Lubuntu, VNC, and SSH

This is a post for remembering. Not that it will be memorable but because I want to remember it. I now have a VPS, and never having played with these things in the past I need to remember what I did to access it. 

Initially I have SSH. So I can access the command line, so I am starting with bear skins and stone knives. What I want to to access a remote desktop securely. This probably means VNC/Vino/other(?) over SSH or SSL.

What are my choices. A "recent" post in the thread at [4] seems to give me the following choices.

• X/Windows nominal forwarding
• VNC
• RDP
• NX

The end result of this post was that you run VNC over SSH. The box already has a SSH server running so then its just a matter of tunneling to the VNC server. And making sure nobody else can use the VNC server. I may change my mind later but for now its VNC/SSH.

1. Is VNC installed on this machine?

dpkg --get-selections | grep vnc

Nope.

2. Is there even a desktop installed?
Ok, I assumed when I said Lubuntu I would get a desktop but no, they installed LTS. DOh!

lsb_release -aNo LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

3. Lets install a desktop, otherwise there is little point in this.

sudo apt-get install lubuntu-desktop 
sudi apt-get install lxde

This will take a while.

2. Install VNC server.


apt-get install tightvncserver

3. Create a startup script for tightvncserver
Create a file called tightvncserver in /etc/init.d. Ensure its owned by root and has the right privs using:

chmod 0755 tightvncserver

I downloaded a version from

http://www.penguintutor.com/otherfiles/tightvncserver-init.txt 

and modified it.

Here is a copy of my script.

#!/bin/sh
### BEGIN INIT INFO
# Provides:          tightvncserver
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start/stop tightvncserver
### END INIT INFO

# More details see:
# http://www.penguintutor.com/linux/tightvnc

### Customize this entry
# Set the USER variable to the name of the user to start tightvncserver under
# This should not be root!!!
export USER=''
### End customization required

eval cd ~$USER

case "$1" in
  start)
# -localhost forces tightvncserver to listen on loopback only, this is for SSH tunnel usage.
    su $USER -c '/usr/bin/tightvncserver -localhost :1'
    echo "Starting TightVNC server for $USER "
    ;;
  stop)
    pkill Xtightvnc
    echo "Tightvncserver stopped"
    ;;
  *)
    echo "Usage: /etc/init.d/tightvncserver {start|stop}"
    exit 1
    ;;
esac
exit 0
You can test the script using start and stop commands. We add the script to the default runlevels using:

sudo update-rc.d tightvncserver defaults 

Notice that in the script I have it listening only on localhost. This is important since I do not want VNC listening on an external port addressable from the Internet. Instead  I will create a SSH tunnel to connect to it from whatever client I will be connecting from.

Setting up the tunnel with putty is a case of setting the tunnels section for the remote and your localhost. In addition I set the normal session parameters for target IP for the server running ssh and the port its listening on. Once I connect with Putty the tunnel is open.




Then I can connect to the server with my tightvncclient using localhost:5901

References:
1. Installing a lightweight LXDE+VNC desktop environment on your Ubuntu/Debian VPS, http://www.vandorp.biz/2012/01/installing-a-lightweight-lxdevnc-desktop-environment-on-your-ubuntudebian-vps/#.VKmmO2MkTzc
2. Setting up an SSH tunnel with PuTTY, http://realprogrammers.com/how_to/set_up_an_ssh_tunnel_with_putty.html
3. Remote GUI access to a Linux computer using Tightvnc, http://www.penguintutor.com/linux/tightvnc
4. Lubuntu/Remote Desktop Problems, http://ubuntuforums.org/showthread.php?t=2231787