SSVNC (or enhanced tight vnc viewer)

[redge]

Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer)
http://www.karlrunge.com/x11vnc/ssvnc.html


Feature List:

Wrapper scripts and a tcl/tk GUI were written to create these features for Unix, Mac OS X, and Windows:

• SSL support for connections using the bundled stunnel program.
• Automatic SSH connections from the GUI (system ssh is used on Unix and MacOS X; bundled plink is used on Windows)
• Ability to Save and Load VNC profiles for different hosts.
• You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, with the SSVNC encryption GUI front-end if you prefer.
• Create or Import SSL Certificates and Private Keys.
• Reverse (viewer listening) VNC connections via SSL and SSH.
• VeNCrypt SSL/TLS VNC encryption support (used by VeNCrypt, QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc)
• ANONTLS SSL/TLS VNC encryption support (used by Vino)
• VeNCrypt and ANONTLS are also enabled for any 3rd party VNC Viewer (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX, and Windows via the provided SSVNC VeNCrypt Viewer Bridge tool (use 'Change VNC Viewer' to select the one you want.)
• Support for Web Proxies, SOCKS Proxies, and the UltraVNC repeater proxy (e.g. repeater://host:port+ID:1234). Multiple proxies may be chained together (3 max).
• Support for SSH Gateway connections and non-standard SSH ports.
• Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
• Sets up any additional SSH port redirections that you want.
• Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find VNC servers on your local network if the avahi-browse or dns-sd program is available and in your PATH.
• Port Knocking for "closed port" SSH/SSL connections. In addition to a simple fixed port sequence and one-time-pad implementation, a hook is also provided to run any port knocking client before connecting.
• Support for native MacOS X usage with bundled Chicken of the VNC viewer (the Unix X11 viewer is also provided for MacOS X, and is better IMHO. It is now the default on MacOS X.)
• Dynamic VNC Server Port determination and redirection (using ssh's builtin SOCKS proxy, ssh -D) for servers like x11vnc that print out PORT= at startup.
• Unix Username and Password entry for use with "x11vnc -unixpw" type login dialogs.
• Simplified mode launched by command "sshvnc" that is SSH Only.
• Simplified mode launched by command "tsvnc" that provides a VNC "Terminal Services" mode (uses x11vnc on the remote side).
  
  Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for Unix TightVNC Viewer improvements (these only apply to the Unix VNC viewer, including MacOSX XQuartz):
• rfbNewFBSize VNC support (dynamic screen resizing)
• Client-side Scaling of the Desktop in the viewer.
• ZRLE VNC encoding support (RealVNC's encoding)
• Support for the ZYWRLE encoding, a wavelet based extension to ZRLE to improve compression of motion video and photo regions.
• TurboVNC support (VirtualGL's modified TightVNC encoding; requires TurboJPEG library)
• Pipelined Updates of the framebuffer as in TurboVNC (asks for the next update before the current one has finished downloading; this gives some speedup on high latency connections.)
• Cursor alphablending with x11vnc at 32bpp (-alpha option)
• Option "-unixpw ..." for use with "x11vnc -unixpw" type login dialogs.
• Support for UltraVNC extensions: 1/n Server side scaling, Text Chat, Single Window, Disable Server-side Input. Both UltraVNC and x11vnc servers support these extensions.
• UltraVNC File Transfer via an auxiliary Java helper program (java must be in $PATH). Note that the x11vnc server also supports UltraVNC file transfer.]/b]
• Connection support for the UltraVNC repeater proxy (-repeater option).
• Support for UltraVNC Single Click operation. (both unencrypted: SC I, and SSL encrypted: SC III)
• Support for UltraVNC DSM Encryption Plugin symmetric encryption mode. (ARC4, AESV2, MSRC4, and SecureVNC)
• Support for UltraVNC MS-Logon authentication (NOTE: the UltraVNC MS-Logon key exchange implementation is very weak; an eavesdropper on the network can recover your Windows password easily in a few seconds; you need to use an additional encrypted tunnel with MS-Logon.)
• Support for symmetric encryption (including blowfish and 3des ciphers) to Non-UltraVNC Servers. Any server using the same encryption method will work, e.g.: x11vnc -enc blowfish:./my.key
• Instead of hostname:display one can also supply "exec=command args..." to connect the viewer to the stdio of an external command (e.g. stunnel or socat) rather than using a TCP/IP socket. Unix domain sockets, e.g. /path/to/unix/socket, and a previously opened file descriptor fd=0, work too.
• Local Port Protections for STUNNEL and SSH: avoid having for long periods of time a listening port on the the local (VNC viewer) side that redirects to the remote side.
• Reverse (viewer listening) VNC connections can show a Popup dialog asking whether to accept the connection or not (-acceptpopup.) The extra info provided by UltraVNC Single Click reverse connections is also supported (-acceptpopupsc)
• Extremely low color modes: 64 and 8 colors in 8bpp (-use64/-bgr222, -use8/-bgr111)
• Medium color mode: 16bpp mode on a 32bpp Viewer display (-16bpp/-bgr565)
• For use with x11vnc's client-side caching -ncache method use the cropping option -ycrop n. This will "hide" the large pixel buffer cache below the actual display. Set to the actual height or use -1 for autodetection (also, tall screens, H > 2*W, are autodetected by default).
• Escape Keys: specify a set of modifier keys so that when they are all pressed down you can invoke Popup menu actions via keystrokes. I.e., a set of 'Hot Keys'. One can also pan (move) the desktop inside the viewport via Arrow keys or a mouse drag.
• Scrollbar width setting: -sbwidth n, the default is very thin, 2 pixels, for less distracting -ycrop usage.
• Selection text sending and receiving can be fine-tuned with the -sendclipboard, -sendalways, and -recvtext options.
• TightVNC compression and quality levels are automatically set based on observed network latency (n.b. not bandwidth.)
• Improvements to the Popup menu, all of these can now be changed dynamically via the menu: ViewOnly, Toggle Bell, CursorShape updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE, Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale for low color modes, Scaling the Viewer resolution, Escape Keys, Pipeline Updates, and others, including UltraVNC extensions.
• Maintains its own BackingStore if the X server does not.
• The default for localhost:0 connections is not raw encoding since same-machine connections are pretty rare. Default assumes you are using a SSL or SSH tunnel. Use -rawlocal to revert.
• XGrabServer support for fullscreen mode, for old window managers (-grab/-graball option).
• Fix for Popup menu positioning for old window managers (-popupfix option).

Special thank you to Karl for the great work,
porting many feature of UltraVNC to Unix/Linux OS request from many users of Linux

[MrJohnBravo]

love the work on this... and currently everything I have tried with it works well on MEPIS 7.0 which is a deb etch distro. I have 1 small issue to iron out and I am still having trouble with. I am not sure whether this issue is my error or not. If you could please let me know what you think I would greatly appreciate it.

anyway so I am trying to use the MSRC4 plugin to connect to a remote server through the repeater. I currently have the msrc4 plugin setup not to use a key file on the server.

so in my ssvnc I have the following setup

VNC host:display = vnc://:0
VNC password = xxxxxx
proxy/gateway = repeater://my.repeater.ip:port+my_uvnc.server.ip:port

under advanced options I have checked
UltraVNC DSM Encryption Plugin:

in its options i have set
pw=xxxxxx

when I do a connnect I get the following error

ultravnc_dsm_helper:decrypt - Warning : MSRC4 mode and IGNORING random Salt
ultravnc_dsm_helper:decrypt - Warning : and initialization vector
Not a valid VNC Server: $#@%@# <-- junk characters

VNC viewer exiting

vncviewer command failed :0



Any help or pointers would be very very much appreciated... I love ssvnc but I would realy like to get it working with an encryption plugin.



