Blog

VZDÁLENÁ SPRÁVA

RDP

Remote Desktop Protocol, or RDP, is a proprietary protocol that allows its users to graphically control a remote computer.
RDP is usually intended for 1:1 usage, and many remote computers can share the resources of a main computer through
different profiles. Being Microsoft’s proprietary protocol, RDP works only with Windows systems, although the client
is available for nearly all operating systems such as Mac, Android, and Linux.

Serverová část implementace RDP pro unixové systémy se jmenuje xrdp a je k dispozici jako open source software.
Implementace RDP klienta se jmenuje rdesktop a je též k dispozici jako open source software.
Pro grafická prostředí lze použít jako frontend program tsclient.

VNC

Virtual Network Computing, or VNC, is a graphical desktop sharing system that lets its users remotely control a computer
while the main user can interact and watch. It is pixel-based, which means it is more flexible than RDP. VNC is
platform-independent, which means it can easily be used across Mac, Windows, Linux, Raspberry Pi, and other platforms
to share a desktop across different computers, and there are no limits in using VNC applications to connect to different
computers on different platforms.

X11VNC

FUNGUJE TO :)

1) remote pc (ten PC ktery chci ovladat) ma napr. IP "192.168.0.2"
sudo apt-get install x11vnc <===> pokud neni jiz nainstalovany x11vnc server tak nainstalujeme timto prikazem
x11vnc -display :0 <===> spustim x11vnc server
x11vnc <===> spustim x11vnc server // server musim spoustet pokazde, kdyz spojeni spadne nebo se prerusi

## By default x11vnc will use display :0, however, this can be changed using the -display option.

2) local pc (ten PC kterym chci ovladat jiny PC)
!!!!ALE NEJDE TO PRES CLI - POUZE POKUD TO DELAM Z X11WINDOW!!!
apt-get install xvnc4viewer <===> pokud neni jiz nainstalovany x11vnc client/viewer tak nainstalujeme timto prikazem
vncviewer 192.168.0.2:0 <===> spustim klienta VNC a ovladam PC 1 (IP 192.168.0.2)


----------
Restrict access with a password
----------

There are basically three ways we can setup authentication using x11vnc, they correspond to the -passwd, -storepasswd, and -passwdfile options.
Let’s see briefly how they modify the behavior of the program.

----------
-passwd
----------

The first method is represented by the use of the -passwd option which let us provide a runtime, one-shot, plain-text
password directly in the terminal: it will not be saved anywhere, and will just be used for the launched session.

----------
-storepasswd
----------

The second method, is to use the -storepasswd option: it accepts two optional arguments: pass and file, to specify
respectively the password and the file in which it should be stored. However, if used with no arguments, it will
prompt for the password interactively, and it will be stored in the ~/.vnc/passwd file. Finally, if the option is
used with just one argument, it will be interpreted as the file in which to store the password. Please notice that
the file containing the password will not be encrypted, but just obfuscated with a fixed key, therefore only trusted
user should be allowed to access it.

Once the password is saved, the program will exit. From that moment on, to launch a password-protected vnc session,
the following command must be issued:

$ x11vnc -rfbauth /path/to/passfile
Where, by default, /path/to/passfile will correspond to ~/.vnc/passwd.

----------
-passwdfile
----------
The third option we have is to use the -passwdfile flag. By using it the password for the connection is set by reading
the first line of an existing file, passed as the sole option argument. The behavior of the option can be further
modified by prefixing the file argument. For example, if the filename is prefixed with rm:, the file itself will be
deleted after its content has been read by the program. When using the cmd: prefix, instead, the string specified after
the prefix will be interpreted as an external command, and its output will be used as the password. Other prefixes can
be used with this option. For a complete reference you can consult the program’s manpage

----------
view only
----------
It is possible to use x11vnc so the created connection will run in view-only mode. This means that the connected
clients will only be allowed to observe the shared session, but will not be able to interact with it. To run in this
mode the program must be launched with the -viewonly option. It’s possible to setup a password spefic for this kind
of access, so to obtain a more grained setup. To obtain this result, the -viewpasswd option must be used, providing
the password as a string argument. This requires, however that a full-access password is also provided, using
the -passwd option we discussed above.


