[mythtv-users] vnc on headless backend
beww at beww.org
Sun Dec 6 21:00:04 UTC 2009
On Sunday 06 December 2009 01:36:19 pm Michael Lemstad Maymann
> On Sun, 2009-12-06 at 19:39 +0000, Mike Perkins wrote:
> > Robert Johnston wrote:
> > > On 06/12/2009 2:49 AM, Michael Lemstad Maymann wrote:
> > >> Hi Robert,
> > >> Thanks for your reply :-)
> > >> I know VNC is not the most secure solution - but that's ok for this
> > >> task...
> > >> Also, I can only find XMing for Windows - I'm running MythBuntu
> > >> Is it for Linux also ?
> > >
> > > If you're connecting from one linux box to another, it's even easier.
> > >
> > > Just type "ssh -X username at remotehost".
> > >
> > > That'll give you a terminal with X forwarded. So you can type
> > > "mythtv-setup" and get it on your local machine.
> > Sod's law says that if you do that it might not work because of security
> > restrictions. try
> > ssh -Y username at remotehost
> > instead, which will allow you to bypass some restrictions - should be
> > safe for a home network.
> Hi Mike & Robert,
> Thanks for your reply...
> I would like to use vnc (I know of the security issues this involves) -
> I have to connect through a NAT device from Internet sometimes - anyone
> know how to do this ?
Use port forwarding on your NAT router, to send incoming traffic to the
machine you want to communicate with.
Although very dangerous, you could set up your machine as the "DMZ"
machine in your router.
As you mentioned, this is risky, there are several ways to increase security.
Port Knocking comes to mind. Or, if your router allows it, forward the port
only at certain times of day, or only from certain IP ranges.
But ssh with X forwarding is the way to go IMHO. I can't think of anything
you would do with VNC that couldn't be done with ssh.
Or set up a VPN if you can. In fact, today's freshmeat had a new Linux VPN
It helps to run ssh on a non-standard port (something other than port 22),
this reduces breakin attempts greatly.
More information about the mythtv-users