-1Petr
Kulhanek
kulhanek@chemi.muni.cz
National Center for Biomolecular Research, Faculty of Science
Masaryk University, Kamenice 5, CZ-62500 Brno
Remote Access to Linux (Unix)
from MS Windows
Cygwin + TigerVNC (Remote Desktop)
PS / 2020 Distance form of teaching: Rev3
-2-
Cygwin
VNC
MS Windows
ssh tunnel
DESKTOP
DESKTOP
vncserver
vncviewer
unix socket
Remote
Linux
machine
TCP port > = 5900
firewall
-3-
VNC
1. VNC implements a remote desktop access. Unlike export of display, the remote desktop
is very fast and does not suffer as much latency.
2. VNC uses network ports 5900 and higher for network connection. Since these ports can
be exploited by unauthorized persons, they are disabled by the firewall on the WOLF
cluster. This measure greatly complicates the use of VNC.
3. Therefore, LCC support provides customized programs vncserver and vncviewer for
easy and secure use:
1. vncserver
1. it starts a VNC server that listens on a Unix socket (TCP network connections
on 5900 ports do not open)
2. the access to the Unix socket is restricted to the user running the VNC server
only
3. the default desktop is JWM (works on all remote machines), on some
machines it is possible to run full Ubuntu GNOME desktop (--fullgui option)
2. vncviewer
1. it establishes a ssh connection to the remote machine and creates a tunnel to
the Unix socket on the remote machine
2. starts VNC client that displays the remote desktop
-4-
Installation
-5Installing
Cygwin
1. Run installer of Cygwin environment, https://www.cygwin.com/, setup-x86_64.exe
2. Use default settings
1. Select download site from CZ (ending .cz)
2. Select packages: Install the following packages :(View: full; Search: balíček,
instead of Skip, choose the latest version)
1. krb5-workstation
2. openssh
3. nc
3. Start the Cygwin terminal
Cygwin environment can be used
for other purposes than exclusively
for NCBR TigerVNC.
-6Installing
VNC client
1. Following commands are performed in the Cygwin terminal on your computer.
2. Download the program installation package ncbr-tigervnc:
3. Run the installer:
4. Check that vncviewer program is available:
$ scp username@wolf02.ncbr.muni.cz:~kulhanek/Documents/C2110/Software/ncbr-tigervnc-cygwin64.run .
$ bash ncbr-tigervnc-cygwin64.run
$ type vncviewer
/usr/bin/vncviewer
space, dot
Comment:
• installer sets up Cygwin environment to use Kerberos
protocol for META realm
• installs file /etc/krb5.conf (always)
• installs the file ~/.ssh /config (if it doesn't exist)
-7Additional
Configuration
Host *
# ...
SendEnv LANG LC_*
HashKnownHosts no
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
User kulhanek
You can add your username, that you use on remote Unix machines, to file ~/.ssh/config.
The configuration can also be changed for specific machines (Guests), see man ssh_config.
Petr Kulhánek@DESKTOP-272HMB1 ~
$ ssh kulhanek@wolf02.ncbr.muni.cz
Petr Kulhánek@DESKTOP-272HMB1 ~
$ ssh wolf02.ncbr.muni.cz
You must explicitly specify
the username.
It is not necessary to specify the
username, it will be taken from
config file. Also applies to scp.
-8-
Usage
https://wolf.ncbr.muni.cz » Internal part
Actual overview of all GUI sessions on a WOLF cluster can be obtained here:
To log in, use the e-INFRA account that you use to log
in to the WOLF cluster.
first run vncserver on unoccupied machines (green) and then on machines running
fewer instances of the GUI sessions.
-9Manual
Summary
1
2
1 Run vncserver on the REMOTE computer (using putty or ssh v Cygwin)
2 Run vncviewer on YOUR computer (in Cygwin)
-10-
1. Start VNC server
Following commands are performed in Cygwin terminal, vncserver runs on remote machine.
0. Verify
• that you have valid krb5 tickets (klist)
• or renew them
• either MIT Kerberos for Windows (see previous presentations)
• or in the Cygwin terminal with the command kinit username@META
1. Log in to the remote machine using ssh, e.g., to the node wolf02.ncbr.muni.cz
2. Activate the tigervnc module
3. Start a VNC server with full Ubuntu GNOME
or with a lightweight JWM desktop
[myPC]$ ssh wolf02.ncbr.muni.cz
[wolf02]$ module add tigervnc
[wolf02]$ vncserver --fullgui
[wolf02]$ vncserver
-11-
1. Start the VNC server, cont.
[kulhanek@wolf02 ~]$ vncserver
>>> TigerVNC server started succesfully!
Logs: ~/.vnc/wolf02.ncbr.muni.cz.1.startlog ~/.vnc/wolf02:1.log
VNCID: kulhanek@wolf02.ncbr.muni.cz:1
to diagnose possible
problems
VNC session identifier
Comments:
• After starting the VNC server, it is possible to terminate the ssh connection
to the remote machine.
• It is not appropriate to run multiple VNC servers.
• An overview of running servers can be obtained using:
$ vncserver -list
• The VNC server can be explicitly terminated (vncserver -kill <ID>, ID is
printed by the -list option). ATTENTION! Any unsaved work will be lost.
-12-
2. Start VNC viewer
Following commands are performed in Cygwin terminal, vncviewer is running on your
computer.
0. Verify
• that you have valid krb5 tickets (klist)
• or renew them
• either MIT Kerberos for Windows (see previous presentation)
• or in the Cygwin terminal with the command kinit username@META
1. Launch the VNC viewer. Use the VNCID listed when starting the VNC server as an
argument.
[myPC]$ vncviewer kulhanek@wolf02.ncbr.muni.cz:1
-13Exit
vs Disconnect
1. The VNC server terminates when
• you log out from the desktop (Gnome: Logout; JWM: Exit)
• server can be explicitly killed (vncserver -kill), use this with precaution as it can
result in data lost
2. Disconnection from the VNC server occurs when
• network connection is lost
• VNC viewer window is closed
3. To re-establish the connection, you must open the VNC viewer again with the same
VNCID.
You must always exit a VNC session when you are finished so that
you do not block resources for other users.
-14Exit
vs Disconnect
vncviewer window close = disconnect
log out = exit
exit
You must always exit a VNC session when you are finished so that
you do not block resources for other users.
-15Showcase
of Ubuntu Desktop
Starting the VNC
server, the terminal
can be terminated
Start VNC viewer
gimpRemote Desktop
Ubuntu GNOME
Remote Desktop
Ubuntu GNOME
-16Possible
Problems
1. Correct location of the ssh command in Cygwin is /usr/bin/ssh.
2. Some antivirus protection software were reported to block this application. This can
result in use of incorrect ssh command from the MS Windows environment
(/cygdrive/c/WINDOWS/System32/OpenSSH/ssh).
3. Solution:
➢ Use MS Defender, remove other antivirus solutions.
➢ Create an exception in your antivirus program for network use by the ssh
command from Cygwin.
Petr Kulhánek@DESKTOP-272HMB1 ~
$ type ssh
ssh je /usr/bin/ssh