Use VNC + SSH to establish secure remote desktop access to WINDOWS Server, vncssh

Source: Internet
Author: User
Tags remote desktop access windows remote desktop

Use VNC + SSH to establish secure remote desktop access to WINDOWS Server, vncssh

MONO, which has been used for a period of time, now supports entity framework 6. However, there are still many pitfalls in using MYSQL in LINUX. In addition, it took a lot of time to expand some functions on the online game server SCUT because the MONO and. NET behavior methods were inconsistent. Although mono can save performance overhead, it sacrifices the convenience of the windows suite itself. The advantages of Microsoft's development tools are originally convenient during development. Therefore, if you want to develop well, it is better to use windows server and SQL SERVER. Moreover, windows server does not seem to have any running mode on the desktop. How can I try it.

Windows Remote Desktop only supports logon using the user name and password, which is not secure. However, many convenient tools on LINUX have WINDOWS versions.

This time, SecureCRT, RealVNC server, and Cygwin are used to build a remote desktop using RSA key file encrypted login and SSH encrypted channel on windows server.

First, configure the server:

First, download the latest cygwin version on the cygwin website. Based on the machine's CPU and operating system type:

Next, go to the following interface to set the directory to which CYGWIN is installed. Here is the location corresponding to the Regan path on the cygwin console:

Here is the cache of the downloaded package. When adding a software package, you need to re-run the installation program:

Select the installation source. The top source should be the latest, and there are some images in China, but some software packages may not be the latest and missing. We recommend that you use the Netease source, which is fast here:

163 image: http://mirrors.163.com/cygwin/

Paste it below and ADD it.

 

Search openssh, git, bash-completion, and bash-compelion-devel here.

After searching, click the previous skip or default to change to the version number to be installed.

 

After selecting the required software package, wait for installation.

After cygwin is successfully installed, run the bash terminal under the administrator privilege. set the git server first. execute ssh-host-config, and the script will guide you through settings. 1. * ** Query: Should StrictModes be used? (Yes/no)
Select yes2. *** Query: shocould privilege separation be used? (Yes/no) Select yes here. Cygwin will create a special windows account for us to execute the sshd service. 3. * ** Query: Do you want to install sshd as a service?
* ** Query: (Say "no" if it is already installed as a service) (yes/no) Select yes and an sshd service will be registered, to run server.4. *** Query: Enter the value of CYGWIN for the daemon: []
Write ntsec5. *** Info: This script plans to use 'cyg _ Server '.
* ** Info: 'cyg _ Server' will only be used by registered services.
* ** Query: Do you want to use a different name? (Yes/no)
Cygwin wants to create a cyg_server account to run the sshd service. Here, you can select another name for the account or use default. choose no.6. *** Query: Create new privileged user account 'dmc-PC \ cyg_server '(Cygwin name: 'cyg _ Server ')? (Yes/no)
Yes. Are you sure you want to create an account. then enter the password to complete the config. after setting, an sshd_config file is added under/etc to open the file and uncomment the following item. RSAAuthentication yesPubkeyAuthentication yes the new openssh configuration file may not have RSAAuthentication, I added it myself and haven't tested whether it affects my use. After the openSSH configuration is complete, enter: net stop sshdnet start sshd on the cygwin terminal to restart the sshd service. If any error occurs, you can view the error details in the windows event log on the server. The secret key can be generated on the server side, but I prefer to use SecureCRT to generate it: the installation and cracking of SecureCRT will not be detailed here. The server ip address and windows user name will be used for connection: select publickey and click properties to go to the public key setting page. The public key can be generated here:

Click Create Identity File to Create a public key. If you select RSA Passphrase for key type, you can choose either key length 1024 or 2048.

Select an OpenSSH key and save it to a secure location on your computer (do not share it with others ):

When logging on, select the public key and the logon process will automatically read the private key without an extension in the same directory as the public key. Therefore, do not change the name or move the private key.

After the settings are complete, the key pair is generated. on the server, you only need to save the public key, that is, a file with the pub extension.

Uploading data directly to the server always fails. I used secureFX to upload the public key to the server. The location is ~ /. Ssh/authorized_keys each user's own folder has its own public key file. Use the> operator to append multiple public keys to the authorized_keys file.

Remove the client Password Logon method of SecureCRT, after successfully logging on to the key file, uncomment the/etc/sshd_config line on the server and set it to PasswordAuthentication no. Disable server password authentication and then enable the SecureCRT connection attribute, add port 5900 to port ing as follows

 

Install RealVNC Server on the Server

In the service, change the VNC Server to manual start and create a batch for starting the VNC service:

Net stop winvnc4
SC start winvnc4-localhost: 1
Pause

 

The main purpose is to pass the localhost: 1 parameter so that the VNC can wait for the connection on the local port of the SSH tunnel.

Then, add the batch processing to the start or other auto-starting positions.

Set the current Administrator Account of the server to log on directly after entering the system, so that the VNC service can be started after the server is started. I tried to start the batch processing method in the Registry and WIN. INI before logging on.

See here to set automatic login: http://jingyan.baidu.com/article/7e440953eabd742fc0e2efae.html

 

The client first enables SecureCRT and logs on with the previously set connection. Keep the connection open until you exit the Remote Desktop.

Enable VNC Viewer and connect to localhost: 1

Then, if everything works properly, you can see that the VNC Remote Desktop has been restarted several times to test whether windows Remote Desktop can be used for login. If you can, you can use VNC to Disable windows Remote Desktop. By now, you can ensure that only computers with two key keys can remotely log on to windows desktop.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.