Remote Access to the Fedora Linux Desktop from Windows or Linux
http://tniuli.blog.163.com/blog/static/164069419201073194230320/
Fedora provides remote desktop access. This provides two extremely useful features. Firstly it enables you or another person to view and interact with your desktop environment from another computer system either on the same network or over the internet. This is useful if you need to work on your computer when you are away from your desk such as while traveling or even sitting in a Wi-Fi enabled coffee shop. It is also useful in situations where a co-worker or IT support technician needs access to your desktop to resolve a problem.
Secondly, in
addition to providing access to your primary desktop (the one you see
when you switch on your monitor every morning) it enables you to create
multiple desktops and connect to them remotely.
The Fedora remote desktop functionality is based on technology called Virtual Network Computing (VNC) and in this chapter we will cover the key aspects of configuring and using remote desktops with Fedora Linux. It is important to note that there are both secure and insecure ways to access a remote desktop and both approaches will be covered.
Installing Remote Desktop Support
It
is possible that remote desktop support was not installed by default.
If it has been installed, a Remote Desktop option will be available in
the desktop System->Preferences menu. Another useful way to check
whether this package is installed is to run the following command from a
terminal window (Applications->System Tools->Terminal):
rpm -q vino
If
the rpm command reports package vino is not installed then the next
step is to perform the installation. This can be performed either using
the Add/Remove Software tool, launched by selecting
System->Administration->Add/Remove Software or from the command
prompt in a terminal window. Within the Add/Remove Software tool, search
for vino, select the checkbox next to the item in the results list and
click on Apply to install the package. To install from a terminal
window, enter the following:
su -
yum install vino
Once the installation is complete, the Remote Desktop option will now appear in the System->Preferences menu.
Activating Remote Desktop Access
The
next step in setting up remote desktop access is to activate it and
define some basic security settings. These settings are configured in
the Remote Desktop Preferences dialog. To access this dialog, open the
desktop System menu and select Preferences followed by Remote Desktop.
When selected the following window will appear:
ces followed by Remote Desktop. When selected the following window will appear:
In this dialog the following configuration options are available:
Allow others to view your desktop - Activates remote desktop access for viewing purposes.
Allow
other users to control your desktop - Allows users accessing your
remote desktop to control the desktop. In other words the remote user
can do anything to your desktop that they want using their mouse and
keyboard as if they were sitting physically at the local system.
You
must confirm each access to this machine - When selected, this option
causes a dialog to appear warning you of an attempt by a remote user to
connect and prompting you to confirm or deny the connection. If you are
likely to want to log in remotely you will need to turn this off since
you will not be at the local system to accept your own connection.
Require
the user to enter this password - Specifies a password which must be
entered by the remote user to access your desktop. It is strongly
advised that you select this option and specify a password.
Configure
network automatically to accept connections - Instructs the system to
automatically accept remote desktop connections. This is the setting
that you will want to activate before leaving your desk to travel
knowing you will need remote access while you are away.
Always
display icon - Causes the remote desktop icon to appear in the
Notification area of the top status bar when remote desktop access is
enabled (even when a remote user is not connected).
Only display an
icon when there someone is connected - Displays an icon on the
Notification area of the top status bar when a user is remotely
connected to the desktop.
Never display an icon - The Notification icon is never displayed regardless of the current state of the remote desktop system.
Finally
this screen specifies the command to run on the remote system to access
the desktop. Once you have configured Remote Desktop access you are
ready to try connecting.
Accessing a Remote Fedora Linux Desktop using Vinagre
As
mentioned previously there are both secure and insecure methods for
accessing a remote desktop. In this section we assume that the desktop
is being accessed by a remote system on the same local network where
security is not a concern. See the section later in this chapter for
establishing a secure connection if you are connecting from a system
outside your firewall.
Connection to the remote desktop may be
performed by running either the vncviewer tool, or the newer vinagre on
the system from which the remote desktop is to be accessed. On Fedora
systems, vinagre is not installed by default. To install vinagre on a
Fedora system, execute the following command in a terminal window
(Applications->System Tools->Terminal):
su -
yum install vinagre
To
access a remote desktop, open a terminal window and enter the command
specified in the Remote Desktop Preferences dialog, for example:
vinagre hostname:0
where
hostname is either the hostname or IP address of the remote system.
