Technologist

Tech stuff about Cloud, DevOps, SysAdmin, Virtualization, SAN, Hardware, Scripting, Automation and Development

I have been playing with my raspberry Pi for a while now, while connected to a TV or a monitor(), but the below guide shows how to connect to its console using a serial cable, this allows me to take it on the road and connect to it from my laptop. Also the serial cable provides power to it so I only need to take my Raspberry Pi and my usb-serial cable (as well as the SD card and WIFI adapter) and I have a complete system on the road.

You will need a usb to serial cable like the: USB to TTL Serial Cable – Debug / Console Cable for Raspberry Pi

I am using my Macbook Air and needed to get the following drives for my usb-serial cable:
http://prolificusa.com/pl-2303hx-drivers/
OR
http://changux.co/osx-installer-to-pl2303-serial-usb-on-osx-lio

Install the drivers and reboot.
Once you plug in your device, open your terminal and you will see the drivers under /dev

Connect the usb-serial cable to the Raspberry Pi like this:
raspberry_pi_console_cable

Ok, now that Raspberry Pi is connected to the usb-serial cable and the this to the computer, let’s start our terminal.

You should see the Raspberry Pi starting up and its console messages:
Raspberry Pi Console

Now you can log in and start using your Raspberry Pi, like when it was connected to a TV (of course on command line mode).
Screen Shot 2013-12-05 at 9.36.02 AM

 

This is guide is for the first steps to get started with the Raspberry Pi, I will be working with the Raspberry Pi Model B (http://www.raspberrypi.org/wp-content/uploads/2011/07/RaspiModelB.png)

OS Config:

The first thing you should do, while waiting for the Raspberry Pi to be shipped is to burn the OS in a SD card. When you get a SD card or any piece of hardware or peripheral for the Raspberry Pi be sure to check http://elinux.org/RPi_VerifiedPeripherals

Download an OS to install on the SD card from http://www.raspberrypi.org/downloads
For this guide I am using Raspbian ‘Wheezy’ – which is based on Debian.

To burn the OS on the SD card, on a Mac:
Insert the SD card and find its devide node:

At this point you should have the OS ready on the SD card, if you will be using a TV with HDMI as the display for your Raspberry Pi, skip the next section(HDMI-VGA Adapter Display + Sound Config), otherwise see the ‘HDMI-VGA Adapter Display + Sound Config’ section for how to configure a non-HDMI display

HDMI-VGA Adapter Display + Sound Config::

The raspberry Pi conveniently comes with an HDMI port and also an RCA video port to allow to use a TV to display its output. That is great, but I wanted to use my PC monitor (or one I had lying around) to play with my raspberry Pi.

For those of you who have older monitors and want to use one, know this:
1) If the monitor has a HDMI port, you are all set
2) If the monitor has DVI, you can buy a HDMI to DVI cable
3) If the monitor has VGA, you CANNOT buy a HDMI to VGA cable. This was my situation and what I wanted to do, I wanted to use a small DELL monitor that only had a VGA port.

So, I needed to buy a HDMI to VGA adapter, there are several out there that look like a regular HDMI to VGA cable and they indeed do work with the raspberry Pi, but keep in mind that it will use power to feed the digital to analog conversion, and power is a scarce resource in the Raspberry Pi.

I am using the following adapter, which comes with external power, from Amazon:
Generic PC DVD HDMI to VGA & Audio For HDTV CRT Video Converter Box Adapter 1080P New

To be able to use a HDMI-VGA adapter, you will need to edit a config file, most likely on another computer because the Pi is not available yet due to display not available.

