VNC password fails "Permission denied (publickey,keybo.."

me@laptop:~> vncviewer -via 172.16.1.33 localhost:2
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
vncviewer: Tunneling command failed: /usr/bin/ssh -f -L 5599:localhost:5902 172.16.1.33 sleep 20.

This happens everytime I attempt to VNC to a openSUSE 11.1 desktop from my openSUSE 11.1 laptop, all on the same small LAN. From my laptop, I SSH into the desktop and start VNC as a normal user:

me@laptop #: ssh user-alpha@remote-desktop
user-alpha@remote-desktop #: vncserver -depth 8 -geometry 800x600

Then, I open another xterm on the laptop and try to access that server, whose IP is 172.16.1.33:

me@laptop #: vncviewer -via 172.16.1.33 localhost:2

I’m a VNC newbie, and not sure if I got everything configured correctly, but YaST2>Security and Users>Firewall reports that SSH server and VNC server are Allowed Services for External Zone, and that the network interface was in that External Zone.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This link may help if you haven’t seen it already:

http://www.vanemery.com/Linux/VNC/vnc-over-ssh.html

Another option is to just tunnel your data directly, though this isn’t
quite as nice since you need to setup your SSH manually and maintain it
while in VNC Viewer, but this also works for anything TCP-based so it’s
not limited to VNC:

ssh -L 5599:localhost:5902 user-alpha@remote-desktop
#and while leaving that open
vncviewer localhost:5902

If you get the ‘-via’ option working let us know how you did it,
though… it’s certainly a nice option for VNC specifically.

Good luck.

silentstone wrote:
>> me@laptop:~> vncviewer -via 172.16.1.33 localhost:2
>> Password:
>> Password:
>> Password:
>> Permission denied (publickey,keyboard-interactive).
>> vncviewer: Tunneling command failed: /usr/bin/ssh -f -L
>> 5599:localhost:5902 172.16.1.33 sleep 20.
>
> This happens everytime I attempt to VNC to a openSUSE 11.1 desktop from
> my openSUSE 11.1 laptop, all on the same small LAN. From my laptop, I
> SSH into the desktop and start VNC as a normal user:
>
> Code:
> --------------------
> me@laptop #: ssh user-alpha@remote-desktop
> user-alpha@remote-desktop #: vncserver -depth 8 -geometry 800x600
> --------------------
>
> Then, I open another xterm on the laptop and try to access that server,
> whose IP is 172.16.1.33:
>
> Code:
> --------------------
> me@laptop #: vncviewer -via 172.16.1.33 localhost:2
> --------------------
>
> I’m a VNC newbie, and not sure if I got everything configured
> correctly, but YaST2>Security and Users>Firewall reports that SSH server
> and VNC server are Allowed Services for External Zone, and that the
> network interface was in that External Zone.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJlt8q3s42bA80+9kRAsuuAJ9vy1v82Utrncr7hKuXAzJZ4nCieACdH6Ck
iQFU7OhoUAw5x3S3KLVgpBw=
=Rfzp
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, I managed to get mine working. First, export things properly:

export VNC_VIA_CMD=’/usr/bin/ssh -f -L %L:%H:%R %G sleep 20’

Drop this in your ~/.bashrc or ~/.bash_profile for persistence if you
are going to use these same settings over and over, which is likely I
suppose. I had a horrible time until I realized, via the vncviewer man
page, that I had left ‘-f’ out of this environment variable.

Once that is done continue as you were, but with slight modifications.

vncviewer -via remoteSSHServerHere vncServerFromSSHServer:desktop

So for you I think it would be:

vncviewer -via 172.16.1.33 localhost

I don’t know why you have the :2 on your vncviewer line… I don’t see
you specifying desktop 2 in your vncserver line, and maybe that’s your
only hangup currently. If so then take care of that… make sure you
see the vncserver listening where you expect it to on the remote desktop:

netstat -anp | grep 'LISTEN ’ | grep :59

Also there is no reason to have VNC open in your firewall if you are
doing this… go ahead and close it to prevent problems where you THINK
you are using SSH and are secure but accidentally are not. This is
especially true since you are on the same network for everything and
it’s not obvious (from VNC) that you’re not using SSH once you’re in the
client.

