SSH 为 Secure Shell 的缩写,由 IETF 的网络工作小组(Network Working Group)所制定;SSH 为建立在应用层和传输层基础上的安全协议。SSH 是目前较可靠,专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。
VNC (Virtual Network Computer)是虚拟网络计算机的缩写。VNC 是一款优秀的远程控制工具软件,由著名的 AT&T 的欧洲研究实验室开发的。VNC 是在基于 UNIX 和 Linux 操作系统的免费的开源软件,远程控制能力强大,高效实用,其性能可以和Windows 和 MAC 中的任何远程控制软件媲美。 在 Linux 中,VNC 包括以下四个命令:vncserver,vncviewer,vncpasswd,和 vncconnect。大多数情况下用户只需要其中的两个命令:vncserver 和 vncviewer。但是VNC 是明文的,不安全的.连接过程可能会被窃听,干扰.可以使用SSH通道加密,然后再由远程主机的回环地址通信,加大了安全性。
下面就给大家演示一个ssh配合vncview访问的例子。下面就给大家演示一个ssh配合vncview访问的例子。这个例子适合redhat|Centos|OEL6以上本,redhat|Centos|OEL5配置不一样。
[root@cent2 ~]# yum -y install tigervnc tigervnc-server Loaded plugins: fastestmirror, refresh-packagekit, security ………………….. ………………… Complete! [root@cent2 ~]# rpm -qa tigervnc tigervnc-1.1.0-8.el6_5.x86_64 [root@cent2 ~]#
[root@cent2 ~]# cat /etc/sysconfig/vncservers # The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see this URL: # http://kbase.redhat.com/faq/docs/DOC-7028 # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. # VNCSERVERS="2:myusername" # VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost" VNCSERVERS="1:oracle 2:grid" VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp" VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp -SecurityTypes None" [root@cent2 ~]#主要添加了2个vnc用户,oracle用户和grid用户,VNCSERVERARGS[1]表示oracle用户分辨率和协议。但是VNCSERVERARGS[2]代表的grid用户不用输入密码就可以连接。
[root@cent2 ~]# su - oracle [oracle@cent2 ~]$ [oracle@cent2 ~]$ vncpasswd Password: Verify: [oracle@cent2 ~]$ [oracle@cent2 ~]$ exit logout [root@cent2 ~]# [root@cent2 ~]# su - grid [grid@cent2 ~]$ [grid@cent2 ~]$ vncpasswd Password: Verify: [grid@cent2 ~]$这样做的好处,就是系统用户密码和vnc用户密码分开。
[root@cent2 ~]# service vncserver start Starting VNC server: 1:oracle xauth: creating new authority file /home/oracle/.Xauthority New 'cent2:1 (oracle)' desktop is cent2:1 Creating default startup script /home/oracle/.vnc/xstartup Starting applications specified in /home/oracle/.vnc/xstartup Log file is /home/oracle/.vnc/cent2:1.log 2:grid xauth: creating new authority file /home/grid/.Xauthority New 'cent2:2 (grid)' desktop is cent2:2 Creating default startup script /home/grid/.vnc/xstartup Starting applications specified in /home/grid/.vnc/xstartup Log file is /home/grid/.vnc/cent2:2.log [ OK ] [root@cent2 ~]#
[root@cent1 Desktop]# ssh -L 5901:localhost:5901 192.168.1.102 The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established. RSA key fingerprint is ea:d9:cd:1e:5a:51:79:07:19:d2:e3:50:99:3f:35:a6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts. Address 192.168.1.102 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@192.168.1.102's password: Last login: Sun Sep 7 18:55:25 2014 from 192.168.1.101 [root@cent2 ~]#开启vncviewer
root@cent1 Desktop]# vncviewer 127.0.0.1:5901 TigerVNC Viewer for X version 1.1.0 - built Feb 4 2014 05:24:41 Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt) See http://www.tigervnc.org for information on TigerVNC. Sun Sep 7 11:24:11 2014 CConn: connected to host 127.0.0.1 port 5901 CConnection: Server supports RFB protocol version 3.8 CConnection: Using RFB protocol version 3.8 Sun Sep 7 11:24:17 2014 TXImage: Using default colormap and visual, TrueColor, depth 24. CConn: Using pixel format depth 24 (32bpp) little-endian rgb888 CConn: Using Tight encoding
原文地址:http://blog.csdn.net/suyishuai/article/details/39121305