1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
Enhanced TightVNC Viewer package
Copyright (c) Karl J. Runge <runge@karlrunge.com>
All rights reserved.
These packages provide 1) An enhanced TightVNC Viewer on Unix, 2) Binaries
for many Operating Systems (including Windows) for your convenience,
3) Wrapper scripts and etc. for gluing them all together.
One can straight-forwardly download all of the components and get them
to work together by oneself: this package is mostly for your convenience
to combine and wrap together the freely available software.
Bundled software co-shipped in this package is copyright and licensed
by others. See these sites and related ones for more information:
http://www.tightvnc.com
http://www.realvnc.com
http://www.stunnel.org
http://stunnel.mirt.net
http://www.openssl.org
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Note: Some of the Windows binaries included contain cryptographic software
that you may not be allowed to download, use, or redistribute. Please
check your situation first before downloading any of these packages.
See the survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
information. The Unix programs do not contain cryptographic software, but
rather will make use of cryptographic libraries that are installed on your
Unix system. Depending on your circumstances you may still need to check.
All work by Karl J. Runge in this package is Copyright (c) Karl J. Runge
and is licensed under the GPL as described in the file COPYING in this
directory.
All the files and information in this package are provided "AS IS"
without any warranty of any kind. Use them at your own risk.
=============================================================================
This package contains a convenient collection of enhanced TightVNC viewers
and stunnel binaries for different flavors of Unix and wrapper scripts,
etc to glue them together. SSL and SSH encryption tunnelling is provided.
Also, a Windows SSL wrapper for the co-bundled TightVNC binary and other
utilities are provided. (Launch ssl_tightvncviewer.exe in the
Windows subdirectory).
It is a self-contained package, you could carry it around on, say,
a USB memory stick for secure VNC viewing from almost any machine,
Unix or Windows.
Features:
--------
The enhanced TightVNC viewer features are:
- SSL support for connections using the co-bundled stunnel program.
- Automatic SSH connections from the GUI (ssh must already be
installed on Unix; co-bundled plink is used on Windows)
- rfbNewFBSize VNC support on Unix (screen resizing)
- cursor alphablending with x11vnc at 32bpp (-alpha option, Unix only)
- xgrabserver support for fullscreen mode, for old window
managers (-grab option, Unix only).
- Create or Import SSL Certificates and Private Keys.
- Automatic Service tunnelling via SSH for CUPS and SMB Printing,
ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
- Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a
connecting.
- You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
with the front-end if you like.
- Sets up any additional SSH port redirections that you want.
Your package should have included binaries for many OS's: Linux, Solaris,
FreeBSD, etc. Unpack your archive and see the subdirectories of
./bin
for the ones that were shipped in this package, e.g. ./bin/Linux.i686
Run "uname -sm" to see your OS+arch combination. (See the
./bin/tightvncviewer -h output for how to override platform autodection
via the UNAME env. var).
If you need to Build:
--------------------
If your OS/arch is not included, the script "build.unix" may be able to
successfully build on for you and deposit the binaries down in ./bin/...
using the included source code.
You must run the build.unix script from this directory (that this toplevel
README is in) and like this:
./build.unix
The programs:
------------
Unpack your archive, and you will see "bin", "Windows", "src" directories
and other files. The wrapper scripts:
./bin/ssl_tightvncviewer
./bin/tightvncviewer
are the main programs you will run and will try to autodetect your OS+arch
combination and if binaries are present for it automatically use them.
(if not found try the running the build.unix script).
If you prefer a GUI to prompt for parameters and then start ssl_tightvncviewer
you can run this instead:
./bin/ssl_vnc_gui
this is essentially the same GUI that is run on Windows (the
ssl_tightvncviewer.exe).
Using the GUI is it impossible to initiate a VNC connection that is not
encrypted with either SSL or SSH. Unencrypted VNC connections can only
be started by manually running the ./bin/tightvncviewer script.
For convenience, you can make symlinks from a directory in your PATH to
any of the 3 programs above you wish to run. That is all you usually
need to do for it to pick up all of the binaries, utils, etc. E.g.
assuming $HOME/bin is in your $PATH:
cd $HOME/bin
ln -s /path/to/enhanced_tightvnc_viewer/bin/{s,t}* .
(note the "." at the end). The above commands is basically the way to
"install" this package on Unix.
On Windows unpack your archive and run:
Windows/ssl_tightvncviewer.exe
Examples:
--------
The following assume you are in the toplevel directory of the
archive you unpacked.
Use enhanced TightVNC unix viewer to connect to x11vnc via SSL:
./bin/ssl_tightvncviewer far-away.east:0
./bin/tightvncviewer -ssl far-away.east:0 (same)
./bin/ssl_vnc_gui (start GUI launcher)
Use enhanced TightVNC unix viewer without SSL:
./bin/tightvncviewer far-away.east:0
Use SSL to connect to a x11vnc server, and also verify the server's
identity using the SSL Certificate in the file ./x11vnc.pem:
./bin/ssl_tightvncviewer -alpha -verify ./x11vnc.pem far-away.east:0
(also turns on the viewer-side cursor alphablending hack).
Brief description of the subdirectories:
---------------------------------------
./bin/util some utility scripts, e.g. ssl_vncviewer
and ssl_tightvncviewer.tcl
./src source code and patches.
./src/zips zip files of source code and binaries.
./src/vnc_unixsrc unpacked tightvnc source code tree.
./src/stunnel-4.14 unpacked stunnel source code tree.
./src/patches patches to TightVNC viewer for the new
features on Unix (used by build.unix).
./src/tmp temporary build dir for build.unix
(the last four are used by build.unix)
./man man pages for TightVNC viewer and stunnel.
./Windows Stock TightVNC viewer and Stunnel, Openssl
etc Windows binaries. ssl_tightvncviewer.exe
is the program to run.
Since they are large, depending on which package you use not all of the
above may be present in your package.
Help and Info:
-------------
For more help on other options and usage patterns run these:
./bin/ssl_tightvncviewer -h
./bin/tightvncviewer -h
./bin/util/ssl_vncviewer -h
See also:
http://www.karlrunge.com/x11vnc
http://www.karlrunge.com/x11vnc/#faq
x11vnc -h | more
http://www.stunnel.org
http://stunnel.mirt.net
http://www.openssl.org
http://www.tightvnc.com
http://www.realvnc.com
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Windows:
-------
Unpack the zip archive somewhere.
A wrapper to create a STUNNEL tunnel and then launch the
Windows TightVNC viewer is provided in:
Windows/ssl_tightvncviewer.exe
Just launch it (Start ... Run) and fill in the remote VNC
display then click "Connect". You can make a shortcut if
you prefer.
Click the Help buttons for more info. There is also a
Windows/README.txt file.
On Windows you may need to terminate the STUNNEL process
from the System Tray if the tool cannot terminate it
by itself. Just right-click on the STUNNEL icon.
|