Alternatively, launch the tool via the
Applications->Internet->Remote Desktop Viewer menu option. Once
loaded, click on the Connect button and enter the IP address or name of
the remote system to which the desktop connection is to be established.
If you configured the remote system to prompt to approve a connection
the following dialog will appear on the desktop of the remote system:
Until
the connection is approved the vinagre session will wait. Once
approved, or if no approval is required, vinagre will prompt for the
password (assuming one was defined):
Enter the
password and vinagre will appear containing the desktop from the remote
system. If remote desktop control was enabled you can interact with the
desktop as if you were sitting at the remote screen. The following
figure illustrates a vinagre session attached to a remote Fedora
desktop. Note that only part of the remote desktop is displayed. The
entire desktop may be viewed by clicking on the Full Screen toolbar
button.
Accessing a Remote Fedora Linux Desktop using vncviewer
For
systems on which the vinagre tool is not available, the vncviewer tool
can be used to access remote desktops. This tool can be installed on
Fedora using the following command sequence in a terminal window:
su -
yum install tigervnc
The
vncviewer tool is available for a wide range of operating systems and
quick internet search will likely provide numerous links providing
details on how to obtain and install this tool on your chosen platform.
To access a remote desktop using vncviewer, execute the following command in a terminal window:
vncviewer hostname:0
where hostname is either the hostname or IP address of the remote system.
If
you configured the remote system to prompt to approve a connection a
dialog will appear on the remote system. Until the connection is
approved the vncviewer session will wait. Once approved, or if no
approval is required, VNC will prompt for the password (assuming one was
defined):
If you see a message similar to the
following then you will need to use the secure method of remote desktop
display outlined in the next section:
main: unable to connect to host: No route to host (113)
Otherwise,
enter the password and a new screen will appear containing the desktop
from the remote system. If remote desktop control was enabled you can
interact with the desktop as if you were sitting at the remote screen.
This
section assumed that the remote desktop was being accessed from a Linux
or UNIX system. Access is also possible from a Windows system.
Accessing a Remote Fedora Linux Desktop from a Windows System
In
order to access a Linux remote desktop from a Windows system the first
step is to install a Windows VNC client on the Windows system. There are
a number of VNC packages available for Windows. In this chapter we will
look at TightVNC (http://www.tightvnc.com).
Download and
install TightVNC on your Windows system. Once installed, launch the
TightVNC Viewer and in the resulting Connection details dialog enter the
IP address or hostname of the remote system and press OK. Enter the
password if one is required. The screen should load and display the
remote desktop,
You may also enter the port number in the form
hostname::5900 (screen 0 in VNC uses port 5900). TightVNC assumes port
5900 if none is specified but when we look at setting up additional
desktops later in this chapter we will need to specify port numbers in
order to connect.
Establishing a Secure Remote Desktop Session
The
remote desktop configurations we have explored so far in this chapter
are considered to be insecure because no encryption is used. This is
acceptable when the remote connection does not extend outside of an
internal network protected by a firewall. When a remote session is
required over an internet connection a more secure option is needed.
This achieved by tunneling the remote desktop through a secure shell
(SSH) connection.
Before a secure connection is established the
SSH server must be installed on the system to which the desktop
connection is to be established. For detailed steps on installing the
SSH server on a Fedora Linux system see Configuring Fedora Linux Remote
Access using SSH.
Once the SSH server is installed and active it
is time to move to the other system. At the other system, log in to the
remote system using the following command, which will establish the
secure tunnel between the two systems:
ssh -L 5900:localhost:5900 hostname
In
the above example, hostname is either the hostname or IP address of the
remote system. Log in using your account and password. The secure
connection is now established and it is time to launch vncviewer so that
it uses the secure tunnel. Leaving the ssh session running in the other
terminal window, launch another terminal and enter the following
command:
vncviewer localhost::5900
The vncviewer session will
prompt for a password if one is required, and then launch the VNC
viewer providing secure access to your desktop environment.
