[ see postitus siin on kirjutatud ennekõike selleks, et endale hiljem meelde tuletada, aga võib-olla kulub ka teistele marjaks ära. seepärast inglise keeles ]

background

when my dad’s old computer died, he asked me to have a new one built for him. since i didn’t want to reinstall windows (partly because his old PC had an OEM win98 with no installation media, he didn’t really want to pay for a new windows license and i didn’t want to resort to software piracy, and partly just because windows sucks anyway), i suggested that he make the shift to linux. after a brief discussion he decided he would be OK with fedora core 2, opera, openoffice.org, evolution, and gaim. since he lives in the middle of nowhere, he’s connecting to the internet via GPRS (using a noname USB bluetooth dongle and a brandname nokia 6310). but as he’s not (yet) very experienced with linux, i felt i’d better make his computer remotely accessible. ok, so i installed VNC and ssh and enabled incoming ssh connections, but here we come to the tricky part: how to make an inbound connection to a host that gets a its IP address dynamically, and as if it were not enough, the address is a 10.x.x.x private one?

luckily enough, i happened to have a shell account in another linux host that had a public IP address (if you aren’t as lucky as i am, you might as well stop reading and look for other solutions).

making an ssh tunnel

i first made a “reverse” ssh tunnel from my dad’s computer to my public host:
[dad@dads-computer dad]$ ssh -C -N -f -R 10022:localhost:22 wolli@my-public-host
in fact, i created a little script (/usr/local/bin/helpme) on his computer so that he could easily invoke it when my help was needed.
now i could just login to my account on my-public-host and do a ssh -p 10022 localhost from there to get access to my dad’s pc. but i wanted to do most of the administering from my own pc (and i knew i was going to have to copy some files between my dad’s pc and my own desktop). so i can now do the following:
[wolli@my-computer wolli]$ ssh -C -N -f -L 10022:localhost:10022 my-public-host<br />[wolli@my-computer wolli]$ ssh -p 10022 localhost

making a VNC connection

i configured my dad’s x.org to provide vnc access to display X:0 (here’s how). since the inbound connections to all ports were blocked anyway, i had no problem setting the “securityTypes” parameter to “None”.
now when i need access to my dad’s display, i first login to my account at his computer via ssh, and then:
[wolli@dads-computer wolli]$ ssh -C -N -f -R 15900:localhost:5900 my-public-host<br />[wolli@my-computer wolli]$ ssh -C -N -f -L 15900:localhost:15900 my-public-host<br />[wolli@my-computer wolli]$ vncviewer localhost:15900
and — voilà! — i can see what my dad is doing, and do things on his desktop so he can learn how they should be done.