BTW : using uvnc from a windows box with the MSRC4 plugin enabled works fine to the same server.


THanks very much for your work on this and your time

[krunge]

so in my ssvnc I have the following setup

VNC host:display = vnc://:0
VNC password = xxxxxx
proxy/gateway = repeater://my.repeater.ip:port+my_uvnc.server.ip:port

I am not sure what led you to use "vnc://:0" when the ssvnc documentation on using the uvnc repeater suggests to use ":0".

The "vnc://" is an easter egg to make a direct connection with no SSL or SSH encryption. I think it is ignored by the scripts in UltraVNC DSM mode, but you should remove it to avoid confusion.

Anyway, I have tested SSVNC with entries like the ones you have above (but with ":0" for the host:display) and it works fine for me with the MSRC4 plugin and pw=xxxxxx and repeater://192.168.0.2:5900+10.0.2.53:5902

I run the repeater.exe on 192.168.0.2 (Note this is NOT repeater_SSL.exe; I don't think that will work in this case... are you using it?)

under advanced options I have checked
UltraVNC DSM Encryption Plugin:

in its options i have set
pw=xxxxxx

when I do a connnect I get the following error

ultravnc_dsm_helper:decrypt - Warning : MSRC4 mode and IGNORING random Salt
ultravnc_dsm_helper:decrypt - Warning : and initialization vector
Not a valid VNC Server: $#@%@# <-- junk characters

BTW, please use the most recent SSVNC 1.0.20 tarballs. 1.0.20 is not released yet (so you are beta-tester in case you hadn't noticed!) and so only the 32bit Linux binaries are updated frequently. If you are on 64bit Linux or other OS you will need to build your binaries manually (build.unix script in the top directory) to pick up the latest changes.

ssvnc 1.0.20 will be officially released at
http://freshmeat.net/projects/enhanced_tightvnc_viewer in about 1 to 2 weeks.

I will post in another message where I show the full printout of a successful connection.

If it still fails to work for you please post the full printout as well.

[krunge]

Here is the successful test example I used for connecting with SSVNC via the UltraVNC repeater.exe proxy repeater and using the MSRC4 DSM plugin.

VNC Host:Display: :0
VNC Password: ***
Proxy/Gateway: repeater://192.168.0.2:5900+10.0.2.53:5902

The above Proxy/Gateway is equivalent to using the easier to type:

Proxy/Gateway: repeater://192.168.0.2+10.0.2.53:2

Under 'UltraVNC DSM Encryption Plugin' I have set:

Type of Key: MSRC4
Ultra DSM Keyfile: pw=abc

And it worked fine for me.

Here is the logging output printed to the terminal window:

Code: Select all

+ ssvnc_cmd -proxy repeater://192.168.0.2:5900+10.0.2.53:5902 :0 -passwd /home/runge/.vncauth_tmp.26046-1905489243.sKxUEU -noraiseonbeep

Using UltraVNC DSM Plugin key for encryption:

  ultravnc_dsm_helper msrc4 pw=abc PORT HOST:PORT


PPROXY v0.2: a tool for Web proxies and SOCKS connections.
proxy_host:       192.168.0.2
proxy_port:       5900
proxy_connect:    localhost:5900
pproxy_params:    repeater://192.168.0.2:5900+10.0.2.53:5902
pproxy_listen:    5931
pproxy_reverse:   

pproxy 1st: 192.168.0.2:5900    - repeater:10.0.2.53:5902
pproxy 2nd:     - 
pproxy 3rd:     - 

vncviewer -passwd /home/runge/.vncauth_tmp.26046-1905489243.sKxUEU -noraiseonbeep -encodings copyrect tight zrle zlib hextile exec=ultravnc_dsm_helper msrc4 pw=abc 0 localhost:5931

exec-cmd: exec ultravnc_dsm_helper msrc4 pw=abc 0 localhost:5931
ultravnc_dsm_helper: got connection: 0
repeater: 10.0.2.53:5902
RFB 000.000
pproxy parent[26143]  STDIN -> socket
pproxy child [26150]  socket -> STDOUT
ultravnc_dsm_helper: encrypt - WARNING: MSRC4 mode and IGNORING random salt
ultravnc_dsm_helper: encrypt - WARNING: and initialization vector!!
ultravnc_dsm_helper: decrypt - WARNING: MSRC4 mode and IGNORING random salt
ultravnc_dsm_helper: decrypt - WARNING: and initialization vector!!
Proto: RFB 003.006