Put the SD card on another computer and edit config.txt

*** To test sound once the Raspberry Pi starts up, plug in speakes to the HDMI-VGA adapter, then type:

Keyboard/Mouse Config:

The Raspberry Pi comes with 2 USB ports, which will be taken by the keyboard and mouse, but I needed another one for the Wifi. So I got the following keyboard which includes a TouchPad, so I don’t need an extra mouse and works perfectly with the Pi and Raspbian:
Smart Touch Mini USB TouchPad Keyboard

Network (WIFI) Config:

On the other USB port I plugged a Edimax EW-7811Un 150 Mbps Wireless 11n Nano Size USB Adapter which works out of the box with Raspbian. You can use the graphical interface to scan and connect, or edit the config file:

Start Up:

After booting your Raspberry Pi you will see a menu, the important things to do are:
1. Expand Filesystem so that the whole SD card is available
2. Change User Password
3. Enable Boot to Desktop – THIS DEPENDS IF YOU THINK YOU WILL BE USING THE DESKTOP MOST OF THE TIME, otherwise dont enable it, and know that from the command line you can start the graphical environment by executing ‘startx’
4. Internationalisation Options
I1 Change Locale – Change to en_US.UTF-8
I2 Change Timezone – US/Eastern
I3 Change Keyboard Layout – English (US)

8. Advanced Options
A2 Hostname
A4 SSH – if you need to enable SSH

Select

// If later you want to go back to this menu, from a terminal type: ‘raspi-config’

You will be left in a command prompt, you can type startx and you will be taken to the graphical interface

That is it, you are all set, enjoy your Raspberry Pi

For a while now, I have been playing with the Soekris SingleBoard Computers (SBCs), they are compact, low-power, low-cost, advanced communication computers based on an up to 500 Mhz 586 class processor. In this particular model 5501, I installed ubunuty JeOS, and it has been my always on computer for a while.

Boot the Soekris while connected via serial. I am using my Macbook Air and needed to get the following drives for my usb-serial cable:
http://prolificusa.com/pl-2303hx-drivers/

Install the drivers and reboot.
Once you plug in your device you will see it under /dev

I had previously configured my soekris to have console speed of 57600 (default baud rate is 19200)

When connecting via console to a device, I usually prefer to use minicom, but you alternatives:

But in this case, because I will be using XMODEM to transfer the bios image I downloaded from Soekris I will use ‘cu’

Download the latest BIOS from soekris’ website:
http://soekris.com/downloads.html

Connect to the serial using ‘cu’

// It will show you the BIOS version, in this case 1.32
// If the below does not show, it is very likely that you need to set ConMute=Disabled, after pressing Ctrl+P to get to the Menu

// Enter Ctrl+P to get to the menu

// Now update the flash with the downloaded image:

// That’s it not reboot and you will see the new version

In this guide I will go through the process of upgrading a NetApp cluster’s Data OnTap, RLM, disk and shelf firmware in a non-disruptive manner.

The following process is for a FAS3040 cluster, but it should work on other series.

Environment:
FAS3040 cluster
OS: DOT 8.0.3P2 7-mode
shelves:
– DS14MK2 (both FC and SATA)
– DS4243 (both SAS and SATA)

Information gathering
Do a sysconfig -v and check for the following:

Usually when I perform an upgrade of OnTap, I take the opportunity (or it may be a requirement) to update disk and shelf firmware.
You need to get the disk, shelf and RLM/SP firmware from netapp’s site support.netapp.com

Steps:
1) Upgrade your RML/SP
Download the latest RLM/SP (4.1) from: https://support.netapp.com/NOW/download/tools/rlm_fw/

Check your RLM/SP version (in this case it is RLM)

Place the RLM_FW.zip on the NetApp controller, under $etc/software, then:

When the system prompts you to reboot the RLM, enter y to continue.

Verify:

2) Upgrade your disk firmware for all the disks that are outdated(do this the night before the DOT upgrade)
To do the disk FW upgrade on the background, check the following is enabled:

toaster> options raid.background_disk_fw_update.enable

From the ‘sysconfig -v‘:
11.22: NETAPP X308_HMARK03TSSM NA01 2538.5GB (5860533168 512B/sect)
Disk X308_HMARK03TSSM with firmware NA01 needs to be upgraded to NA04

Download the latest firmware from: http://support.netapp.com/NOW/download/tools/diskfw/
Place the .LOD file under $etc/disk_fw

You will see that they will start upgrading on the background non-disruptively

3) Upgrade your shelf firmware (same day as DOT upgrade)

Download the latest firmware from: https://support.netapp.com/NOW/download/tools/diskshelf/
Copy the .SFW file and the .FVF file if present to the $etc/shelf_fw and .AFW and its .FVF file to the $etc/acpp_fw directory.

