«
»

Establishing a Secure Remote Desktop Session

The remote desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewall. When a remote session is required over an internet connection a more secure option is needed. This achieved by tunneling the remote desktop through a secure shell (SSH) connection.

Before a secure connection is established the SSH server must be installed in the desktop to which the connection is to be established. For detailed steps on installing the SSH server on an Fedora Linux system see Configuring Fedora Linux Remote Access using SSH.

Once the SSH server is installed and active it is time to move to the other system. At the other system, log in to the remote system using the following command, which will establish the secure tunnel between the two systems:

ssh -L 5900:localhost:5900 hostname

In the above example, hostname is either the hostname or IP address of the remote system. Log in using your account and password. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel. Leaving the ssh session running in the other terminal window, launch another terminal and enter the following command:

vncviewer localhost::5900

The vncviewer session will prompt for a password if one is required, and then launch the VNC viewer providing secure access to your desktop environment.

If you are connecting to the remote desktop from outside the firewall keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the LAN IP address of the remote system (since this IP address is not visible to those outside the firewall). You will also need to configure your firewall to forward port 22 (for the ssh connection) to the IP address of the system running the desktop. It is not necessary to forward port 5900. Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration.

This entry was posted on Thursday, June 25th, 2009 at 6:10 pm and is filed under Apache server, How to, Knowledge, Linux system, Tutorials. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4 out of 5)
Loading ... Loading ...

Related Articles

Random Articles

Post a Comment