diff options
| author | runge <runge> | 2006-09-21 02:11:14 +0000 |
|---|---|---|
| committer | runge <runge> | 2006-09-21 02:11:14 +0000 |
| commit | dea53c22101473a58bfb113529713383203c80df (patch) | |
| tree | 7f1bac1c1efbd1dc644853c6758199d2d7a187c5 /x11vnc/README | |
| parent | 52ed38f64789b9500d3d2e8b616aa5d1a01d5c57 (diff) | |
| download | libtdevnc-dea53c22101473a58bfb113529713383203c80df.tar.gz libtdevnc-dea53c22101473a58bfb113529713383203c80df.zip | |
x11vnc: -unixpw_cmd, -passwfile cmd:/custom:, -sslnofail, -ultrafilexfer
Diffstat (limited to 'x11vnc/README')
| -rw-r--r-- | x11vnc/README | 204 |
1 files changed, 138 insertions, 66 deletions
diff --git a/x11vnc/README b/x11vnc/README index 9c66244..b5fce8e 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -1,5 +1,5 @@ -x11vnc README file Date: Sun Sep 17 19:51:07 EDT 2006 +x11vnc README file Date: Wed Sep 20 20:05:35 EDT 2006 The following information is taken from these URLs: @@ -5627,10 +5627,9 @@ EndSection -permitfiletransfer" options (UltraVNC incorrectly uses the RFB protocol version to determine if its features are available, so x11vnc has to pretend to - be version 3.6). - - If you find any bugs or performance issues with the file transfer, - please report them to the [621]LibVNCServer team. + be version 3.6). As of Sep/2006 "-ultrafilexfer" is an alias for these + two options. Note that running as RFB version 3.6 may confuse other + VNC Viewers. Q-101: Can I (temporarily) mount my local (viewer-side) Windows/Samba @@ -5639,7 +5638,7 @@ EndSection You will have to use an external network redirection for this. Filesystem mounting is not part of the VNC protocol. - We show a simple [622]Samba example here. + We show a simple [621]Samba example here. First you will need a tunnel to redirect the SMB requests from the remote machine to the one you sitting at. We use an ssh tunnel: @@ -5676,7 +5675,7 @@ d,ip=127.0.0.1,port=1139 far-away> smbumount /home/fred/smb-haystack-pub At some point we hope to fold some automation for SMB ssh redir setup - into the [623]Enhanced TightVNC Viewer package we provide (as of Sep + into the [622]Enhanced TightVNC Viewer package we provide (as of Sep 2006 it is there for testing). @@ -5686,7 +5685,7 @@ d,ip=127.0.0.1,port=1139 You will have to use an external network redirection for this. Printing is not part of the VNC protocol. - We show a simple Unix to Unix [624]CUPS example here. Non-CUPS port + We show a simple Unix to Unix [623]CUPS example here. Non-CUPS port redirections (e.g. LPD) should also be possible, but may be a bit more tricky. If you are viewing on Windows SMB and don't have a local cups server it may be trickier still (see below). @@ -5758,7 +5757,7 @@ d,ip=127.0.0.1,port=1139 "localhost". At some point we hope to fold some automation for CUPS ssh redir setup - into the [625]Enhanced TightVNC Viewer package we provide (as of Sep + into the [624]Enhanced TightVNC Viewer package we provide (as of Sep 2006 it is there for testing). @@ -5769,8 +5768,8 @@ d,ip=127.0.0.1,port=1139 Audio is not part of the VNC protocol. We show a simple Unix to Unix esd example here (artsd should be - possible too, and perhaps even one or both of these have been ported - to Windows so you can redirect the sound there). + possible too, we have also verified the esd Windows port works for the + method described below). First you will need a tunnel to redirect the audio from the remote machine to the one you sitting at. We use an ssh tunnel: @@ -5791,7 +5790,8 @@ way.east 'x11vnc -localhost -display :0' sitting-here> esd -promiscuous -port 16001 -tcp -bind 127.0.0.1 See the esd(1) man page for the meaning of the options (the above are - not very secure). + not very secure). (This method also works with the EsounD windows port + esd.exe) To test this sound tunnel, we use the esdplay program to play a simple .wav file: @@ -5858,8 +5858,8 @@ or: the applications will fail to run because LD_PRELOAD will point to libraries of the wrong wordsize. * At some point we hope to fold some automation for esd or artsd ssh - redir setup into the [626]Enhanced TightVNC Viewer package we - provide (as of Sep 2006 it is there for testing). + redir setup into the [625]Enhanced TightVNC Viewer package we + provide (as of Sep/2006 it is there for testing). Q-104: Why don't I hear the "Beeps" in my X session (e.g. when typing @@ -5870,9 +5870,9 @@ or: in Solaris, see Xserver(1) for how to turn it on via +kb), and so you won't hear them if the extension is not present. - If you don't want to hear the beeps use the [627]-nobell option. If + If you don't want to hear the beeps use the [626]-nobell option. If you want to hear the audio from the remote applications, consider - trying a [628]redirector such as esd. + trying a [627]redirector such as esd. @@ -6509,14 +6509,13 @@ References 618. