Remote graphical access to Linux stations via VNC

Translated using

Machine-translated page for increased accessibility for English questioners.

Page in original, Czech language.

Remote graphical access to Linux stations

This tutorial describes how to connect to nymfe* machines, but can be similarly used for musa* machines.

Instructions for Windows 10 and Linux

You need to activate the SSH client before logging in from Windows, see the instructions.

1. Setting the local variable LOGIN

Open the Windows PowerShell ( , hint: you can paste from the clipboard by right-clicking, copy Enter), or the Bash shell ( ). Set the variable LOGIN (in the command below, replace "xlogin" with your faculty login):

Windows
```
PS C:\Users\user> $LOGIN="xlogin"
```
Linux
```
local$ LOGIN=xlogin
```

2. Selecting the Nymfe machine and port

Randomly select one of the permanently running Nymfe machines and also the port to be used for VNC:

Windows

PS C:\Users\user> $NN= "0" + $(Get-Random -Maximum 3 -Minimum 1)
PS C:\Users\user> $LC_PORT = $((5900 + $(Get-Random -Maximum 100)))
PS C:\Users\user> echo $LC_PORT

Make a note of the port number for later use.

Linux

   local$ NN=0$((RANDOM % 2 + 1)) && \
       export LC_PORT=$((5900 + RANDOM % 100)) && \
       echo $LC_PORT >/tmp/fi-nymfe-vnc-port

3. Creating an SSH tunnel

Nymfe machines are only accessible from the FI network, so you need to log in via Aisu. Connect via SSH, turn on compression and create a tunnel. You'll need to enter the password twice (unless you're using an SSH key), and you'll also need to confirm the SSH keys the first time you connect.

The goal of this point is to securely access the VNC port of Nymfe on the local machine. Alternatively, you can use a faculty VPN- then there is no need to use a jump host when logging in via SSH.

Windows

SSH in Windows has a bug (written in February 2020) that makes the -J (jump host) switch not work. However, this can be worked around by using the config configuration file in the home directory under the .ssh folder.

Create a file C:\Users\user\.ssh\config ("user" is your Windows user) with the following content (replace "XLOGIN" with your faculty login):
```
 Host nymfe*.fi.muni.cz
     ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe XLOGIN@aisa.fi.muni.cz -W %h:%p
```
Now we can connect:
```
 PS C:\Users\user> ssh -C $LOGIN@nymfe$NN.fi.muni.cz -L $LC_PORT":localhost:"$LC_PORT
```
Linux

   local$ ssh -CJ $LOGIN@{aisa,nymfe$NN}.fi.muni.cz -L $LC_PORT:localhost:$LC_PORT -o SendEnv=LC_PORT

4. Setting the password for VNC

Set a random VNC password (this is useful due to the possibility of a brute force attack while the VNC server is running), make a note of the password. You only need to do this step once the first time you use this tutorial, but you can also repeat it each time.

nymfe$ { pwgen 8 1 | tee /dev/std{out,err}; echo n; } | vncpasswd; echo

5. Setting the graphical session type

Make sure to set the graphical session type (this step does not need to be repeated):

nymfe$ test -f ~/.dmrc || echo -e "[Desktop]\nSession=default" >~/.dmrc

6. Creating a session

Create a session x11vnc including the creation of a new X server. You can change the remote desktop dimensions by editing the -geometry parameter. Variable forwarding does not work from Windows ( ), so replace "$LC_PORT" in the command with the port number you obtained in step 2.

nymfe$ x11vnc -auth .Xauthority -N -localhost -rfbport $LC_PORT -usepw -create -geometry 1280x1024

Do not close the terminal window.

7. Connecting to Nymph

Connect from your machine to Nymfe using the VNC client (use the password from step 4):

Windows

For Windows, you can download e.g. Real VNC Viewer (you can also choose a standalone version without installation).

Address: localhost:LC_PORT ("LC_PORT" replace the port number from step 2).

Don't be alarmed by the warning about the unencrypted connection, the connection from your machine to Nymfe is encrypted thanks to the SSH tunnel.

Linux

local$ vinagre localhost:$(cat /tmp/fi-nymfe-vnc-port)

Notes:

Connections using this procedure run through X.Org, while the default graphics session on the machine runs through Wayland. The user experience may therefore differ slightly.
If you only see a black background with a white terminal ( xterm), there is probably a problem with the session setup. In this case, try running it manually via this terminal:
```
 xterm$ gnome-session
```

Correct session termination

Log out of the Gnome session, which will terminate the VNC client as well as the VNC and X server (it may take a while, estimated 20 seconds, before you get the Log Out: wait prompt)
if the step above fails for some reason, exit x11vnc with the shortcut Ctrl-Cand run gnome-session-quit --force --logout
in any case, check for any leftover processes and kill them ( ps ux, kill PID, or if you don't have any other graphics processes running on your machine, systemctl --user stop dbus ssh-agent gpg-agent may also help )