Article directory
Preface
To achieve remote connection at the desktop level of the ubuntu system, you need to install vnc in the ubuntu system. Since it is a desktop, the premise is that ubuntu needs to have a graphical interface. If not, you can execute the following command to install the graphical interface
sudo apt install ubuntu-desktop
sudo apt-get install gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal
sudo reboot #重启即可看到图形界面
1. Install VNC on ubuntu
Install vnc in ubuntu
sudo apt-get install x11vnc
Install LightDM [LightDM is designed to support local graphical interfaces for the best compatibility]
sudo apt-get install lightdm
The following options will appear during the installation process. Select lightdm and press Enter.
Set the password. After setting the password, you will be asked if you need to save the password in:/home/root1/.vnc/passwd. Enter yto confirm.
x11vnc -storepasswd
2. Set vnc to start at boot
create a x11vnc.servicefile
sudo vim /lib/systemd/system/x11vnc.service
Press the keyi to enter the editing mode, add the following information, !!Note: <USERNAME>Replace with your ubuntu user name , press the Esc key to exit editing after the addition is completed, and then enter colon: wq to save
[Unit]
Description=Start x11vnc at startup.
After=multi-user.target
[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/<USERNAME>/.vnc/passwd -rfbport 5900 -shared
[Install]
WantedBy=multi-user.target
Set up startup
sudo systemctl enable x11vnc.service
Start service
sudo systemctl start x11vnc.service
3. Windows installation VNC viewer connection tool
Enter the vnc official website and download the windows version of the vnc connection tool
After downloading, open it and use the LAN IP to connect. The port is 5900.
The password interface appears, enter the password set above.
The ubuntu desktop appears indicating success.
4. Intranet penetration
After testing the remote connection locally with no problem, we next implement the remote desktop in the public network environment. Here we can use the cpolar intranet penetration tool to achieve programmatic access. Supports http/https/tcp protocols, does not limit traffic, does not require public IP, and does not need to set up a router.
cpolar official website: https://www.cpolar.com/
4.1 Install cpolar [supports installation using one-click script command]
- cpolar installation (for domestic use)
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
Or cpolar short link installation method: (for foreign use)
curl -sL https://git.io/cpolar | sudo bash
- Check the version number. If the version number is displayed normally, the installation is successful.
cpolar version
- token authentication
Log in to the cpolar official website backend, click Verify on the left, check your authentication token, and then paste the token in the command line
cpolar authtoken xxxxxxx
- Simple penetration test, if the corresponding public network address is generated normally, the penetration is successful.
cpolar http 8080
Press ctrl+c to exit
- Add services to the system
sudo systemctl enable cpolar
- Start cpolar service
sudo systemctl start cpolar
- Check service status
sudo systemctl status cpolar
4.2 Create tunnel mapping
After cpolar is successfully installed, access the local port 9200 on the browser, [127.0.0.1:9200], and use the cpolar email account to log in to the web UI management interface.
After successfully logging in, click Tunnel Management - Create Tunnel on the left dashboard to create a TCP protocol tunnel pointing to the local port 5900:
- Tunnel name: It can be customized. Be careful not to duplicate the existing tunnel name.
- Protocol: tcp
- Local address: 5900
- Domain name type: Choose a random domain name for free
- Region: Default is China top
Click创建
After the tunnel is successfully created, click Status on the left - Online Tunnel List. You can see that the tunnel just created has generated the corresponding public network address + public network port number. Copy it.
4.3 Test public network remote access
Open windows vnc viewer and connect using the public network address + public network port number you just obtained. This example is2.tcp.vip.cpolar.cn:13001
enter password
Public network remote connection successful
5. Configure a fixed TCP address
Since the tunnel created above is a random address tunnel, the address will change within 24 hours. In order to make the connection more stable, we need to configure a fixed TCP address for it.
It should be noted that configuring a fixed TCP port address requires upgrading cpolar to the Professional Edition package or above.
5.1 Reserve a fixed public network TCP port address
Log in to the cpolar official website backend, click Reserve on the left, and select the reserved TCP address.
- Region: Select China VIP
- Description: Notes, which can be customized
Click to keep
After the address is successfully reserved, the system will generate the corresponding fixed public address and copy it.
5.2 Configure a fixed public network TCP port address
Log in to the cpolar web UI management interface on the browser, http://127.0.0.1:9200/ , click Tunnel Management - Tunnel List on the left dashboard, find the vnc remote tunnel we created earlier, and click Edit on the right
Modify the tunnel information and configure the successfully reserved fixed tcp address into the tunnel.
- Port type: modified to fixed tcp port
- Reserved tcp address: fill in the successfully reserved address
Click to update
After the tunnel is successfully updated, click on the status of the left dashboard - online tunnel list, find the vnc remote desktop tunnel, and you can see that the public network address has been updated to a fixed tcp address.
5.3 Test remote use of fixed public network address
Next, we test the remote Ubuntu desktop using a fixed TCP port address. We open the VNC viewer on Windows again and connect using the fixed TCP address. The password interface appears. Enter the password as well.
Remote connection successful
Summarize
So far, we have successfully implemented the use of VNC remote desktop Ubuntu: through cpolar to penetrate the vnc service port 5900, and use the generated public network address to remotely control Ubuntu on the intranet anytime and anywhere without the need for a public network IP or Configure the router. Moreover, this public network address is still fixed and will not change randomly, making the connection stable.
In addition to penetrating vnc, cpolar can also be used in many other scenarios, such as public network ssh remote, remote Synology NAS, Minecraft online, WeChat public account Alipay debugging, and exposing a local web... [PS: cpolar is currently available Support 21-day money back guarantee]
Reprinted from cpolar pole cloud article: Using VNC remote desktop Ubuntu [Intranet penetration to achieve public network remote]