[mythtv-users] vnc on headless backend

Brian Wood beww at beww.org
Sun Dec 6 21:00:04 UTC 2009


On Sunday 06 December 2009 01:36:19 pm Michael Lemstad Maymann 
wrote:
> On Sun, 2009-12-06 at 19:39 +0000, Mike Perkins wrote:
> > Robert Johnston wrote:
> > > On 06/12/2009 2:49 AM, Michael Lemstad Maymann wrote:
> > >> Hi Robert,
> > >> Thanks for your reply :-)
> > >> I know VNC is not the most secure solution - but that's ok for this
> > >> task...
> > >> Also, I can only find XMing for Windows - I'm running MythBuntu 
9.10 -
> > >> Is it for Linux also ?
> > >
> > > If you're connecting from one linux box to another, it's even easier.
> > >
> > > Just type "ssh -X username at remotehost".
> > >
> > > That'll give you a terminal with X forwarded. So you can type
> > > "mythtv-setup" and get it on your local machine.
> >
> > Sod's law says that if you do that it might not work because of security
> > restrictions. try
> >
> > ssh -Y username at remotehost
> >
> > instead, which will allow you to bypass some restrictions - should be
> > safe for a home network.
> 
> Hi Mike & Robert,
> Thanks for your reply...
> I would like to use vnc (I know of the security issues this involves) -
> I have to connect through a NAT device from Internet sometimes - anyone
> know how to do this ?

Use port forwarding on your NAT router, to send incoming traffic to the 
machine you want to communicate with.

Although very dangerous, you could set up your machine as the "DMZ" 
machine in your router.

As you mentioned, this is risky, there are several ways to increase security. 
Port Knocking comes to mind. Or, if your router allows it, forward the port 
only at certain times of day, or only from certain IP ranges.

But ssh with X forwarding is the way to go IMHO. I can't think of anything 
you would do with VNC that couldn't be done with ssh.

Or set up a VPN if you can. In fact, today's freshmeat had a new Linux VPN 
client.

It helps to run ssh on a non-standard port (something other than port 22), 
this reduces breakin attempts greatly.


More information about the mythtv-users mailing list