Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 01/11/2019, à 17:44

hcm

[Contourné]SSVNC entre deux machines sur réseau local (pour le moment)

Bonjour,

Je souhaite pouvoir prendre le contrôle à distance sur une machine pour aider des débutants sous Linux. Besoin classique donc.
Pour cela, il me faut une solution 100% libre (pas Teamviewer et consorts), sécurisée (pas gitso) et très simple à mettre en œuvre côté serveur (pas de modif dans la box).

C'est pourquoi j'ai fait le choix de x11vnc et SSL comme décrit dans ce tutoriel (partie connexion inversée, avec SSVNC)

Pour le moment, les deux machines utilisées (SAV et TATA) sont sur un réseau local. Quand la solution fonctionnera, elles seront connectées via internet.

La connexion, avec reconnaissance du certificat, entre le dépanneur (machine SAV) et le dépanné (machine TATA) semble se passer correctement, mais aucun affichage ne se produit côté dépanneur.

Pas de plantage si d'un côté ni de l'autre.

Voici côté SAV les traces capturées

+ ssvnc_cmd -mycert /home/XXXX/.vnc/certs/vnccert.pem -listen :0 -noraiseonbeep
ipv6: ::1 localhost
ipv6: addr=localhost disp=0

Using this stunnel configuration:

foreground = yes
pid =
client = no
debug = 6

options = ALL

cert = /home/XXXX/.vnc/certs/vnccert.pem

[vnc_stunnel]
accept = 5500
connect = localhost:5530


** WARNING: THE STUNNEL CONFIG HAS NO SERVER CERTIFICATE SPECIFIED       **
** WARNING: (the CApath or CAfile stunnel option) THE VNC SERVER WILL    **
** WARNING: NOT BE AUTHENTICATED. A MAN-IN-THE-MIDDLE ATTACK IS POSSIBLE **


Running stunnel:
stunnel4 /tmp/ss_vncviewer3482.4731.qSHDrT

LOG5[ui]: stunnel 5.44 on x86_64-pc-linux-gnu platform
LOG5[ui]: Compiled with OpenSSL 1.1.0g  2 Nov 2017
LOG5[ui]: Running  with OpenSSL 1.1.1  11 Sep 2018
LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
LOG5[ui]: Reading configuration from file /tmp/ss_vncviewer3482.4731.qSHDrT
LOG5[ui]: UTF-8 byte order mark not detected
LOG5[ui]: FIPS mode disabled
LOG6[ui]: Initializing service [vnc_stunnel]
LOG6[ui]: Loading certificate from file: /home/XXXX/.vnc/certs/vnccert.pem
LOG6[ui]: Certificate loaded from file: /home/XXXX/.vnc/certs/vnccert.pem
LOG6[ui]: Loading private key from file: /home/XXXX/.vnc/certs/vnccert.pem
LOG6[ui]: Private key loaded from file: /home/XXXX/.vnc/certs/vnccert.pem
LOG6[ui]: Using dynamic DH parameters
LOG5[ui]: Configuration successful

Running viewer:

NOTE: Press Ctrl-C to terminate viewer LISTEN mode.

vncviewer -noraiseonbeep -encodings copyrect tight zrle zlib hextile -listen 30

vncviewer -listen: Listening on port 5530  ipv4_fd: 4 ipv6_fd: 5
vncviewer -listen: Cmdline errors are not reported until a connection comes in.

select() start ...
LOG5[0]: Service [vnc_stunnel] accepted connection from 192.168.1.10:48666
LOG6[0]: Peer certificate not required
LOG6[0]: TLS accepted: new session negotiated
LOG6[0]: No peer certificate received
LOG6[0]: Negotiated TLSv1.3 ciphersuite TLS_AES_256_GCM_SHA384 (256-bit encryption)
LOG6[0]: s_connect: connecting 127.0.0.1:5530
select() returned.

(LISTEN) Reverse VNC connection from IP: 127.0.0.1  2019/11/01 16:20:50
                               Hostname: localhost

LOG5[0]: s_connect: connected 127.0.0.1:5530
LOG6[0]: persistence: 127.0.0.1:5530 cached
LOG5[0]: Service [vnc_stunnel] connected remote server from 127.0.0.1:55022


vncviewer -listen: Listening on port 5530
vncviewer -listen: Cmdline errors are not reported until a connection comes in.


select() start ...

