Notices

hey guys,

Through help of various posts and my fellow talk.maemo users i finally got vnc working on my phone.
It now works on a private IP. That is i have to be on the same network on my phone as i am on my pc to connect.
Is there any way that i could connect my pc to my phone no matter wherever i am. ??
What are the pre-requisites for that/??

thanks in advance

somekeystrokes

You're using the N900 as the VNC server?

no mean im viewing my pc on n900.
that pc is the server.

Iam seeing my pc on my phone through a private ip. I want to see my pc through a public IP. so that no matter if iam on the same network or not, i ll be able to see my pc!

Okay, that's a lot easier then! Unless you have a static IP address assigned by your ISP then you'll want to set up dynamic DNS on your PC (see http://www.dyndns.com/). You'll also need to forward the necessary ports on your router (see http://www.realvnc.com/support/portforward.html).

The only issue is that the VNC protocol is unsecured - all traffic after the initial login is sent in the clear. To protect this you should use an encrypted tunnel, which is a little more complicated to setup, but I can write up some instructions if you want to do this.

pls do buddy,!
but just make sure its a detailed one. iam a newbie at networking.

Okay, here's the instructions for setting up SSH tunnelling - let me know if anything's unclear. All commands on the N900 should be run as the normal user, not as root.

SSH configuration for VNC

Prerequirements:

PC

Register your PC with a dynamic DNS provider (e.g. http://www.dyndns.com/) to give you a fixed DNS name you can use to reach it (the free option will provide all the necessary functionality). You'll also need to set up an update client on the PC/router in order to notify the DNS servers of the new IP address whenever it changes.

N900:

Install vncviewer and OpenSSH Client via the Application manager

Example data used in instructions (substitute your own values for these where used later on):

Registered dynamic DNS name for the PC: pc.dyndns.org
SSH user login: fred
SSH port: 522

On the router:

Ensure port 522 is allowed, and is forwarded to the PC.

On the N900:

From X Terminal, run "ssh-keygen -b 2048 -t rsa" to generate a public/private key pair. Choose a pass phrase - this will be required every time you connect (you can leave it blank, but I'd advise against this).

On the PC:

Download and install freeSSHd (http://www.freesshd.com/), setting it to run as a system service.
Double-click on the icon in the system tray.
Edit the settings:

Telnet: Disable starting server at startup.
SSH: Enable starting server at startup. Change the port to 522 to reduce random attacks (any other non-standard port will do). You may also need to disable the new console code (reported as causing issues under 64-bit Windows 7).
Authentication: Set password authentication to disabled and public key authentication to required.
Tunneling: Allow local port forwarding, only to localhost. Disable remote port forwarding.
Users: Add a new user fred (any name will do), set authorization to Public key, and enable Shell and Tunneling.

Click OK to close the freeSSHd settings window.
Copy and rename the public key from the N900 (/home/user/.ssh/id_rsa.pub) to C:\Program Files\freeSSHd\fred on the PC (the same name as you used for the user you created earlier, with no file extension).

On the N900:

Create a configuration file /home/user/.ssh/config (to simplify the connection strings):

Host pc.dyndns.org
IdentitiesOnly yes
PasswordAuthentication no
User fred
Port 522
LocalForward localhost:5900 127.0.0.1:5900

The tunnel should now be configured. You can start the tunnel from X Terminal by running "ssh pc.dyndns.org". You should be prompted for the pass phrase, then presented with the C:\ prompt. You can now run the VNC client, connecting to "127.0.0.1:0". To shut down the tunnel, simply type "exit" at the C:\ prompt.

Hi Rob1n,

Thanks for the great tut.

However I am getting an error saying "Permission Denied (Public Key)"

Im pretty sure that the actual connection is working, and if I enter a completely incorrect password it doesn't even try to authenticate.

I followed all the steps above without errors of any kind.

Any ideas?

Cheers
Jamie

the full log says this...

openSSH_5.1p1 Debian-6.maemo5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/user/.ssh/config
debug1: Applying options for www.***.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to www.***.com [IPWASHERE] port 522.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.1.3
debug1: no match: WeOnlyDo 2.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6.maemo5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '[www.***.com]:522' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).


*** domain names changed to protect the innocent =)

Can you try enabling the logs on the server (the Logging tab). This should report what the server thinks is going wrong.

Hi Rob1n,

Thanks for your assistance, I enabled Logging on the server but even after a few attempts no log file entries are being generated.

to ensure that I am actually getting through the firewall I disconnected the PC from the network and the ssh command just hangs waiting for a connection, so I assume that (when connected) the route through the firewall is correct.

stopping and starting the service generates entries into the log file. so the log file exists and is writable.

I'm running XP pro and have firewall software totally disabled.

Thanks again