Connected to RFB server, using protocol version 3.3

Performing standard VNC authentication
VNC authentication succeeded

Desktop name "windoze ( 10.0.2.53 )"

VNC server default format:
  32 bits per pixel.  Least significant byte first in each pixel.
  True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using default colormap which is TrueColor.  Pixel format:
  32 bits per pixel.  Least significant byte first in each pixel.
  True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using shared memory (PutImage ycrop=0)

Unknown encoding 'tight'
tight encoding does not yet work with ultraDSM, skipping it.
Unknown encoding 'zlib'
zlib  encoding does not yet work with ultraDSM, skipping it.
ShmCleanup called

VNC Viewer exiting.

ultravnc_dsm_helper: encrypt - input stream finished: n=0, err=0
ultravnc_dsm_helper: encrypt - close sock_to
ultravnc_dsm_helper: encrypt - close sock_fr

+ set +xv

Done. You Can X-out or Ctrl-C this Terminal if you like. Ctrl-\ to pause.

I will make some changes to ssvnc to not print out the pw=.... with the password so carelessly.

If you have problems, post the full output like the above for your attempt.

[Apokliptico]

I'm sorry, how do i use this?

I want to have a shell from a computer that has the ultravnc server installed and working (and no ssh server), how do I do this?

[krunge]

I want to have a shell from a computer that has the ultravnc server installed and working (and no ssh server), how do I do this?

I'm not sure what you want to do. It sounds like you want a shell login (interactive terminal) on Windows instead of the full Windows desktop???

[Apokliptico]

That's what I want, an admin on another subforum told me it was possible with this software...

[krunge]

That's what I want, an admin on another subforum told me it was possible with this software...

Could you send a link to the thread? I'm still not clear what you want, and if you really need ssvnc (this thread.)

[redge]

[topic=16787][/topic]
maybe I don't understand her request ?

[krunge]

[topic=16787][/topic]
maybe I don't understand her request ?

Oh yes, now I understand better. Yes, the SSVNC viewer has automatic SSH tunnel creation for a VNC connection. SSVNC can do this on both Windows and Unix/Macosx (plink.exe on Windows, ssh elsewhere.) It can also (via easter-egg) just launch a plink/ssh terminal connection.

I'm not sure this is exactly what Apokliptico asked for... Of course it would be better to have SSH support integrated into UltraVNC instead of using a "glue program" like SSVNC, but it works (note: it, of course, requires some SSH server on the VNC server side.)

If you go this route with SSVNC, I can help (BTW SSVNC default viewer on Windows is TightVNC, but you can set it to UltraVNC viewer by an option.)

If you want to register your SSH related feature request with the UltraVNC developers you can do that too.

[gcornilescu]

Ssvnc it doesn't for me in Vista. I need the tunneling through a gateway.

After connection to the gateway a shell window appears for 10 ms and then dissapears... basically I get no prompt to type the gateway password.

[krunge]

This problem (discussed in more detail with gcornilescu via email) is fixed in the ssvnc 1.0.26 development bundles here:

http://www.karlrunge.com/x11vnc/ssvnc.html#download

[redge]

Would be very happy for an install/update of ssvnc on macos.x 10.6 snow leopard like ssvnc.dmg that just need to drag for install/update would be amazing like modern and simple application of mac


I would give donation, tell me how much before start work for sure if success