----------
Use an ssh tunnel
----------
To use an ssh tunnel, we must start the vnc server using ssh, with this command (this assumes that the default port is used):

ssh -t -L 5900:localhost:5900 remote-machine 'x11vnc -localhost -display :0'

You are probably familiar with ssh, but let’s analyze this command. First of all we ran ssh with the -t option, to
allocate a pseudo-terminal, and with the -L one, we basically said to forward port 5900 on our local (client) machine
to the same port on the remote machine. As you can see, the x11vnc command is launched with the -localhost option.
What this basically does is to only allow connections from the same machine the server is running on. This option is
also automatically used when using an ssl tunnel to avoid bypassing it. After that, we can start our vncviewer on the client:

$ vncviewer -PreferredEncoding=ZRLE localhost:0
Notice that we set the preferred encoding to ZRLE, this should help performance over ssh.

Tightvncserver

FUNGUJE TO ALE NENI TO ASI SIFROVANE!!
## remote control pres VNC ##
## !!! ZKRACENA VERZE - POJEDE POUZE PRES VNC !!!! ##
## v TigerVNC lze spoustet kontextove menu F8

## RPC - Remote PC
## LPC - Local PC

1) remote nainstalovat server
sudo apt-get install tightvncserver

2) remote spustit VNCserver + zadani hesla 2x + no
tightvncserver

3) remote - kontrola - mely by bezet porty 22 (ssh), 5901 (Xtightvnc)
netstat -lvn | less

4a) local - spustit remmina (popr. !!!nemam otestovane!! tigervnc, VNC Connect, Vinagre, TightVNC
Remmina funguje s nastavenim VNC a 192.168.0.55:5901

4b) local - nebo nainstaluji VNC klient GVNCVIEWER prikazem
sudo apt-get install gvncviewer
##a pokud na RPC je port 5901 zadam
gvncviewer 192.168.0.46:1

4c) local - nebo nainstaluji VNC klient XTIGHTVNCVIEWER prikazem
sudo apt-get install xtightvncviewer
##a pokud na RPC je port 5901 zadam
xtightvncviewer 192.168.0.46:1

## remote control TightVNC server / TigerVNC client FUNGUJE TO ALE NENI TO ASI SIFROVANE!!
## !!! DELSI VERZE POJEDE PRES VNC NEBO RDP !!!! ##
## v TigerVNC lze spoustet kontextove menu F8

## RPC - Remote PC
## LPC - Local PC

***!!!!mozna zkusit ale asi neni potreba predtim na RPC toto: export XAUTHORITY=$HOME/.Xauthority

1) remote nainstalovat xrdp
sudo apt-get install xrdp

2) remote nainstalovat server
sudo apt-get install tightvncserver

3) remote - kontrola - mely by bezet porty 22 (ssh), 3389 (xrdp)
netstat -lvn | less

4) remote spustit VNCserver + zadani hesla 2x + no
tightvncserver

5) remote - kontrola - mely by bezet porty 22 (ssh), 3389 (xrdp), 5901 (Xtightvnc)
netstat -lvn | less

6) remote editace xrdp.ini
sudo nano -c /etc/xrdp/xrdp.ini

7) remote pridani radku address=0.0.0.0 pod [globals]
address=0.0.0.0

8) remote restart xrdp sluzby
sudo service xrdp restart

9a) local - ve videu spusti ve widlich mstsc a prihlasi se na RPC (zadat ip) v linuxu treba remmina, tigervnc, VNC Connect, Vinagre, TightVNC
###192.168.0.xxx
### Remmina funguje

9b) local na linuxu spustim viewer / klient a port je 5901
### pokud neni nainstaleny tak sudo apt-get install xvnc4viewer
### nebo zkusit sudo apt-get install xtightvncviewer
vncviewer 192.168.0.46::5901


