How to access a machine through VNC using SSH?
Solution 1:
I'm a fan of x11vnc
. It's a simple VNC server and you won't have to mess around with Gnome settings or 500 firewalls, just install x11vnc
on all your computers (with puppet or whatever you're using for mass-control).
Then from your local computer run:
ssh user@host -L 5900:localhost:5900 "x11vnc -display :0 -noxdamage"
Obviously swapping user@host
for the username and hostname/IP of the remote computer.
And then use a VNC client of your choice to connect to localhost:5900
. The SSH command starts a vnc server on the remote computer and then tunnels back that port over SSH. You don't have to open up any ports (as long as you can already SSH).
If your computers have funny display settings, you might do better to leave off the -display :0
segment in the SSH command. x11vnc
will then automatically try to find the right display.
This method is better than just running a VNC server on every machine because you're not going to slow every machine down all the time. It's also considerably less of a security risk as the SSH user is the only person who's going to see the VNC server; always-visible, always-on VNC servers are popular target hacks.
Solution 2:
Use SSH to get to the machine. Ask gnome not to ask, "Are you sure?" after enabling the remote desktop access. Then enable remote access.
gconftool-2 -s -t bool /desktop/gnome/remote_access/prompt_enabled false
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
You could create scripts for this, too, maybe /usr/local/bin/start-remote-desktop.sh.
Use your favorite editor over vim if you like...
sudo vim /usr/local/bin/start-remote-desktop.sh
The contents of that file:
#!/bin/bash
gconftool-2 -s -t bool /desktop/gnome/remote_access/prompt_enabled false
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
Make it executable:
sudo chmod 0755 /usr/local/bin/start-remote-desktop.sh
Add it to your default user configuration:
sudo sh -c 'echo "/usr/local/bin/start-remote-desktop.sh" >> /etc/skel/.profile'
As far as the human factor goes in maintaining 500 workstations, you would love using CloneZilla. The one CloneZilla server provides pre-configured images for the workstations which can be installed over the network. You can even multicast them so that in just a few hours, to guess, all the workstations can be imaged with a common configuration, same version, etc... There's a good tutorial on dedoimedo.com.