Обновите ArcaOS до уровня NeoWPS
- Установите набор PNG иконок, нарисованных дизайнером, специализирующемся на оформлении OS/2
- Установите eSchemes 2018, чтобы менять цвета и кнопки на рабочем столе
TITLE: Secure PMVNC with SSH
DATE: 2004-11-01 10:38:13
AUTHOR: Eugene Romanenko
|Вам нужен переводчик|
Перейдите на сайт http://translate.google.com
и запросите перевод http://en.ecomstation./showarticle.php?id=119
на свой язык
VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office eComStation machine on your Windows PC at home. VNC is freely and publicly available and is in widespread active use by millions throughout industry, academia and privately.
To establish secure VNC connection follow this instructions:
On server, you will need 2 packages (both made by nickk, both
can be downloaded from Hobbes):
- Install Security/2 package: just execute install.exe and follow
instructions. Select "No local logon" during install. Reboot system.
- Change root password using "user" command. Type at cmd prompt:
'user -c root' - it will ask about new password.
- Install OpenSSH: unpack distributive into, for example, 'c:\ssh'
directory. Copy 'ssh' directory from c:\ssh\etc to your ETC path.
- Generate server keys: execute command in c:\ssh:
ssh-keygen -t dsa -f %ETC%\ssh\ssh_host_dsa_key -N ""
- Run sshd. (Use -d switch for debugging, if all works ok - run sshd.exe
- Also you need change PMVNC settings to allow accepting connections
from localhost and, optionally, disallow any other connection.
These settings not present in properties dialog, but may be changed
by editing profile. PMVNC store settings in User profile file under the
ER_PMVNCD key. Use INI-editor or regedit2 to alter these options.
Options are string type, even if represents numeric values.
Add "AllowLoopback" string type option under ER_PMVNCD key,
and set value to "1". If you want use only secure connections with VNC,
then add "LoopbackOnly" option with value "1". For more
information about these options see pmvnc.html from PMVNC distributive,
"Hidden settings" section.
- Restart PMVNC after changing profile data.
- Unpack ssh distributive into, for example, 'c:\ssh' directory.
- Execute command in c:\ssh:
ssh -l root -2 -N -L 5900:127.0.0.1:5900 server_host
connect as user "root" to server_host and also listen on local
port 5900, all connections to local port 5900 route to port 5900
of server host using secure tunnel.
On first connect you may see message
The authenticity of host '...' can't be established.
DSA key fingerprint is ....
Are you sure you want to continue connecting (yes/no)?
Then ssh will ask about password. Type password which you set at
step 2 of server setup.
SSH session will be started.
- Execute Vncviewer. It will ask about vncserver location. Type
127.0.0.1:0 and connect.
You may run VNC session several times while SSH session is up.
To close SSH session press Ctrl-C in SSH window.
- Client setup procedure is same on any operating system, just use
ssh distibution for OS which you use.
- SSH switch -N needed to workaround OpenSSH/2 problem - if cmd.exe used
as user shell, sshd will echo client input, and binary protocols (like
VNC) will not work. -N switch disables execution of user shell on server.
- SSH can compress traffic (useful for modem connections).
Use -C option for ssh to enable compression.
|David van Enckevort |
Actually you do not need to login with the root account with SSH, since VNC doesn't use priviledged ports. So any account on the server should be good. From a security point of view it is always a good idea only login as root if really necessary.
Besides many servers disallow remote root logins. (sshd_config: PermitRootLogin).
|Bernd Schemmer |
I'm using this approach the other way around: The server runs on a Solaris machine and the viewer runs on OS/2 . Works - but compared to Winxx the VNC viewer for OS/2 is very slow. If someone knows another viewer for OS/2 that is faster I would be glad to test it
Прокомментируйте эту статью (напоминаем, автор работал над текстом несколько недель, уважайте мнение других).
Готовая eComStation на SSD диске
IBM OS/2 Warp