10) spusti se login to xrdp - zadam id a pass

----------
## pokud nefachci pripojeni pres RDP otestovat pro RDP toto>>>
xfreerdp
----------


## pokud nefachci pripojeni pres RDP otestovat pro RDP toto>>>
Use port=tcp://:3389
I managed to get IPv4 port listening on Ubuntu 20.04 with these steps:

sudo nano /etc/xrdp/xrdp.ini
Change port=3389 to
port=tcp://:3389
& save,exit
sudo systemctl restart xrdp
sudo service xrdp restart


##Works as well with Debian 11 bullseye and brings up the rdp-server as 0.0.0.0:3389 instead of :::3389 in sudo netstat -tulpen

## tento zpusob testuji - funguje ale nechce se zvetsit okno nahlizeni

##1) na vzdalenem /remote pc provedu toto
sudo apt-get update
sudo apt-get install x11vnc net-tools

## 2) vytvorim heslo // na remote PC
x11vnc -storepasswd

## 3) Start X11VNC Server na remote PC // The VNC server will start on default port 5900. In case the port 5900 is busy with some other service, it will automatically select the next available port like 5901.
sudo x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/uzivatel/.vnc/passwd -rfbport 5900 -shared

## 4) na lokalnim PC spustim prohlizec VNC
vncviewer 192.168.0.xxx:0

## 5) pokud chci autostart pri restartu // Setup AutoStart on Boot //Finally setup the auto start of x11vnc server on system boot. Create a x11vnc.conf file under /etc/init/ directory using following content.
sudo nano /etc/init/x11vnc.conf

# description "Start x11vnc on system boot"
description "x11vnc"

start on runlevel [2345]
stop on runlevel [^2345]

console log

respawn
respawn limit 20 5

exec /usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/rahul/.vnc/passwd -rfbport 5900 -shared

XRDP

## sprava pomoci XRDP - testuji
1) nainstaluji na unix XRDP
sudo apt-get install xrdp

2) nainstaluji tightvncserver
sudo apt-get install tightvncserver
spustim pomoci tightvncserver

3) nainstaluji remmina

4) pripisu do souboru /etc/xrdp/xrdp.ini do sekce [globals] toto:
address=0.0.0.0

5) restartuju RDP
sudo service xrdp restart

) pripojit se pomoci RDP

TightVNC na pc ktery chci ovladat spustim vncserver
(sudo apt-get install vnc4server)
na pc kterym chci ovladat spustim vncviewer {ip.adresa.ovladaneho-pc}:0 nebo :1

## How to connect to VNC using SSH
You will instruct SSH to create a local tunnel that forwards localhost on port 5901 to a remote machine’s port 5901, only through the default SSH port (22).
That, of course, means you must have access to the remote machine, via port 22. If you don’t have access to the remote machine, through SSH, this won’t work.

## What you need
Local machine: SSH and a VNC viewer
Remote machine: Openssh-server and a VNC server (such as TightVNC)

## On Remote run tightvncserver
sudo /usr/bin/tightvncserver :1

## On local install viewer xtightvncviewer
sudo apt-get install xtightvncviewer


## Create the tunnel
ssh -L 5901:localhost:5901 USER@REMOTE_IP <===> create the tunnel that routes packets from localhost (at port 5901) to the remote host (at port 5901) through port 22. Where USER is the remote username and REMOTE_IP is the remote IP address.

## Connecting your VNC Client
Now you need to fire up your VNC client. It won’t matter what client you use. What does matter, however, is the address you use to make the connection.
Instead of entering, say, 192.168.1.83:5901 for the remote address, enter localhost:5901. Why? Because we’ve created an SSH tunnel from localhost:5901 to
REMOTE_IP:5901 (where REMOTE_IP is the IP address of the remote machine). Once you click connect, your VNC client will use the encrypted SSH tunnel and make
the connection between local and remote machines on port 5901. You should then be able to work on the remote desktop, using VNC, thanks to SSH.