4) Upgrade OnTap
Download ontap from NetApp’s site- in this case 8.1.2
Check its md5 checksum against what netapp posts on their download page to make sure you image is good.

Since we are doing a NDU(non-disruptive-upgrade), please make sure one system can handle your load

On both NetApp controllers:
Download the system files for 8.1.2 (812_q_image.tgz) from the Support Site. Be sure to download the system files that match your node model.
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.

Copy 812_q_image.tgz to $etc/software

Make sure that it is there:

Let NetApp know you are starting the NDU upgrade:

Start the upgrade (-r prevents automatic reboot)

Check the version

Now, use this opportunity to update the shelf firmware

Perform the same process on the other NetApp controller

Now that both controllers have the 8.1.2 DOT version, it is time for takeover in a NDU manner, which will reboot the controller

From controller1 (toaster)

You should wait about 10 minutes before giving back to give the clients an opportunity to stabilize.
On the other controller, you will see (after a reboot)

…After 10 minutes

Check the second controller(toaster2) to ensure that it is running 8.1.2

Wait about 10 minutes, then from toaster2 takeover toaster

You will see on toaster

Now is time to giveback services
On toaster2:

Check the controller to ensure that it is running 8.1.2

Let NetApp know you are done:

That is it, RLM, disk fw, shelf fw and DOT were upgraded in a non-disruptive manner. You can check by running ‘sysconfig -v’

Snapshots are a great feature, probably one of the coolest in virtualization. They can become a problem if they are not used appropriately, unfortunately sometimes we let them grow to an unmanageable size, which can bring performance issues and give us headaches when we need to delete them.

In this post, I will show you how to find out what snapshots are present in your environment, along with some other useful information, like size.

To run the commands below you will need to install PowerCLI (on windows), which is a way to manage a VMware environment programmatically using PowerShell scripting.

To get PowerCLI, go to: www.vmware.com/go/powercli

1) Once you have PowerCLI, open it up, a command prompt will appear:

// At this point you have a session open with your vCenter

2) Query your vCenter to find out what snapshots are present:

Let me explain what is going on:
Get-VM‘ asks for the VMs that are running on your vCenter, PowerCLI returns an object for each VM and you then asks for the snapshots of each returned VM object by using ‘Get-Snapshot‘, then you take that output and format it by using ‘Format-list‘, but you are only asking for the information about ‘vm,name,sizeGB,create,powerstate

You can request any of the following:
Description
Created
Quiesced
PowerState
VM
VMId
Parent
ParentSnapshotId
ParentSnapshot
Children
SizeMB
SizeGB
IsCurrent
IsReplaySupported
ExtensionData
Id
Name
Uid

3) The above will give you the info you want, but I prefer CSV reports that I can share with the team or management. To get a good CSV report run the following:

I recommend taking a look at VMware’s best practices around snapshots:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1025279

Many companies buy wildcard certificates for many reasons: price, management, flexibility, etc.

The following guide shows how to install a wildcard certificate from DigiCert on your NetApp controllers.

You will need the following 3 files in PEM format:
DigiCertCA.pem // This is the Certificate Authority, in this case from DigiCert
wildcard_example_com.pem // This is the wildcard certificate
wildcard_example_com_key.pem // This is the private key

1) Stop SSL on the NetApp controller
filer> secureadmin disable ssl

Now From a Linux/Unix system:

2) mount the NetApp’s vol0
LinuxStation# mkdir /mnt/filer
LinuxStation# mount filer.example.com:/vol/vol0 /mnt/filer

3) Go to the keymgr folder and backup the current certificate and key.

