions and has more security than ssh to access remote desktop? this article will describe a good way, this is we never before introduced a technology.
The idea is to use SSL for embedding in a Web page in a simple VNC Viewer provides security. This means that virtually any can handle Java Web browser can view the remote desktop, and interact with it; for a typical scenario, this is a function of very powerful solution, including telephone collaboration, technical support and supply. The computer where the screen where the computer in a location performs an action that in other parts of the people want to see the results. Meet this description is very much, this feature is almost the same amount. One method is to use a regular single desktop as a use of the HTTPS protocol for the protection of the WebURL address to publish, and those non-software experts who work together, this is especially convenient. Through a connection to the remote desktop of the hyperlink or the browser's address bar, enter the URL for remote access, which "civilians" is very convenient for users. Just take a few minutes, you can build your own remote desktop. This approach is an important feature is its authentication method: it is not based on the logging level of the account number, which is common IPv6 based on ssh, OpenVPN, and most of the proprietary product of remote access mechanism, we will show how to set up for SSL account/password pair. This is a "lightweight" method, and the desktop host for other purposes. At the same time, this approach is widely used on the Web, and is a key technology, most of the developers came to this very familiar. Although only a few steps can be achieved through SSL to access VNC, but the configuration of the core there is a complex issue: JvaVNC client does not connect to those who own the certificate SSL site. Rather, the popular browser with JVM usually needs to be "trusted third parties" certification authority (CA) that signed the certificate. This article on the readers had effectively classification. May be due to management or development of secure Web sites require you to have begun to use SSL, then you can immediately use in VNC-through-SSL project to the same Web server and a signed certificate. If you don't already have the background knowledge using SSL, then this kind of technology is not a very good start. For you, the more traditional ssh tunnel or Hamachi and commercial solutions possible is the way to the remote desktop easy starting point. For more information, please refer to the sidebar of certificates and SSL. Method for the first step is to Setup VNC server and the corresponding tunnel. For this step, you must have a valid key file can be created, including a private key and a public key. The keys are placed in/etc/ssl/certs/stunnel.pem. This example uses the TightVNC server and display: 5. 1. start list TightVNC server and tunnel $ tightvncserver: 5 $ stunnel-d5705-r5905-p/etc/ssl/certs/stunnel.pem although most Linux host is set to allow any user can start vncserver, but you will probably need root privileges to effectively use stunnel. Depending on the host's security model, the best you can do is execute the following command: sudostunnel .... Now, the server should be there to address: 5905 provides an unencrypted connections, and is there: 5705 provides an encrypted connection. Use any convenient VNC Viewer to verify that the connection is not encrypted, redirect to yourhost: 5. To ensure that stunnel has already started and is running, use the following command to search for the system log: list 2. check the stunnel has been successfully # grepstunnel/var/log/syslog | tail-24Aug2118: 58: 17therestunnel [5453]: Using ' 5905 ' astcpwrapperservicenameAug2118: 58: 17therestunnel [5453]: stunnel3.26oni386-pc-linux-gnuPTHREAD + LIBWRAPwithOpenSSL0.9.7e25Oct2004Aug2118: 58: 17therestunnel [5454]: FD_SETSIZE = 1024, fileulimit = 1024-> 500clientsallowed error — the key file is not valid, do not have sufficient permissions, or the port is already in use — to appear in the same log file. For example, if the missing keys, in the journal form: Aug2118: 58: 17therestunnel [5453]:/etc/ssl/certs/stunnel.pem: Nosuchfileordirectory (2) because the server can handle concurrently without encryption and encrypted port, let's go to VNCWeb client. To enable this feature, you need to download the project from x11vnc SSL-enabled JavaVNC Viewer. In the download source tarball file, you can use x11vnc-x.y.z/classes/ssl/VncViewer.jar and x11vnc-x.y.z/classes/ssl/SignedVncViEwer.jar in Java code. Sets a directory to hold the contents of the VNC, VncViewer.jar copy to this directory and creates an HTML source file. The sample HTML file allows SSL connections to there: 5705: HTTP and HTTPS for the applet. Assuming that the HTML and Jar files on port 80 using HTTP, URI, then the address for/vnc will display this http://there/vnc desktop. Remember to have on your Java-enabled browser! also takes note of the HOST and the source address to use the same host name; Javaapplet security model must be required to do so.
No comments:
Post a Comment