Et maintenant côté TATA après lancement de la commande

x11vnc -connect_or_exit 192.168.1.11 -ssl -gui tray -noxdamage -sslverify "sav.crt"
starting gui, trying display: :0
15:48:25 icon_mode_file=/tmp/x11vnc.tray.I7nPzi
15:48:25 x11vnc version: 0.9.13 lastmod: 2011-08-10  pid: 4271
15:48:25 Using X display :0
15:48:25 rootwin: 0x155 reswin: 0x3e00001 dpy: 0x25412c0
15:48:25 
15:48:25 ------------------ USEFUL INFORMATION ------------------
15:48:25 
15:48:25 Wireframing: -wireframe mode is in effect for window moves.
15:48:25   If this yields undesired behavior (poor response, painting
15:48:25   errors, etc) it may be disabled:
15:48:25    - use '-nowf' to disable wireframing completely.
15:48:25    - use '-nowcr' to disable the Copy Rectangle after the
15:48:25      moved window is released in the new position.
15:48:25   Also see the -help entry for tuning parameters.
15:48:25   You can press 3 Alt_L's (Left "Alt" key) in a row to 
15:48:25   repaint the screen, also see the -fixscreen option for
15:48:25   periodic repaints.
15:48:25 
15:48:25 XFIXES available on display, resetting cursor mode
15:48:25   to: '-cursor most'.
15:48:25   to disable this behavior use: '-cursor arrow'
15:48:25   or '-noxfixes'.
15:48:25 using XFIXES for cursor drawing.
15:48:25 GrabServer control via XTEST.
15:48:25 
15:48:25 Scroll Detection: -scrollcopyrect mode is in effect to
15:48:25   use RECORD extension to try to detect scrolling windows
15:48:25   (induced by either user keystroke or mouse input).
15:48:25   If this yields undesired behavior (poor response, painting
15:48:25   errors, etc) it may be disabled via: '-noscr'
15:48:25   Also see the -help entry for tuning parameters.
15:48:25   You can press 3 Alt_L's (Left "Alt" key) in a row to 
15:48:25   repaint the screen, also see the -fixscreen option for
15:48:25   periodic repaints.
15:48:25 
15:48:25 XKEYBOARD:
15:48:25 Switching to -xkb mode to recover these keysyms:
15:48:25    xkb  noxkb   Keysym  ("X" means present)
15:48:25    ---  -----   -----------------------------
15:48:25     X           0x40  at
15:48:25     X           0x23  numbersign
15:48:25     X           0x5b  bracketleft
15:48:25     X           0x5d  bracketright
15:48:25     X           0x7b  braceleft
15:48:25     X           0x7d  braceright
15:48:25     X           0x7c  bar
15:48:25     X           0x5c  backslash
15:48:25 
15:48:25   If this makes the key mapping worse you can
15:48:25   disable it with the "-noxkb" option.
15:48:25 
15:48:25 
15:48:25 X FBPM extension not supported.
15:48:25 X display is capable of DPMS.
15:48:25 --------------------------------------------------------
15:48:25 
15:48:25 Default visual ID: 0x21
15:48:25 Read initial data from X display into framebuffer.
15:48:25 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/4096
15:48:25 
15:48:25 Initializing SSL (server connect mode).
15:48:25 RAND_file_name: /home/thierry/.rnd
15:48:25 initialized PRNG with 1088 random bytes.
15:48:25 created  512 bit temporary RSA key: 0.015s
15:48:25 created 1024 bit temporary RSA key: 0.207s
15:48:25 
15:48:25 Using SSL Certificate:

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIUUvVXF/afRCAhtlg+YzG/+eBMOukwDQYJKoZIhvcNAQEL
(...)
-----END CERTIFICATE-----