# Backup Certificate
LinuxStation# cd /mnt/filer/etc/keymgr/cert/
LinuxStation:/mnt/filer/etc/keymgr/cert/# mv secureadmin.pem secureadmin.pem.bak

# Backup Key
LinuxStation# cd /mnt/filer/etc/keymgr/key/
LinuxStation:/mnt/filer/etc/keymgr/key/# mv secureadmin.pem secureadmin.pem.bak

4) Create the new files based on the wildcard certificate files, assuming you placed them on /opt/certificates

# Create Certificate
LinuxStation# cd /opt/certificates/
LinuxStation:/opt/certificates/# cat wildcard_example_com.pem DigiCertCA.pem > secureadmin_cert.pem
LinusStation# mv /opt/certificates/secureadmin_cert.pem /mnt/filer/etc/keymgr/cert/secureadmin.pem

# Create Key
LinuxStation# cd /opt/certificates/
LinuxStation:/opt/certificates/# cat wildcard_example_com_key.pem > secureadmin_key.pem
LinusStation# mv /opt/certificates/secureadmin_key.pem /mnt/filer/etc/keymgr/key/secureadmin.pem

5) On the NetApp controller, add the new cert:
filer> secureadmin addcert ssl /etc/keymgr/cert/secureadmin.pem

6) Enable SSL
filer> secureadmin enable ssl

“Git is a free & open source, distributed version control system designed to handle everything from small to very large projects with speed and efficiency.” –http://git-scm.com/

In this guide I will walk you through setting up a Git server and accessing it from a Git client over SSH.

Git Server
I am using CentOS 5.3 as my server.
Hostname: gitserver.example.com
SSH Port: 22444 (As opposed to the default port 22, for increased security)

Install Git

yum install git

Create a folder where you will keep the repositories

mkdir /opt/git

Create a git user and change the owership and permissions of the previously created folder to the new user

useradd -c “Git Repository” git
chown git:git git:git /opt/git/
chmod 770 /opt/git

Create an empty project, I am calling my project ‘myproject’

mkdir /opt/git/myproject.git

Initialize the repository using –bare to only include objects at the server side

cd /opt/git/myproject.git
git –bare init

You are done with the Git server, let’s take a look at the client

Git Client
Install Git on your client.

Debian/Ubuntu:
sudo apt-get install git-core

Red Hat/Centos:
yum install git (I am using the rpmforge repo)

Now it’s time to version-control your project.

Create a new folder to put your code (unless it exists already)

mkdir /home/john/myproject

Now it is time to add your project to Git (locally):

cd /home/john/myproject
git init

Add all the files in the current directory to be source controlled:
git add *

Commit the changes:
git commit -m “Myproject first commit”

Tell the Git client where to find the server and remote repository

git remote add origin ssh://git@gitserver.example.com:22444/opt/git/myproject.git

Push your project to the server

If you have shared SSH keys:
git push origin master

OR If you dont have configured SSH keys:
git push ssh://git@gitserver.example.com:22444/opt/git/myproject.git master

Now your project is under Git source control


Pull/Clone project:

The below will download the project folder in the current folder:

git clone ssh://git@gitserver.example.com:22444/opt/git/myproject.git

When you make changes to your project, you need to tell Git about it and commit the changes:

cd /home/john/myproject
git add *
git status (Check status)
git commit -a -m “A comment describing the change”

VSM High Availability is optional but it is strongly recommended in a production environment.
High availability is accomplished by installing and configuring a secondary VSM.

For instructions on how to install and configure a Primary Cisco 1000v VSM on your vSphere environment please follow
configure-vsphere-and-cisco-nexus-1000v-connecting-to-nexus-5k-upstream-switches

Then come back to this post to learn how to install and configure a secondary VSM for high availability.

1) Check the redundancy status of your primary VSM

// Check Modules

// check HA status

2) Install the secondary VSM from the OVF.
Select to Manually Configure Nexus 1000v and just like the primary installation select the right VLANs for Control, Packet and Management.

When you get to this properties page:

Do not fill in any of the fields, just click next and Finish

3) Power on the Secondary VSM
The system setup script will prompt for the following:

Admin password // Choose your password
VSM Role: secondary // VSM will reboot
Domain ID: 100 // This must be the same domain ID you gave to the primary, I used 100

Once a VSM is set to secondary it will reboot.