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer - 621. http://sourceforge.net/projects/libvncserver - 622. http://www.samba.org/ - 623. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html - 624. http://www.cups.org/ + 621. http://www.samba.org/ + 622. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html + 623. http://www.cups.org/ + 624. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html 625. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html - 626. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html - 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell - 628. http://www.karlrunge.com/x11vnc/index.html#faq-sound + 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell + 627. http://www.karlrunge.com/x11vnc/index.html#faq-sound ======================================================================= http://www.karlrunge.com/x11vnc/chainingssh.html: @@ -7692,12 +7691,13 @@ http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html: Enhanced TightVNC Viewer The Enhanced TightVNC Viewer package is a project to add some patches - to the long neglected Unix TightVNC Viewer. It also adds a GUI for - Windows and Unix that automatically starts up a STUNNEL SSL tunnel for - SSL connections to [1]x11vnc (or any other VNC Server also running an - SSL tunnel, such as STUNNEL, at their end), and then launches the - TightVNC Viewer. The front-end program can also be used to set up SSH - tunnelled connections instead. + to the long neglected Unix TightVNC Viewer. + + It also adds a front-end GUI for Windows and Unix that automatically + starts up a STUNNEL SSL tunnel for SSL connections to [1]x11vnc (or + any other VNC Server also running an SSL tunnel, such as STUNNEL, at + their end), and then launches the TightVNC Viewer. The front-end + program can also be used to set up SSH tunnelled connections instead. Patches were created for the TightVNC 1.3dev7 vnc_unixsrc tree (and various wrappers written) to add these features: @@ -7716,7 +7716,7 @@ Enhanced TightVNC Viewer to a simple fixed port sequence and one-time-pad implementation, a hook is also provided to run any port knocking client before connecting. - * You can also use your own, e.g. UltraVNC or RealVNC, VNC Viewer + * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, with the front-end if you like. * Sets up any additional SSH port redirections that you want. @@ -7764,15 +7764,15 @@ Enhanced TightVNC Viewer (and there should be kinks to work out). This package can be downloaded here: - [8]enhanced_tightvnc_viewer-1.0.3.zip All Unix and Windows + [8]enhanced_tightvnc_viewer-1.0.4.zip All Unix and Windows binaries and source. (~6MB) - [9]enhanced_tightvnc_viewer-1.0.3.tar.gz All Unix and Windows + [9]enhanced_tightvnc_viewer-1.0.4.tar.gz All Unix and Windows binaries and source. (~6MB) - [10]enhanced_tightvnc_viewer_all-1.0.3.zip All Unix and Windows + [10]enhanced_tightvnc_viewer_all-1.0.4.zip All Unix and Windows binaries and source and full archives in zip dir. (~9MB) - [11]enhanced_tightvnc_viewer_windows_only-1.0.3.zip Only the Windows bin + [11]enhanced_tightvnc_viewer_windows_only-1.0.4.zip Only the Windows bin aries. (~4MB) - [12]enhanced_tightvnc_viewer_no_windows-1.0.3.tar.gz No Windows binaries. + [12]enhanced_tightvnc_viewer_no_windows-1.0.4.tar.gz No Windows binaries. (~2MB) Sorry for the inconvenience of lumping all the Unix binaries and @@ -7805,7 +7805,7 @@ aries. (~4MB) [17]http://www.chiark.greenend.org.uk/~sgtatham/putty/ It is my belief (but I cannot be absolutely sure) that the bundle - enhanced_tightvnc_viewer_no_windows-1.0.3.tar.gz contains no + enhanced_tightvnc_viewer_no_windows-1.0.4.tar.gz contains no cryptographic software (again, if your situation warrants, you will need to check). This "no_windows" tarball only contains software (from the above URL's and elsewhere) that will use cryptographic software @@ -7879,17 +7879,24 @@ The enhanced TightVNC viewer features are: - xgrabserver support for fullscreen mode, for old window managers (-grab option, Unix only). + - Create or Import SSL Certificates and Private Keys. + - Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. - Port Knocking for "closed port" SSH/SSL connections. In addition - to a simple fixed port sequence implementation and one-time-pad, + to a simple fixed port sequence and one-time-pad implementation, a hook