15:48:25 using PEM /home/thierry/.vnc/certs/server.pem  0.014s
15:48:25 sslverify: loaded /home/thierry/.vnc/certs/clients/sav.crt
15:48:25 sslverify: using 1 client certs in
15:48:25 sslverify: /home/thierry/.vnc/certs/tmp/sslverify-tmp-load-4271.crts.YXxnV2
15:48:25 
15:48:25 
15:48:25 X display :0 is 32bpp depth=24 true color
15:48:25 
15:48:25 Autoprobing TCP port 
15:48:25 Autoprobing selected TCP port 5900
15:48:25 Autoprobing TCP6 port 
15:48:25 Autoprobing selected TCP6 port 5900
15:48:25 openssl_port: listen on port/sock 5900/10
15:48:25 openssl_port: listen on port/sock 5900/13 (ipv6)

The SSL VNC desktop is:  ordifix-TA:0
15:48:25 
15:48:25 Xinerama is present and active (e.g. multi-head).
15:48:25 Xinerama: number of sub-screens: 1
15:48:25 Xinerama: no blackouts needed (only one sub-screen)
15:48:25 
15:48:26 fb read rate: 19 MB/sec
15:48:26 The X server says there are 10 mouse buttons.
15:48:26 screen setup finished.
15:48:26 

The SSL VNC desktop is:  ordifix-TA:0
PORT=5900
SSLPORT=5900

******************************************************************************
Have you tried the x11vnc '-ncache' VNC client-side pixel caching feature yet?

The scheme stores pixel data offscreen on the VNC viewer side for faster
retrieval.  It should work with any VNC viewer.  Try it by running:

    x11vnc -ncache 10 ...

One can also add -ncache_cr for smooth 'copyrect' window motion.
More info: http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching


15:48:26 gui: got SIGUSR1
15:48:26 gui: ping succeeded.

