Use cases
This page describes typical usage scenarios for the application.
We're assuming in the following examples, that an end user called Alice wants to make her screen available to a support staff called Bob. Alice only requires an installation of Customer Support Tool. Bob on the other side requires an installation of Staff Support Tool in order to make remote administration possible.
In this scenario Alice sends her desktop through a direct connection to Bob.
- In case that Bob sits behind a router / NAT, he has to open the configured port (5900 by default) in his router / NAT and has to forward incoming traffic from this port to his local machine, where the VNC client is listening.
-
Bob has to launch the Staff Support Tool and press the
Startbutton. - Bob has to tell Alice his public IP address and the port number to access his machine.
-
Alice enters Bob's IP address and port number into her Customer Support Tool and clicks
Connect.
- best possible performance
- SSL encryption can be enabled. Bob has to tell Alice to enable the SSL option in her Customer Support Tool in this case.
- Bob has to open a port in the firewall of his router / NAT, what can be a security risk.
- Bob has to obtain his current IP address and needs to tell it to Alice, what makes the initiation of the support connection a bit trickier.
In this scenario Alice sends her screen through a secure connection (SSH tunnel) to Bob.
- Bob has to install a SSH daemon on his machine.
- Bob should create a separate user account, that is used for authentication via SSH on his machine. Authentication may be realized with password or public / private key.
- In case that Bob sits behind a router / NAT, he has to open the SSH port (22) in his router / NAT and has to forward incoming traffic from this port to his local machine, where the SSH daemon is listening.
- Bob has to start a VNC client in listening mode.
- Bob has to tell Alice his public IP address, the port number of his SSH daemon and the port number to access his VNC client.
-
Alice enters Bob's IP address and both port numbers into her Remote Support Tool and clicks
Connect.
Notice:
Remote Support Tool automatically opens the SSH tunnel for Alice. The corresponding
sshcommand looks like:ssh -C -x -L 5500:localhost:5500 -p $SSH_PORT $SSH_USER@$ADDRESSwith
$SSH_PORTas the port number of Bob's SSH daemon$SSH_USERas the user name to authenticate at Bob's SSH daemon$ADDRESSas Bob's public IP address / hostname
- VNC traffic is transferred encrypted.
- Bob has to open a port in the firewall of his router / NAT, what can be a security risk.
In this scenario Alice sends her screen through a secure connection (SSH tunnel) through a SSH gateway to Bob.
-
Bob has to install a SSH daemon on his machine.
-
Bob should create a separate user account, that is used for authentication via SSH on his machine. Authentication may be realized with password or public / private key.
-
Bob has to open a reverse SSH tunnel to the gateway server - e.g.
ssh -C -x -R 0.0.0.0:12345:localhost:22 $GATEWAY_USER@$GATEWAY_ADDRESS
opens port
12345on the gateway server and forwards incoming traffic to Bob's local SSH daemon on port22. -
Bob has to start a VNC client in listening mode.
-
Bob has to tell Alice the IP address of the SSH gateway, the port number of the SSH gateway and the port number to access his VNC client.
-
Alice enters the IP address of the SSH gateway and both port numbers into her Remote Support Tool and clicks
Connect.
Notice:
Remote Support Tool automatically opens the SSH tunnel for Alice. The corresponding
sshcommand looks like:ssh -C -x -L 5500:localhost:5500 -p $SSH_PORT $SSH_USER@$ADDRESSwith
$SSH_PORTas the number of the previously opened port (12345)$SSH_USERas the user name to authenticate at Bob's SSH daemon$ADDRESSas public IP address / hostname of the SSH gateway
- VNC traffic is transferred encrypted.
- No port forwarding in a router / NAT is required - neither for Alice nor for Bob.
- VNC traffic is partially double encrypted. This leads to more overhead and therefore the performance is less good.