[geni-users] Remote login options

Skip to first unread message

Aditi Ghag

Dec 18, 2013, 9:50:51 PM12/18/13
to geni-...@googlegroups.com

I need to be able to stream a video in a browser window for my project, and hence have to set up a GUI/Desktop environment on the Xen VMs, which are Ubuntu VMs. I have installed X Window and Desktop packages on the VM. I have been connecting to the virtual machines from my slice via SSH, so I used "SSH X forwarding" which enabled me to open the GUI window on my laptop. While I have been successful in setting up this SSH X connection, I found that the SSH X forwarding is excruciatingly slow. I came across some solutions such as use of compression, replacing the default AES encryption algorithm with faster ones like blowfish and archfour that speed up the connection. But, in spite of using these techniques, the X forwarding is inadequate in terms of speed. The other option I am aware of that will enable me access to the desktop/GUI environment on the VMs, is connecting to the VMs via a VNC client. Is there any way I can connect to the VMs via a VNC client? I am not entirely sure how to connect to remote machines using a private key via a vnc client. Also, as far as I know in order to be able to use the VNC connection, a vnc server has to be set up on the remote machines. 
Please advise. 


Tim Upthegrove

Dec 19, 2013, 11:07:22 AM12/19/13
to geni-...@googlegroups.com
Someone correct me if I am wrong, but I think you should be able to
install the vnc server of your choice inside of your VM and configure
it as needed, and then you should be able to connect from a vnc

If you want to connect using your ssh keys, you could probably set up
the vnc server to allow only local connections and not require a
password. After that, you could establish the vnc connection over an
ssh tunnel. This method has the benefit that you don't need to worry
about firewalls or having a dedicated IP on your node.

If the ssh tunnel causes excessive slow down, you could also try something like:
* Reserve a host with a public IP at a site with no firewall in place
* Set the vnc password on the server side
* Log in with password auth

Tim Upthegrove
> --
> GENI Users is a community supported mailing list, so please help by
> responding to questions you know the answer to.
> If this is your first time posting a question to this list, please review
> http://groups.geni.net/geni/wiki/GENIExperimenter/CommunityMailingList
> ---
> You received this message because you are subscribed to the Google Groups
> "GENI Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to geni-users+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

Aditi Ghag

Dec 20, 2013, 1:11:32 AM12/20/13
to geni-...@googlegroups.com
I installed and set up a vnc server on one of the VMs. But, the VNC client(running on my laptop) fails to connect to the public IP of the remote VM. I disabled the UFW, so I am guessing there must be some other firewalls involved. 
Can anyone please confirm this? 
I'm a bit reluctant to use SSH tunnels, they could be slow. 
Are there any VMs available with no firewalls whatsoever? 


Tim Upthegrove

Dec 20, 2013, 10:00:08 AM12/20/13
to geni-...@googlegroups.com
I believe that the following sites with racks have no firewall on the
control network:
* Illinois
* Kansas
* Kentucky
* Utah

You could try connecting your vnc session to a vm at one of those sites.

Assuming you have a dedicated public IP, another easy thing you could
try is binding your vnc server to a high port (maybe something in the
33000s). A lot of InstaGENI sites have firewall exceptions for high
numbered tcp ports for the public IPs allocated to the IG rack. For
example, I just tried creating a Xen VM on the Gatech InstaGENI rack
with a dedicated IP. I then bound a tcp netcat listener to port
33001, and I was able to send traffic through from my laptop.

Good luck!

Tim Upthegrove

Leigh Stoller

Dec 20, 2013, 10:18:21 AM12/20/13
to geni-...@googlegroups.com
> I'm a bit reluctant to use SSH tunnels, they could be slow.

Hi. We strongly encourage you to use ssh to tunnel your VNC connections!

I use VNC through ssh all day every day, to work remotely between Oregon
and Utah and performance is excellent. You should at least try it to see
if it will be okay for you.


Aditi Ghag

Dec 20, 2013, 11:24:56 AM12/20/13
to geni-...@googlegroups.com
I tunneled the VNC traffic over SSH, and it worked. The video streaming in a browser video over the SSH tunnel is not as good as native streaming(there is still some lag), but the performance is much better than that with SSH X Forwarding. 
I am gonna try connecting to one of the VMs with no firewall and see if I get an improved performance over vnc connection. Also, I will try binding the vnc server to a higher port to circumvent the firewall issues.
Thanks very much for your help Tim.


Reply all
Reply to author
0 new messages