1,798
edits
Changes
→Starting a Graphical Desktop on the Xen domainU Guest
[[Image:gnome_desktop_xen_domainU.jpg|GNOME desktop running on a Xen domainU displayed in vncviewer]]
== Establishing a Secure Remote Desktop Session ==
The remote Xen desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewall or when the connection is taking place on the Xen host system. When a remote session is required over an internet connection a more secure option is needed. This achieved by tunneling the remote desktop through a secure shell (SSH) connection.
Before a secure connection is established the SSH server must be installed in the desktop to which the connection is to be established and the firewall configured to allow SSH access. This is the default for many Linux distributions but may not be the case for your distribution. If in doubt refer to the documentation for your chosen distribution to find out how to install and enable SSH access.
Once the SSH server is installed and active it is time to move to the other system. At the other system, log in to the remote system using the following command, which will establish the secure tunnel between the two systems. The following example assumes that ''vncdisplay'' number 10 (which maps to port 5910) was specified in the domainU configuration file. Modify this value to suit your environment:
<pre>
ssh -l username -L 5910:localhost:5910 hostname
</pre>
In the above example, ''hostname'' is either the hostname or IP address of the remote system and ''username'' is the account you wish to use to log in. Enter the password associated with the specified account when prompted. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel. Leaving the ssh session running in the other terminal window, launch another terminal and enter the following command:
<pre>
vncviewer localhost::5910
</pre>
The vncviewer session will prompt for a password if one is required, and then launch the VNC viewer providing secure access to your Xen domainU guest desktop environment.
If you are connecting to the remote desktop from outside the firewall using Network Address Translation (NAT) keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the internal LAN IP address of the remote system (since this IP address is not visible to those outside the firewall). You will also need to configure your firewall to forward port 22 (for the ssh connection) to the IP address of the system running the desktop. It is not necessary to forward port 5910. Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration.
