Tuesday, September 2, 2008

Back to my linux

Recently I had to set up linux for my niece, which is eight years old. Besides making the system obscenely simple (that would be subject for a separate post), I was challenged to find a way to get back to her computer, should the need arise.

As the computer will be behind a NATing router, simply opening the ports was not sufficient. There had to be a way for me to connect to her computer. Here is what I have done:

I placed on her desktop icon of rescue buoy that was launching following shell script:

#!/bin/sh
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true &&
xterm -e ssh -R 2000:127.0.0.1:5900 feshuk-amalia@callback.mycompany.com
gconftool-2 -s -t bool /desktop/gnome/remote_access/
enabled false

To make the gnome's builtin VNC server vino to accept incoming connections, I set up it's preferences and password using following commands:
vino-preferences
vino-passwd

I chose vino over x11vnc server, as it has intrinsic awareness about the windows and background (which it can effectively hide) thus being more traffc-effective, whereas x11vnc treats the whole screen as an image.

Update 20090704: Users with NVidia card might have problems with vino (#353126). One of the workarounds is to use x1vnc server using following command:
x11vnc -display :0.0

The script would make vino to accept VNC connections and execute ssh port forwarding feature, that essentially logins into the feshuk-amalia@callback.mycompany.com, starts listening on port 2000 and redirects the port to 127.0.0.1:5900 on her's local machine.

To allow password-less logon, ssh keypair was created, and the public key was copied to /home/feshuk-amalia/.ssh/authorized_keys on the computer callback.mycompany.com.

This way, should she need my help, all she needs to do is to call me by phone, double click on the "Help me" icon and wait for me. Then all I need is to connect to the port 2000 on the callback.mycompany.com machine using following command:

xvncviewer -via root@callback.mycompany.com 127.0.0.1::2000

Once I enter VNC password, I have full access to display, mouse and keyboard of her computer, to install new game or explain how to play in already installed ones.