Good luck.

ab@novell.com wrote:
> This link may help if you haven’t seen it already:
>
> http://www.vanemery.com/Linux/VNC/vnc-over-ssh.html
>
> Another option is to just tunnel your data directly, though this isn’t
> quite as nice since you need to setup your SSH manually and maintain it
> while in VNC Viewer, but this also works for anything TCP-based so it’s
> not limited to VNC:
>
> ssh -L 5599:localhost:5902 user-alpha@remote-desktop
> #and while leaving that open
> vncviewer localhost:5902
>
>
>
> If you get the ‘-via’ option working let us know how you did it,
> though… it’s certainly a nice option for VNC specifically.
>
> Good luck.
>
>
>
>
>
>
> silentstone wrote:
>>> me@laptop:~> vncviewer -via 172.16.1.33 localhost:2
>>> Password:
>>> Password:
>>> Password:
>>> Permission denied (publickey,keyboard-interactive).
>>> vncviewer: Tunneling command failed: /usr/bin/ssh -f -L
>>> 5599:localhost:5902 172.16.1.33 sleep 20.
>> This happens everytime I attempt to VNC to a openSUSE 11.1 desktop from
>> my openSUSE 11.1 laptop, all on the same small LAN. From my laptop, I
>> SSH into the desktop and start VNC as a normal user:
>
>> Code:
>> --------------------
>> me@laptop #: ssh user-alpha@remote-desktop
>> user-alpha@remote-desktop #: vncserver -depth 8 -geometry 800x600
>> --------------------
>
>> Then, I open another xterm on the laptop and try to access that server,
>> whose IP is 172.16.1.33:
>
>> Code:
>> --------------------
>> me@laptop #: vncviewer -via 172.16.1.33 localhost:2
>> --------------------
>
>> I’m a VNC newbie, and not sure if I got everything configured
>> correctly, but YaST2>Security and Users>Firewall reports that SSH server
>> and VNC server are Allowed Services for External Zone, and that the
>> network interface was in that External Zone.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJluPX3s42bA80+9kRAg1tAJ9V/dlpEjqSJl8mGo/UAsNHggsClQCeOqp7
BBcCZ6FnGGm8UpEuhkknND4=
=cQUm
-----END PGP SIGNATURE-----

It’s not working. I’ve tried VNC with and without SSH, from the laptop and a Windows XP machine on the same LAN, and I only got VNC once–the Windows machine connected as a VNC client and showed an X window lacking any xterm or menu…the connection info called it “nobody’s X” :\ I don’t remember specifying that username anywhere. Anyway, I’ve had no problem SSH’ing into the server, but the VNC keeps failing, especially on the password.

vncviewer -via 172.16.1.33 localhost

I don’t know why you have the :2 on your vncviewer line.

When I started the vncserver, it reported 2 as the desktop number. Like “Xvnc running on remoteSSHServer:2” So, that’s what the number was for.

I’ll wipe my .vnc folder, go over the settings with a finetoothed comb, trackdown the problem.

After a few more failures following explicit guides on VNC-over-SSH, I SSH’d root@remote-server and started cleaning up some stuff. For one, xinetd, which I haven’t really gotten around to using yet, was automatically starting VNC and opening ports (for java web VNC clients?) at 580x. This could account for my own initial vncserver command always starting on ‘remote-server:2’ instead of ‘remote-server:1’. And the laptop from which I’m doing most of the work has long been recognized by another name to the router; I’ve had some SAMBA problems with it, for one. So…

So, on remote-server, went into YaST2. Disabled xinetd, removed VNC server from firewall’s External Zone allowed services. Also, added a new user, vncuser, just for doing VNC with, disabled avahi service in runlevel, saved changes. Then ‘init 3’ to kill all the X processes, and logged out user user-alpha, and closed ssh session.

On lovely-laptop, configured wlan0 connection to only request IP addresses from DHCP with NetworkManager, then went into router settings, and changed name of associated machine to lovely-laptop, from the ‘wolvix’ that has been there for awhile…

SSH’d root@remote-server, and checked on things…


me@lovely-laptop:~> ssh root@remote-server
Password: 
Last login: Tue Feb 17 12:06:56 2009 from lovely-laptop
Have a lot of fun...
remote-server:~ # runlevel
5 3
remote-server:~ # groups
root
remote-server:~ # users
root
remote-server:~ # ps ax|grep blue
32152 pts/0    S+     0:00 grep blue
remote-server:~ # ps ax|grep avahi
32154 pts/0    S+     0:00 grep avahi
remote-server:~ # arp -a
lovely-laptop (172.16.1.34) at 00:12:79:3e:c3:a5 [ether] on eth0
homeportal.gateway.2wire.net (172.16.0.1) at 00:0d:72:3e:0d:21 [ether] on eth0
remote-server:~ # netstat -ta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      
tcp        0      0 *:sunrpc                *:*                     LISTEN      
tcp        0      0 *:ssh                   *:*                     LISTEN      
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      
tcp        0      0 remote-server:ssh                lovely-laptop:53473            ESTABLISHED 
remote-server:~ # netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      
tcp        0    224 172.16.1.33:22          172.16.1.34:53473       ESTABLISHED 
remote-server:~ # 

Now, I want to ‘init 5’ to start X, ‘su vncuser’ and initiate ‘vncserver’. Then log out and close SSH session.