4) Verify VSM high availability
Login to VSM and run:

VMware recommends that you run the Primary and the Secondary on different ESX hosts.

5) Test VSM switchover
From the VSM run system switchover to switch between the active and the standby VSMs.

That is it, now you have a highly available Cisco 1000v VSM infrastructure.

The following guide describes the neccessary steps to install and configure a pair of cisco nexus 1000v switches to be used in a vSphere cluster.
These will connect to Cisco Nexus 5020 Upstream Switches.

In this guide the hardware used consists of:

Hardware:
3x HPProliant DL380 G6 with 2 4-port NICs.
2x Cisco 5200Nexus Switches

Software:
vSphere 4 Update 1 Enterprise Plus (needed to use Cisco nexus1000v)
vCenter installed as a virtual machine – 192.168.10.10 (on VLAN 10)
Cisco Nexus 1000v 4.0.4.SV1.3b –
Primary 192.168.101.10 domain id 100 (on VLAN 101)

I am assuming you have already installed and configured vCenter and the ESX cluster.

Cisco recommends that you use 3 separate VLANs for Nexus traffic, I am using the following VLANs:

100 – Control – Control connectivity between Nexus 1000V VSM and VEMs (Non Routable)
101 – Management – ssh/telnet/scp to the cisco Nexux 1000v int mgmt0 (Routable)
102 – Packet – Internal connectivity between Nexus 1000v (Non Routable)

And I will also use VLAN 10 and 20 for VM traffic (10 for Production, 20 for Development)

1) Install vSphere (I assume you have done this step)

2) Configure Cisco Nexus 5020 Upstream Switchports

You need to configure the ports on the upstream switches in order to pass VLAN information to the ESX hosts’ uplink NICs

On the Nexus5020s, run the following:

// These commands give a description to the port and allow trunking of VLANs.
// The allowed VLANs are listed
// spanning-tree port type edge trunk is the recommended spanning-tree type

interface Ethernet1/1/10
description “ESX1-eth0”
switchport mode trunk
switchport trunk allowed vlan 10-20,100-102
spanning-tree port type edge trunk

3) Service Console VLAN !!!

When I installed the ESX server, I used the native VLAN, but after you change the switch port from switchport mode access to switchport mode trunk, the ESX server needs to be configured to send specific VLAN traffic to the Service Console.
My Service Console IP is 192.168.10.11 on VLAN 10, so you will need to console to the ESX host and enter the following:

[root@esx1]# esxcfg-vswitch -v 10 -p “Service Console” vSwitch0

4) Add Port Groups for the Control,Packet and Management VLANs.
I add these Port Groups to VMware Network Virtual Switch vSwitch0 on all the ESX hosts. Make sure to select the right VLANs for your environment.

5) Now that you have configured the Control,Packet and Management Port Groups with their respective VLANs, you can install the Cisco Nexus 1000v.
I chose to install the Virtual Appliace (OVA) file downloaded from Cisco. The installation is very simple, make sure to select to Manually Configure Nexus 1000v and to Map the VLANs to Control, Packet and Management. The rest is just like installing a regular virtual appliance.

6) Power on and open a console window to the Nexus1000v VM(appliance) you just installed. A setup script will start running and will ask you a few questions.

admin password
domain ID // This is used to identify the VSM and VEM. If you want to have 2 Nexus 1000v for high availability, both Nexus 1000v will use the same domain ID. I chose 100
High Availability mode // If you plan to use 2 Nexus 1000v for high availability, then for the first installation select primary, otherwise standalone
Network Information // Things like IP, netmask, gateway Disable Telnet! Enable SSH!
The other stuff we will configure later (Not from the Setup script)

7) Register vCenter Nexus 1000v Plug-in
Once you have the Nexus 1000v basics configured, you should be able to access it. Try to SSH to it (Hopefully you enabled SSH).
Open a browser and point it to the Nexus 1000v management IP address (in this case 192.168.101.10) and you will get a webpage like the following

  • Download the cisco_nexus_1000v_extension.xml
  • Open vSphere client and connect to the vCenter.
  • Go to Plug-ins > Manage Plug-ins
  • Right-click under Available Plug-ins and select New Plu-ins, Browse to the cisco_nexus_1000v_extension.xml
  • Click Register Plug-in (disregard security warning about new SSL cert)

You do NOT need to Download and Install the Plug-in, just Register it.