15:48:26 check_xrandr_event():
15:48:26 Detected XRANDR event at location 'check_xevents':
15:48:26 check_xrandr_event: no change detected.
15:48:26 check_xrandr_event: enabling full XRANDR trapping anyway.
15:48:26 connect_tcp: trying:   192.168.1.11 5500
15:48:26 
15:48:26 Initializing SSL (client connect mode).
15:48:26 created  512 bit temporary RSA key: 0.073s
15:48:26 created 1024 bit temporary RSA key: 0.454s
15:48:26 using PEM /home/thierry/.vnc/certs/server.pem  0.000s
15:48:26 sslverify: loaded /home/thierry/.vnc/certs/clients/sav.crt
15:48:26 sslverify: using 1 client certs in
15:48:26 sslverify: /home/thierry/.vnc/certs/tmp/sslverify-tmp-load-4271.crts.uDoxjX
15:48:26 
15:48:26 SSL: spawning helper process to handle: 192.168.1.11:5500
15:48:26 SSL: helper for peerport 5500 is pid 4274: 
15:48:26 connect_tcp: trying:   127.0.0.1 20000
15:48:26 SSL: ssl_init[4274]: 14/14 initialization timeout: 20 secs.
15:48:26 SSL: ssl_helper[4274]: SSL_connect() succeeded for: 192.168.1.11:5500
15:48:26 SSL: ssl_helper[4274]: Cipher: TLSv1.3 TLS_AES_256_GCM_SHA384 Proto: unknown
15:48:26 SSL: ssl_helper[4274]: accepted client 192.168.1.11 x509 cert is:
Certificate:
    Data:
(...)
15:48:27 SSL: handshake with helper process[4274] succeeded.
15:48:27   other clients:
15:48:27 Normal socket connection
15:48:27 Disabled X server key autorepeat.
15:48:27   to force back on run: 'xset r on' (3 times)
15:48:27 incr accepted_client=1 for 127.0.0.1:43886  sock=14
15:48:27 accept_openssl: renaming client '127.0.0.1' -> '192.168.1.11'
15:48:27 client progressed=0 in 15/10 0.019249 s
15:48:27 
15:48:27 Initializing SSL (server connect mode).
15:48:27 created  512 bit temporary RSA key: 0.066s
15:48:28 created 1024 bit temporary RSA key: 0.917s
15:48:28 using PEM /home/thierry/.vnc/certs/server.pem  0.000s
15:48:28 sslverify: loaded /home/thierry/.vnc/certs/clients/sav.crt
15:48:28 sslverify: using 1 client certs in
15:48:28 sslverify: /home/thierry/.vnc/certs/tmp/sslverify-tmp-load-4271.crts.9XuNXJ
15:48:28 
15:48:28 client progressed=0 in 15/10 0.018230 s
15:48:28 check_xrandr_event():
15:48:28 Detected XRANDR event at location 'reverse_connect2':
15:48:28   serial:          102
15:48:28   timestamp:       61238
15:48:28   cfg_timestamp:   1215068
15:48:28   size_id:         0
15:48:28   sub_pixel:       0
15:48:28   rotation:        1
15:48:28   width:           1680
15:48:28   height:          1050
15:48:28   mwidth:          444 mm
15:48:28   mheight:         278 mm
15:48:28 
15:48:28 check_xrandr_event: previous WxH: 1024x768
15:48:28 check_xrandr_event: updating config...
15:48:28 xrandr_mode: default
15:48:28 check_xrandr_event: trying to create new framebuffer...
15:48:28 deleted 32 tile_row polling images.
15:48:28 Default visual ID: 0x21
15:48:29 Read initial data from X display into framebuffer.
15:48:29 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/6720
15:48:29 rfbNewFramebuffer(0x259cbf0, 0x0, 1680, 1050, 8, 1, 4)
15:48:29 Pixel format for client 192.168.1.11:
15:48:29   32 bpp, depth 24, little endian
15:48:29   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
15:48:29 
15:48:29 X display :0 is 32bpp depth=24 true color
15:48:29 
15:48:29 calling setTranslateFunction()...
15:48:29 Pixel format for client 192.168.1.11:
15:48:29   32 bpp, depth 24, little endian
15:48:29   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
15:48:29 no translation needed
15:48:29   done.
15:48:30 
15:48:30 Xinerama is present and active (e.g. multi-head).
15:48:30 Xinerama: number of sub-screens: 1
15:48:30 Xinerama: no blackouts needed (only one sub-screen)
15:48:30 
15:48:30 check_xrandr_event: fb       WxH: 1680x1050
15:48:30 check_xrandr_event: current  WxH: 1680x1050
15:48:30 check_xrandr_event(): returning control to caller...
15:48:30 check_xrandr_event():
15:48:30 Detected XRANDR event at location 'copy_screen-set':
15:48:30   serial:          102
15:48:30   timestamp:       61238
15:48:30   cfg_timestamp:   1215068
15:48:30   size_id:         0
15:48:30   sub_pixel:       0
15:48:30   rotation:        1
15:48:30   width:           1680
15:48:30   height:          1050
15:48:30   mwidth:          444 mm
15:48:30   mheight:         278 mm
15:48:30 
15:48:30 check_xrandr_event: previous WxH: 1680x1050
15:48:30 check_xrandr_event: no change detected.
15:48:30 check_xrandr_event: updating config...
15:48:30 check_xrandr_event: current  WxH: 1680x1050
15:48:30 check_xrandr_event(): returning control to caller...
15:48:32 copy_tiles: allocating first_line at size 54
15:48:37 created selwin: 0x3e0005b
15:48:37 called initialize_xfixes()
15:48:38 read X11VNC_REMOTE: qry=ping
15:48:38 read X11VNC_REMOTE: cmd=client_info_sock:127.0.0.1:13037 ...
15:48:38 connect_tcp: trying:   127.0.0.1 13037
15:48:38 client useCopyRect: 192.168.1.11 0
15:48:39 client_set_net: 192.168.1.11  0.0420
15:48:39 connect_tcp: trying:   192.168.1.11 113
15:48:40 ident_username: set block=1 (hung)
15:48:40 client_info_sock to: 127.0.0.1:13037
15:48:41 client useCopyRect: 192.168.1.11 0
15:48:42 client useCopyRect: 192.168.1.11 0
15:48:43 remote_cmd: will try to embed 0x4a0008e in the system tray.
15:48:43 selection_send: no send: uninitialized clients
15:48:43 client useCopyRect: 192.168.1.11 0
15:48:44 selection_send: no send: uninitialized clients

Les deux machines semblent connectées
Côté SAV

tcp        0      0 192.168.1.11:5500       192.168.1.10:48666      ESTABLISHED

Côté TATA

tcp        0      0 192.168.1.10:48666      192.168.1.11:5500       ESTABLISHED

et pourtant aucun déport d'affichage côté dépanneur.