is also provided to run any port knocking client before a connecting. + - You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, + with the front-end if you like. + + - Sets up any additional SSH port redirections that you want. + Your package should have included binaries for many OS's: Linux, Solaris, -FreeBSD, etc. See the subdirectories of +FreeBSD, etc. Unpack your archive and see the subdirectories of ./bin @@ -7915,7 +7922,8 @@ README is in) and like this: The programs: ------------ -The wrapper scripts: +Unpack your archive, and you will see "bin", "Windows", "src" directories +and other files. The wrapper scripts: ./bin/ssl_tightvncviewer ./bin/tightvncviewer @@ -7948,7 +7956,7 @@ assuming $HOME/bin is in your $PATH: "install" this package on Unix. -On Windows run: +On Windows unpack your archive and run: Windows/ssl_tightvncviewer.exe @@ -7956,6 +7964,9 @@ On Windows run: Examples: -------- +The following assume you are in the toplevel directory of the +archive you unpacked. + Use enhanced TightVNC unix viewer to connect to x11vnc via SSL: ./bin/ssl_tightvncviewer far-away.east:0 @@ -8028,12 +8039,16 @@ See also: Windows: ------- + Unpack the zip archive somewhere. + A wrapper to create a STUNNEL tunnel and then launch the Windows TightVNC viewer is provided in: Windows/ssl_tightvncviewer.exe - Just launch it and fill in the remote VNC display. + Just launch it (Start ... Run) and fill in the remote VNC + display then click "Connect". You can make a shortcut if + you prefer. Click the Help buttons for more info. There is also a Windows/README.txt file. @@ -8051,11 +8066,11 @@ References 5. http://www.karlrunge.com/x11vnc/index.html#faq-smb-shares 6. http://www.karlrunge.com/x11vnc/index.html#faq-cups 7. http://www.karlrunge.com/x11vnc/index.html#faq-sound - 8. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer-1.0.3.zip - 9. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer-1.0.3.tar.gz - 10. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer_all-1.0.3.zip - 11. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer_windows_only-1.0.3.zip - 12. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer_no_windows-1.0.3.tar.gz + 8. http://www.karlrunge.com/x11vnc/etv/enhanced_tightvnc_viewer-1.0.4.zip + 9. http://www.karlrunge.com/x11vnc/etv/enhanced_tightvnc_viewer-1.0.4.tar.gz + 10. http://www.karlrunge.com/x11vnc/etv/enhanced_tightvnc_viewer_all-1.0.4.zip + 11. http://www.karlrunge.com/x11vnc/etv/enhanced_tightvnc_viewer_windows_only-1.0.4.zip + 12. http://www.karlrunge.com/x11vnc/etv/enhanced_tightvnc_viewer_no_windows-1.0.4.tar.gz 13. http://www.tightvnc.com/ 14. http://www.realvnc.com/ 15. http://www.stunnel.org/ @@ -8073,7 +8088,7 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.8.3 lastmod: 2006-09-17 +x11vnc: allow VNC connections to real X11 displays. 0.8.3 lastmod: 2006-09-20 x11vnc options: -display disp -auth file -id windowid @@ -8083,13 +8098,14 @@ x11vnc options: -24to32 -scale fraction -scale_cursor frac -viewonly -shared -once -forever -loop -timeout n - -inetd -nofilexfer -http - -http_ssl -connect string -connect_or_exit str - -vncconnect -novncconnect -allow host1[,host2..] - -localhost -nolookup -input string - -grabkbd -grabptr -viewpasswd string - -passwdfile filename -unixpw [list] -unixpw_nis [list] - -display WAIT:... -ssl [pem] -ssltimeout n + -inetd -nofilexfer -ultrafilexfer + -http -http_ssl -connect string + -connect_or_exit str -vncconnect -novncconnect + -allow host1[,host2..] -localhost -nolookup + -input string -grabkbd -grabptr + -viewpasswd string -passwdfile filename -unixpw [list] + -unixpw_nis [list] -unixpw_cmd str -display WAIT:... + -ssl [pem] -ssltimeout n -sslnofail -ssldir [dir] -sslverify [path] -sslGenCA [dir] -sslGenCert type name -sslEncKey [pem] -sslCertInfo [pem] -sslDelCert [pem] -stunnel [pem] -stunnel3 [pem] @@ -8173,7 +8189,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.8.3 lastmod: 2006-09-17 +x11vnc: allow VNC connections to real X11 displays. 