Bullet-proof VNC remote access
By: Darren KitchenSecurely access your home computer while on the road
To many road worriers accessing a home computer while on the go is a blessing. Many solutions exist but non are as secure as tunneling VNC traffic through an SSH session. With the advent of free WiFi in hotels, airports, and restaurants securing ones traffic is ever more important. Let's take a look at the technology that will enable us to do this, and then get right into setting it all up.
Explanation of SSH, VNC, and Tunneling
SSH, or Secure Shell, is a protocol that enables secure communication between clients and servers through strong encryption. Typically it is used to access a command shell like BASH on UNIX and Linux or CMD on Windows. Using SSH for shell access is much more secure than the traditional Telnet protocol since data, including your password, is not transferred in "plain text", thus protecting you from eavesdroppers.
More information: http://en.wikipedia.org/wiki/Secure_shell
VNC is a protocol that enables remote desktop access to another computer. When a VNC client connects to a VNC server it is fed the server's desktop display while the server accepts the client's keyboard and mouse input. Using this software is virtually like sitting at the remote computer. VNC is open source and available under the General Public License with many variants to choose from. While VNC does not transmit passwords in "plain text" like Telnet it is simple to crack passwords using free tools. For this reason we will be using VNC through a SSH, which brings us to tunneling.
More information: http://en.wikipedia.org/wiki/VNC
Tunneling is a network protocol that allows one protocol to be encapsulated inside another. This is very similar to how corporate VPNs work but on a much simpler level. We will be encapsulating our VNC protocol traffic over our SSH protocol traffic by port forwarding TCP 5900 on the home PC to TCP 5900 on our remote PC using an SSH client.
More information: http://en.wikipedia.org/wiki/Tunneling_protocol
Prepping your home network for SSH traffic
In most cases home PCs are connected to a router which is in turn connected to a broadband Internet connection like Cable or DSL. Our first step in this instance is to port forward TCP port 22 from the router to the PC we wish to remotely and securely access. This process varies among router manufacturers but the basic principal remains the same. Login to the router (which can typically be found at http://192.168.1.1 or http://192.168.0.1) and find the port-forwarding menu. Enable TCP port 22 traffic to point to the IP address of your computer and click save.
Next we will need to open TCP port 22 in the firewall on your computer. If you are running Windows XP SP2 click Start, then Run, enter the following command and click OK.
NETSH FIREWALL ADD PORTOPENING TCP 22 SSH
Setting up your home PC
Setting up the PC is a pretty simple task split into two parts. First we need to install the VNC server, then the SSH server.
The VNC server I recommend is called Tight VNC and it can be downloaded at www.tightvnc.com. Download the latest version and install, choosing the default settings. Tight VNC will register itself as a service, meaning it will startup on its own. Once installation is complete we need to give VNC a password to accept. Next click the Advanced button and check the box labeled Allow loopback connections. Click ok on both menus and the server is setup.
Now we need to setup the SSH server. There are many freely available SSH servers but I recommend the light weight and simple freeSSHd. It can be downloaded from www.freesshd.com. Download and install the latest version choosing the default settings. Once installation is complete the SSH server should already be running. From here we just need to add a user account. To do so just double click the freeSSHd icon in the system tray and click the Users tab. Click the Add button and fill out the fields for login and password. Authorization should be set to "Password stored as SHA1 hash". Click Apply to create the user, then Apply & Save, and then Hide.
From here the home PC is all set, ready to accept remote desktop connections from the road. Let's take a look at how we do that.
Connecting to your home PC from afar
Just like setting up the home PC, connecting to it is done in two steps. First we will need to connect to the SSH server at home, then we will connect to the VNC server. Once both are complete you will be able to see you're desktop and interact with it as if you were sitting at home.
We'll start by connecting to the SSH server at home. To do this we'll need an SSH client. I recommend Putty. It's simple, secure, and gets the job done well. Putty can be downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/. There is no installation necessary, just run the Putty program. Once in Putty we'll need to enter just a few parameters. First we'll need to enter our home IP address in the Host Name (or IP address) field. If you don't know your home IP address you can find it by going to the website www.whatismyip.com from your home computer.
With your home IP entered click the Tunnels menu at the bottom left. In the Source Port field enter 5800, and in the Destination field enter 127.0.0.1:5800. To make life a lot easier you might want to save this session so you don't have to enter all this information every time you want to connect. To do so click the Sessions menu at the top left, enter a session name like "Home Computer" and click Save. Now to connect click the Open button.
A warning might appear if this is your first time connecting. This is simply asking you if you trust the computer you are connecting to. Click Yes and the warning will not appear again. You should now be at a command window being prompted for your username and password. Enter the username and password you created in freeSSHd and you will be greeted by a DOS prompt.
From here we have successfully connected to our computer at home and we can open the VNC remote desktop session by opening http://127.0.0.1:5800 in a web browser. You will be prompted for a password. This is the password you assigned in tightVNC. Once you have entered your password and clicked OK you will be greeted by your home computer's desktop. From here you can interact with it as if you were sitting right there at the keyboard and mouse!
RELATED WEBSITE LINKS
SSH Server http://freesshd.com/
SSH Client: http://www.chiark.greenend.org.uk/~sgtatham/putty/
VNC Server and Client: http://www.tightvnc.com/
ABOUT THE GUEST
Darren Kitchen has been hacking around with computers since the days of the 1200 baud modem. He is currently the producer and co-host of the Internet TV show Hak.5, a variety tech show for hackers and do-it-yourselfers, and a co-host on The War Room, an online radio show about World of Warcraft with Jenn Cutter.
posted by Surinder Rinku @ 6:47 PM
<< Home