Normally I use VNC-over-SSH to provide a complete desktop to a remote user.
Is there a way to provide a single application to a user instead of a complete desktop?
In this case I am looking for a method to provide remote report-viewing access to LedgerSMB for a company's outside accountant. LedgerSMB runs through a web browser (i.e. http://localhost/ledgersmb) so he doesn't need or want remote access to anything other than one instance of Firefox.
In other words, normally the remote users crank up a VNC session and see their full desktop. For this instance I would like to have him see only a Firefox session.
A ssh session like "ssh -X user@remotehost firefox" works.
But it's painfully slow. On the other hand, VNC has a reasonable amount of snap.
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
I don't want to open anything other than ssh on the application server to the big scary world.
To complicate things a bit more, the accountant runs Windows on his computer.
Maybe there is a simple way to accomplish this feat and I'm just not seeing it?
Frank Cox wrote:
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
port forward localhost:8080 (or some other arbitrary port) to remote:80 via ssh.. for instance, in putty's somewhat wretched connection configuration dialog, go to connection->ssh->tunnels, leave 'local ports accept connections from other hosts' and 'remote ports do same' unchecked, enter the source port 8080, the destination localhost:80, check 'local' and 'auto' under destination, and click 'Add', then save this along with the rest of the session settings (host, user, tec) to a named session. make this connection, and point your local Windows web browser to http://localhost:8080/legersmb.....
note, this will NOT work for SSL sessions (https://...)
another approach is NX, but I don't know much about this. iit works more like the X-forwarding thing but uses a more efficient protocol than plain X.
On Wed, 12 Aug 2009 12:21:09 -0700 John R Pierce wrote:
port forward localhost:8080 (or some other arbitrary port) to remote:80 via ssh..
Thanks for the steer!
Hi,
On Wed, Aug 12, 2009 at 15:04, Frank Coxtheatre@sasktel.net wrote:
Is there a way to provide a single application to a user instead of a complete desktop?
I think that is possible by changing the .xsession or .xinitrc files of the user, have them start up only Firefox, and maybe use a minimal window manager just to provide Window decorations, but I haven't ever seen a package that does all that config for you, I think you would have to find the pieces and assemble the puzzle for yourself... might be painful.
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
Yes, you can use "plink" (part of PuTTY suite: http://www.chiark.greenend.org.uk/~sgtatham/putty/) on Windows to create a port forward to the server.
I think the command syntax would be something like this: C:> plink -ssh -L 8080:127.0.0.1:80 user@remotehost sleep 99999
And then point the local Firefox (on the Windows machine) to http://localhost:8080/ledgersmb
You might have a problem, however, if the remote host sends an HTTP redirect, since it will send a redirect to http://localhost/... instead of http://localhost:8080/..., in that case you should better match the local and destination ports, such as using -L 80:127.0.0.1:80 if port 80 is free for you on the local Windows machine (and you have enough rights to listen on it) or changing the remote port on the server to 8080.
I don't want to open anything other than ssh on the application server to the big scary world.
And what about VNC? By default it opens a new port to the world...
To complicate things a bit more, the accountant runs Windows on his computer. Maybe there is a simple way to accomplish this feat and I'm just not seeing it?
I guess port forwarding with "plink" is the simplest way to accomplish what you are looking for. Other alternatives might be setting up a VPN for that.
HTH, Filipe
On Wed, 12 Aug 2009 15:23:10 -0400 Filipe Brandenburger wrote:
Yes, you can use "plink" (part of PuTTY suite: http://www.chiark.greenend.org.uk/~sgtatham/putty/) on Windows to create a port forward to the server.
Thanks loads! I think I've got 'er whipped now. Just needed someone to push me in the right direction here.
On Wed, 12 Aug 2009 13:04:08 -0600 Frank Cox wrote:
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
Someone else just gave me the solution to this problem.
All I had to do was enter this at a commandline on my computer:
ssh frankcox@remotecomputer -L 8080:localhost:80
Now typing http://localhost:8080/ledgersmb into the Firefox on my desktop loads the ledgersmb program on my local computer.
Frank Cox wrote:
Normally I use VNC-over-SSH to provide a complete desktop to a remote user.
I'd recommend trying freenx on the server with the free (as in cost) NX client from http://www.nomachine.com (linux/windows/mac clients are available) on the client side. It's much nicer than vnc especially remotely and runs over ssh. It may be good enough to skip the rest of the questions.
Is there a way to provide a single application to a user instead of a complete desktop?
There may be a way to do this with NX but I haven't bothered.
In this case I am looking for a method to provide remote report-viewing access to LedgerSMB for a company's outside accountant. LedgerSMB runs through a web browser (i.e. http://localhost/ledgersmb) so he doesn't need or want remote access to anything other than one instance of Firefox.
In other words, normally the remote users crank up a VNC session and see their full desktop. For this instance I would like to have him see only a Firefox session.
A ssh session like "ssh -X user@remotehost firefox" works.
But it's painfully slow. On the other hand, VNC has a reasonable amount of snap.
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
Sure, ssh -L80:localhost:80 user@remotehost will let you point your browser at localhost:80 and see remotehost:80 but you have to make sure there are no absolute links with the hostname embedded in the app. You might also run ssh -D 1080 user@remotehost, then configure the local firefox to use a socks proxy at localhost:1080 which will let you access anything the remote server could access (putty -D 1080 works too).
I don't want to open anything other than ssh on the application server to the big scary world.
Https with a client certificate requirement should be as secure, and the setup is a one-time thing.
To complicate things a bit more, the accountant runs Windows on his computer.
Maybe there is a simple way to accomplish this feat and I'm just not seeing it?
Try freenx/NX with an appropriately minimalistic user desktop. I'm not sure I'd use it just to be able to run firefox on windows, but if you have anything that needs native linux GUI access from a windows box it is great. Note that the commercial NX server uses the same default ssh key for the NX user that is included in the client where freenx generates a new key pair during the install, so you have to paste the key from /etc/nxserver/client.id_dsa.key into the client (push the 'key' button during the config setup). After that everything should work the way you expect.