0.8.3 lastmod: 2006-09-20 (type "x11vnc -opts" to just list the options.) @@ -8470,10 +8486,11 @@ Options: change the global or per-client viewonly state the filetransfer permissions will NOT change. - Note, to *enable* UltraVNC filetransfer (currently +-ultrafilexfer Note, to *enable* UltraVNC filetransfer (currently disabled by default, this may change...) and to get it to work you probably need to supply these libvncserver options: "-rfbversion 3.6 -permitfiletransfer" + "-ultrafilexfer" is an alias for this combination. -http Instead of using -httpdir (see below) to specify where the Java vncviewer applet is, have x11vnc try @@ -8587,20 +8604,59 @@ Options: -passwdfile filename Specify the libvncserver password via the first line of the file "filename" (instead of via -passwd on the command line where others might see it via ps(1)). - See below for how to supply multiple passwords. + + See the descriptions below for how to supply multiple + passwords, view-only passwords, to specify external + programs for the authentication, and other features. If the filename is prefixed with "rm:" it will be removed after being read. Perhaps this is useful in - limiting the readability of the file. In general, - the password file should not be readable by untrusted - users (BTW: neither should the VNC -rfbauth file: - it is NOT encrypted, only obscured). + limiting the readability of the file. In general, the + password file should not be readable by untrusted users + (BTW: neither should the VNC -rfbauth file: it is NOT + encrypted, only obscured with a fixed key). If the filename is prefixed with "read:" it will - periodically be checked for changes and reread. - - Note that only the first 8 characters of a password - are used. + periodically be checked for changes and reread. It it + guaranteed to be reread just when a new client connects + so that the latest passwords will be used. + + If "filename" is prefixed with "cmd:" then the + string after the ":" is run as an external command: + the output of the command will be interpreted as if it + were read from a password file (see below). If the + command does not exit with 0, then x11vnc terminates + immediately. To specify more than 1000 passwords this + way set X11VNC_MAX_PASSWDS before starting x11vnc. + The environment variables are set as in -accept. + + Note that due to the VNC protocol only the first 8 + characters of a password are used (DES key). + + If "filename" is prefixed with "custom:" then a + custom password checker is supplied as an external + command following the ":". The command will be run + when a client authenticates. If the command exits with + 0 the client is accepted, otherwise it is rejected. + The environment variables are set as in -accept. + + The standard input to the custom command will be a + decimal digit "len" followed by a newline. "len" + specifies the challenge size and is usually 16 (the + VNC spec). Then follows len bytes which is the random + challenge string that was sent to the client. This is + then followed by len more bytes holding the client's + response (i.e. the challenge string encrypted via DES + with the user password in the standard situation). + + The "custom:" scheme can be useful to implement + dynamic passwords or to implement methods where longer + passwords and/or different encryption algorithms + are used. The latter will require customizing the VNC + client as well. One could create an MD5SUM based scheme + for example. + + File format for -passwdfile: If multiple non-blank lines exist in the file they are all taken as valid passwords. Blank lines are ignored. @@ -8763,6 +8819,17 @@ Options: to use -users unixpw= to switch the process user after the user logs in. +-unixpw_cmd str As -unixpw above, however do not use su(1) but rather + run the externally supplied command "str". The first + line of its stdin will the username and the second line + the received password. If the command exits with status + 0 (success) the VNC client will be accepted. It will be + rejected for any other return status. Dynamic passwords + and non-unix passwords can be implemented this way by + providing your own custom helper program. Note that + under unixpw mode the remote viewer is given 3 tries + to enter the correct password. + -display_WAIT :... A special usage mode for the normal -display option. Useful with -unixpw, but can be used independently of it. If the display string begins with WAIT: then @@ -8940,6 +9007,11 @@ Options: Set to zero to poll forever. Set to a negative value to use the builtin setting. +-sslnofail Exit at the first SSL connection failure. Useful when + scripting SSL connections (e.g. x11vnc is started via + ssh) and you do not want x11vnc waiting around for more + connections, tying up ports, etc. + -ssldir [dir] Use [dir] as an alternate ssl certificate and key management toplevel directory. The default is ~/.vnc/certs @@ -11473,7 +11545,7 @@ n stunnel, ssl, unixpw, WAIT, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, - storepasswd, crash. + storepasswd, passwdfile, custom_passwd, crash. See each option's help to learn the associated external command. Note that the -nocmds option takes precedence |