Précision; j'ai la certitude que le client VNC (vncviewer sur la machine SAV) est bien connecté au serveur VNC (x11vnc sur la machine TATA) car l'IHM (option -gui tray) de x11vnc bascule bien sur un fond noir. Je peux voir d'ailleurs via les menus de l'IHM qu'il y a bien un client connecté.

J'ai l'impression que x11vnc n'envoie aucune data vers le client. Est-ce du au dernier message affiché ?

selection_send: no send: uninitialized clients

Merci pour vos éclairages.

Dernière modification par hcm (Le 06/11/2019, à 13:44)

Ubuntu 22.04.1 LTS - 64 bits / Intel Pentium(R) Dual CPU E2200 @ 2.20GHz × 2 / 2 Go RAM / 1,1 To DD / Carte Graphique Intel G33

Hors ligne

#2 Le 02/11/2019, à 20:26

hcm

Re : [Contourné]SSVNC entre deux machines sur réseau local (pour le moment)

Après consultation des sources de x11vnc je comprends que le client (de la machine SAV) qui s'est connecté (ss_vncviewer) n'est pas correctement initialisé, ce qui empêche le serveur de lui envoyer les infos.

Le client n'étant pas dans l'état RFB_NORMAL, le serveur refuse de lui envoyer les infos.

Après je sèche ...

Qq saurait-il me dire pourquoi le client ne se retrouve pas dans l'état RFB_NORMAL ?

Serait-ce du à une incompatibilité de protocole entre le client et le serveur ?

Dernière modification par hcm (Le 03/11/2019, à 11:03)

Ubuntu 22.04.1 LTS - 64 bits / Intel Pentium(R) Dual CPU E2200 @ 2.20GHz × 2 / 2 Go RAM / 1,1 To DD / Carte Graphique Intel G33

Hors ligne

#3 Le 03/11/2019, à 17:21

hcm

Re : [Contourné]SSVNC entre deux machines sur réseau local (pour le moment)

Bon j'ai fait qq essais complémentaires pour tenter de comprendre ...

J'ai donc reproduit la manip, sans la tunnelisation et sans l'authentification par clef.
Côté serveur (machine TATA) j'ai lancé x11vnc

x11vnc -connect_or_exit 192.168.1.11 -gui tray -noxdamage

Et côté client (machine SAV) j'ai lancé vncviewer par

vncviewer -listen

Et là ça fonctionne. Du coup, le client et le serveur sont bien compatibles niveau protocole.
Si côté client j'utilise ssvncviewer, ça fonctionne aussi.
Par contre dès que j'utilise ssvnc qui met en place la tunnelisation, la connexion entre le client et le serveur ne se fait pas entièrement: les deux machines sont connectées mais le serveur considère que le client n'est pas correctement initialisé (cf message précédent).

Donc j'ai comme l'impression que c'est la tunnelisation qui coince ...

Qq pour m'aider ?

Dernière modification par hcm (Le 03/11/2019, à 17:22)

Ubuntu 22.04.1 LTS - 64 bits / Intel Pentium(R) Dual CPU E2200 @ 2.20GHz × 2 / 2 Go RAM / 1,1 To DD / Carte Graphique Intel G33

Hors ligne

#4 Le 06/11/2019, à 13:44

hcm

Re : [Contourné]SSVNC entre deux machines sur réseau local (pour le moment)

En l'absence d'aide, et comme je coince sur cette solution, j'ai changé de solution.
J'ai décidé de mettre en œuvre le schéma décrit sur la deuxième diapo de cette page et tant pis pour SSVNC qui avait l'air pas mal au début ...
Je passe donc le fil à Contourné

Dernière modification par hcm (Le 06/11/2019, à 13:44)

Ubuntu 22.04.1 LTS - 64 bits / Intel Pentium(R) Dual CPU E2200 @ 2.20GHz × 2 / 2 Go RAM / 1,1 To DD / Carte Graphique Intel G33

Hors ligne

Pages : 1