If
you are connecting to the remote desktop from outside the firewall keep
in mind that the IP address for the ssh connection will be the external
IP address provided by your ISP, not the LAN IP address of the remote
system (since this IP address is not visible to those outside the
firewall). You will also need to configure your firewall to forward port
22 (for the ssh connection) to the IP address of the system running the
desktop. It is not necessary to forward port 5900. Steps to perform
port forwarding differ between firewalls, so refer to the documentation
for your firewall, router or wireless base station for details specific
to your configuration.
Establishing a Secure Remote Desktop Session from a Windows System
A
similar approach is taken to establishing a secure desktop session from
a Windows system. Assuming that you have a VNC client installed (as
described above) the one remaining requirement is a Windows ssh client. A
popular free ssh client for Windows is (PuTTY).
Once PuTTY is
downloaded and installed the first step is to set up a secure connection
between the Windows system and the remote Linux system with appropriate
tunneling configured. When launched, PuTTY displays the following
screen:
Enter the IP address or host name of the remote
host (or the external IP address of the gateway if you are connecting
from outside the firewall). The next step is to set up the tunnel. Click
on the + next to SSH in the Category tree on the left hand side of the
dialog and click on Tunnels. The screen should appear as follows:
Enter
5900 as the Source port and localhost:5900 as the Destination and click
on Add. Finally return to the main screen by clicking on the Session
category. Enter a name for the session in the Saved Sessions text field
and press save. Click on Open to establish the connection. A terminal
window will appear with the login prompt from the remote system. Enter
your user login and password credentials.
The SSH connection is
now established. Launch the TightVNC viewer and enter localhost::5900 in
the VNC Server text field and click on Connect. The viewer will
establish the connection, prompt for the password and then display the
desktop. You are now accessing the remote desktop of a Linux system on
Windows.
Creating Additional Desktops
In the examples so far
we have only covered remote access to the primary desktop. By primary
desktop we mean the desktop you see when you sit at your computer and
turn on the monitor. While this is fine for a single user system we
should not lose sight of the fact that Linux is a multi-user operating
system and it will often be necessary for more than one person to have
remote desktop access at a time. While it might be fun to watch everyone
fight over the mouse pointer as they share the same desktop it is clear
that not much work will get done. The solution to this is to run
multiple desktops for the users to connect to.
New desktop environments are created using the vncserver utility which will need to be installed using the following commands:
su -
yum install tigervnc-server
The
desktop we have used so far in this chapter is desktop :0. New desktops
must be assigned different numbers. For example to launch desktop :1
run the following command from a terminal window command-line prompt:
vncserver :1
This
will start a new desktop in the background ready for a remote user to
connect to. To connect to the desktop follow the steps for connecting to
desktop :0 outlined above but this time use port 5901 instead of port
5900 (you will similarly use port 5902 for desktop :2 and so on). For
example, to connect using Vinagre, click on the Connect button in the
toolbar and enter the following information:
hostname:1
Where
hostname is the IP address or name of the system on which the new
desktop is running. Similarly, to connect using vncviewer:
vncviewer hostname:1
Attached to an Additional Desktop running on Older Fedora Versions
If
you are connecting to the remote desktop running on an older version of
Fedora, when the desktop appears you may notice that it doesn't look
much like the standard desktop:
The problem
here is that we need to configure the VNC session to launch the correct
desktop. To do this shutdown the VNC desktop session as follows:
vncserver -kill :1
Next go to your home folder and edit the .vnc/xstartup file. This will look similar to the following file:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
To
configure this startup script to launch the standard desktop (known as
the GNOME desktop) change the twm& line so that the file reads:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
unset SESSION_MANAGER
gnome-session &
Restart the vncserver:
vncserver :1 -extension XFIXES
Finally, reconnect from the remote system. The full desktop should now appear in the VNC viewer or Vinagre window.
浙公网安备 33010602011771号