New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Get a linux vps with centos 7 and do the following.. Works on ovz7/kvm/xen
Hope it helps..
@niceboy - good opinion but: VNC is so slow, lazy and generally insecure technology.
@JoeBiss - you need a Windows VPS or Dedicated Server. 2012 R2 with 2GB/2CPU should be enough.
I like NoMachine for virtual desktops. Seems to be much faster than VNC and X2go.
How to use that on my windows and link it to my linux?
download NoMachine for both machines and install it. It has Windows and Linux packages. Make sure port 4000 is open on both.
Thanks! I am in. Was very easy.
Be really careful exposing windows machines to the internet, especially with RDP enabled...lots of vulnerabilities!
Your best option would be to install Windows with a Wireguard VPN connection and a firewall blocking RDP and all other ports on the public IP; except for your chosen VPN port. Connect to the VPN and then RDP, fast and secure!
What do you do for starting on boot automatically?
Welp, that helped me for sure, Thanks
I use these code to setup ubuntu rdp
Speaking of remote desktop, anyone know how to limit cpu usage for Windows VPS? It can be easily done on linux but not Windows.
Thanks for the idea. I use Port knocking to open the RDP port (VNC listening in a different port) allowing my ip.
probably, putting last vncserver command in a reboot crontab should do it. I just enable my vncserver only when I need and all the other time, its kept disabled.
sudo apt install xrdp openbox obconf obmenu tint2 xterm
nano ~/.xession
exec openbox-session
sudo nano /etc/xdg/openbox/autostart
tint2 &
sudo service xrdp restart
Windows, Linux, rdp, vnc, whatever, be careful exposing any remote access to the internet.
Using ssh, with a local port forward, to start up a vnc session and connect to said vnc session is going to be much more secure than vnc by itself, for example. (Although Nomachine and x2go already use ssh/encryption by default.)
ssh [email protected] -L5902:localhost:5901
(enter your password -- unless you use ssh-keygen, pagent, etc.)
vncserver :1
(start your vnc client and point it to localhost:5902)
Putty (terminal emulator/ssh client) and it's related programs are quite usable in a Windows environment. (To configure the local forwarding in the putty UI, go to
Connection\SSH\Tunnels
Source port is the local port (5902 in the above) and Destination ishost:port
(thelocalhost:5901
from above.)Note that Destination is relative to the remote host and it is also common to use the ssh connection to one machine as a gateway to another machine on the same network, if i.e. it doesn't have an ssh server or external port.) Also note that you type
vncserver :1
on the remote after you are logged in.(MobaXterm is excellent as well, but for some reason they separate tunnels from the terminal connection. Has a built in Xserver, which is great for quick little things like
xfe &
, but don't expect to watch video on an xclient running over a network--even a local network.)Someone else mentioned using a VPN, which is totally valid, but personally I find it easier to make a quick ssh connection with only the ports that I need. A VPN is set and forget, but typically takes a lot more upfront time to configure and debug. Ssh might also have an advantage because (other than ssh itself, which has seen a lot of "trial by fire") your remote services are typically only running while you are connected or only accessible from the local network or even just localhost.
People will be banging on your VNC port day and night. And they'll probably get in since VNC limits password length (to 8 I think?) and it's not encrypted.
Congrats on your first post (how did it take you so long?)
Based on your example, the second instance of 5902 should be 5901.
In fact, to keep it simpler, why not use 5901 for both the source and the destination port? In other words:
[email protected] -L 5901:localhost:5901
Thanks for update on security concern. As I said earlier, I run my vnc server when I need. The only advantage I can find is it runs any kind of virtualization(may be an idling ovz will do).
Windows Server on 2GB RAM can be slower than VNC.
You can go for windows Dedicated Server 2012 for remote access that will work more freely.
It depends of Windows VPS provider -> settings of cpu weight, cpu affinity etc.
2012 R2 with 2CPU/2GB/SSD can be more than enough for comfortable work.
Of course, not for <10€/Mo.
Cheers,
This increases the (non-existing) security of the VNC protocol in what way?
So basically you are allowing others to break into your VNC server "when you need it".
Well, at least with VNC you should by design of the protocol notice by yourself as soon as you are not the only one moving your mouse..
Or in other words: Do not directly expose things to the internet like VNC, IPMI, cameras etc. which are not designed to be exposed to untrusted networks. Just don't do it.
Then what about those proxmox VPS VNCs from the control panel. They are exposed automatically, and we have no way to secure them.
These are HTML5 websocket connections running with proper authentication in a TLS-encrypted tunnel from your browser. Those don't use the native VNC protocol over the internet, i.e. it's a completely different story.
oh, that's right. Thanks. Wait a minute, there is another control panel (solusvm) launched from the control panel. Not the VNC through the browser one. The 2nd (real) VNC is still exposed.
Thanks and LOL. Would you believe that this thread showed up in my news feed and I was so horrified by the talk of exposed VNC ports that I had to comment--and it turns out that I had set up an account Years Ago on lowendtalk for reasons... Long time lurker, I guess.
You are correct that many would use the same port for simplicity sake, but I wanted to use different ports in hope that my Putty example would be less confusing. I also find that I frequently use different local and remote ports; sometimes for organizational reasons, sometimes because the local port is already in use.
I'm not seeing the error? Note that vncserver :1 is run on the remote side (probably should have made that clearer--if you typed ssh... and your password, you should be at a remote prompt.) The local port 5902 is forwarded to remote port 5901 so you would point your local client at port 5902.
VNC is really outdated, sure I still use it every day, but that's in a LAN over a Gbit connection and practically zero ping. Otherwise it'd feel too slow, especially at scrolling stuff. For a modern solution better check out X2Go: https://wiki.x2go.org/doku.php/doc:newtox2go
Been meaning to try it myself, but don't need a remote desktop over the Internet for the moment.
ok. ok. you win Needs to allow a single vpn ip to vnc port thru my firewall. (Cant edit my post with bash script to indicate it). The idea is I really dont like spending for a Win vps for the sake of remote desktop.
Sorry, you're right, I simply misread your original formulation: what I pointed out wasn't a typo after all
The only thing that I would add to your post is that it would be a good idea to start
vncserver
(on the remote machine) with the flag-localhost=yes
in order to prevent external attempts to connect (I do this)Yeah, I've also wanted to try out X2Go, but it doesn't seem to be often used on Linux (on BSD even less so). I've tended to associate it more with Windows and Mac OS than with Linux. I wonder how easy/hard it is to compile on Linux and BSD.
The X2Go server only runs on Linux. So maybe you're mistaking it for something else. And given that, I doubt the client support would be somehow worse on Linux specifically.