I'm trying to VNC into my KnoppMyth machine and it won't connect. I'm sure the problem is that I put in when I ran the server. The question now is, how do I change it? I would ultimately like to be able to VNC to my machine from anywhere on the internet. The specific error I'm getting in the VNC log is:

where x.x.x.x is obviously the IP address of the machine I'm trying to connect from. Can I just do or ? Or do I have to do ?

Any help would be greatly appreciated.

Thanks,
Phekno

How do you start the server? Just drop the parameter from the startup line. I use a vncserver startup script in /etc/init.d, that I cribbed from somewhere else (sorry, can't recall where). This dictates all my starup options. If you lose the parameter, anyone will be able to connect. Though if your box is facing the internet, you should think about running VNC over an SSH tunnel.

Here is a guide on doing VNC over SSH with smoothwall. You should be able to use the info on other firewalls.

http://martybugs.net/smoothwall/puttyvnc.cgi

Hmmmm....I guess I've never thought of running a Smoothwall firewall. Currently I'm just using a Linksys broadband wireless router primarily for the benefit of the wireless it provides. I do have a seperate machine sitting around that I could use as a firewall. It currently has Slackware on it but I don't see any reason why Smoothwall wouldn't work. I don't remember the command I used to start VNC server. I think I used the x11vnc Wiki page on KnoppMythWiki. Anyway, thanks for your help.

You can continue to use your linksys at the router. Forward port 22 on the linksys to port 22 on the Myth box. Then use the example on the smoothwall site. I do this almost daily.

To secure SSH a bit, put this line in your /etc/ssh/sshd_config and add the specific usernames you want to allow to connect.

AllowUsers fred, root, wendy

Restart the ssh daemon to apply changes: /etc/init.d/ssh restart

One more note about securing ssh.

By default, the nimrods who maintain various distros leave the root login enabled. It can be very convenient if you're on a private network, but anything with even a single port (particularly ssh) exposed to the internet is a nice juicy target.

All it takes is a simple edit to /etc/ssh/sshd_config to kill this feature. I suggest you do it to every linux distro you own. If you find a line that says PermitRootLogin = yes, change it to = no. That's all it takes. Restart the ssh daemon with /etc/init.d/ssh restart and you're good to go.

To their credit, some devs are disabling root logins via ssh now from the default installation, but alot are not. This can be a critical hole. I manage quite a few public linux servers and you wouldn't believe the number of automated ssh attemped logins these servers see every day. It's in the thousands..and generally comes from other misconfigured linux boxen.

Consider a tool such as sshdfilter if ssh brute force login attempts are a problem.

Here's a suggestion (at least if you are stuck with windows).
Look out on the web and find sshvnc (you can probably find it on SF). I found it and have been quite happy with it.
Here's how I have mine set up (and I'm not using the default ports which completely stopped the brute-force attacks).
laptop running XP --> netgear router forwarding ssh --> to file server (blag linux) --> Knoppmyth.

The sshvnc is designed to allow you to tunnel through an existing ssh connection to use VNC. I use it to connect to VNC sessions on the blag machine as well as have the VNC traffic forwarded on to the mythtv box. The setup is pretty easy.

L0o0ky