On Aug 30, 2005, at 12:42 AM, [EMAIL PROTECTED] wrote:
Why can't clueful techie use VNC to talk /directly/ to clueless luser's PC?
From the diagram he included in the email, I would assume it's because both clueful techie and clueless luser are behind NATting firewalls, which do not forward ports inward.
What does your "reflector" give you besides just the IP address of luser?
clueless luser starts a program that connects to the reflector and offers a remote control session.
clueful techie starts a remote control client, and points it at the reflector.
The reflector ties the two together, thereby giving clueful techie remote control over clueless luser's system.
Unless you are hoping to avoid luser and techie having to exchange passwords with each other? So your "reflector" is like a "password escrow" server so techie doesn't need to know luser's password?
No, I think the motivation is much simpler than that. Simply provide a program to clueless luser and say "run this when you want me to connect to help you out." No need to set up a VNC server, modify the NAT firewall (which likely would be more complicated than most typical computer users could handle). No need to create a username/ password. You nicely skip all that technical crap that most people don't care about, and just have a nice "click here and call me" thing for the clueless luser to use.
On Mon, Aug 29, 2005 at 04:39:50PM -0700, Andrew Lentvorski wrote:What I am attempting to do is this: Clueless luser -> firewall -> | | V server running reflector ^ | | Clueful techie -> firewall ->
Now, there are systems that provide this kind of functionality already, but most of them are proprietary, from my understanding. There's GoToMyPC.com, for example. All of these, however, put ultimate control of access to your personal system in the hands of someone else with a profit motive.
With enough time, I could probably put together some sort of system for this using Linux and VNC, but it is likely to involve a lot of glue code and hacking, and won't work for windows systems...
Thinking about it, though, the best I'm coming up with is to install both VNC and Putty on the windows box, set up Putty to automatically log in via SSH to a remote host you control (non-privileged user, of course) and reverse-port-forward VNC back to the windows PC. Then you can SSH in to that same host and port forward VNC to there....
For instance, you'd do the Putty equivalent (with passphrase-less keys for "authentication") on the Windows PC:
ssh -R <Reflector_VNC_Port>:127.0.0.1:<PC_VNC_Port>
Then, you'd do this to connect to the same remote system as the same
non-privileged user from your system (with tightvnc)
vncviewer -via <reflector_system> localhost
Caveats to this approach are that you'll likely need to change the
VNC_VIA_CMD environment variable, you'll need to do this from a unixy
system, and the port forwarded from the reflector to the PC will need
to be the normal port VNC listens on.
TightVNC also apparently supports "reverse" connections, where the server (running on the PC of the clueless luser) initiates the connection to the client (which was started in "listen" mode). I have never done this, however, so I'm not sure exactly how it works, but it might get you around having to do anything with SSH port forwarding. Definitely worth a little reading up on.
Or, possibly, using SSH with X11Fowarding turned on to connect to the reflector host and run "vncviewer -listen" from there, displaying on the clueful techie's system, for the clueless luser's vnc server to connect to in a reverse connection... I'll test this if I get a chance tonight at home.
Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