Now we can start the “advanced” configuration of the Nexus 1000v

8 ) Configure SVS domain ID on VSM

n1kv(config)# svs-domain
n1kv(config-svs-domain)# domain id 100
n1kv(config-svs-domain)# exit

9) Configure Control and Packet VLANs

n1kv(config)# svs-domain
n1kv(config-svs-domain)# control vlan 100
n1kv(config-svs-domain)# packet vlan 102
n1kv(config-svs-domain)# svs mode L2
n1kv(config-svs-domain)# exit

10) Connect Nexus 1000v to vCenter
In this step we are defining the SVS connection which is the link between the VSM and vCenter.

n1kv(config)# svs connection vcenter
n1kv(config-svs-conn)# protocol vmware-vim
n1kv(config-svs-conn)# vmware dvs datacenter-name myDatacenter
n1kv(config-svs-conn)# remote ip address 192.168.10.10
n1kv(config-svs-conn)# connect
n1kv(config-svs-conn)# exit
n1kv(config)# exit
n1kv# copy run start

//Verify the SVS connection

12) Create the VLANs on the VSM

n1kv# conf t
n1kv(config)# vlan 100
n1kv(config-vlan)# name Control
n1kv(config-vlan)# exit
n1kv(config)# vlan 102
n1kv(config-vlan)# name Packet
n1kv(config-vlan)# exit
n1kv(config)# vlan 101
n1kv(config-vlan)# name Management
n1kv(config-vlan)# exit
n1kv(config)# vlan 10
n1kv(config-vlan)# name Production
n1kv(config-vlan)# exit
n1kv(config)# vlan 20
n1kv(config-vlan)# name Development
n1kv(config-vlan)# exit

// Verify VLANs

13) Create Uplink Port-Profile
The Cisco Nexus 1000v acts like the VMware DVS. Before you can add hosts to the Nexus1000v you will need to create uplink port-profiles; which will allow VEMs to connect with the VSM.

n1kv(config)# port-profile system-uplink
n1kv(config-port-prof)# switchport mode trunk
n1kv(config-port-prof)# switchport trunk allowed vlan 10,20,100-102
n1kv(config-port-prof)# no shutdown
n1kv(config-port-prof)# system vlan 100,102
n1kv(config-port-prof)# vmware port-group dv-system-uplink
n1kv(config-port-prof)# capability uplink
n1kv(config-port-prof)# state enabled

// Verify Uplink Port-Profile

14) It is now time to install the VEM on the ESX hosts.
The preferred way to do this is using VUM(VMware Update Manager). If you have VUM in the system the installation will be very simple.
Simply go to Home->Inventory->Networking
Right Click on the Nexus Switch and add host

// Verify that the task is successfull

// Also take a look at the VSM console

// Do the same for all the other ESX Hosts

15) Create the Port-Profile(s) (VMware Port-Groups)
Port-Profile configure interfaces on the VEM.
From the VMware point of view a port-profile is represented as a port-group.

// The Port-Profile below will be the VLAN 10 PortGroup on vCenter

n1kv# conf t
n1kv(config)# port-profile VLAN_10
n1kv(config-port-prof)# vmware port-group
n1kv(config-port-prof)# switchport mode access
n1kv(config-port-prof)# switchport access vlan 10
n1kv(config-port-prof)# vmware max-ports 200 // By default it has only 32 ports, I want 200 available
n1kv(config-port-prof)# no shutdown
n1kv(config-port-prof)# state enabled
n1kv(config-port-prof)# exit

16) Select the PortGroup you want your VM to connect to

17) Verify Port Profile/Port Groups from the VSM console

At this point you are ready to use the Cisco 1000v, but if you plan to run this in a production environment, it is strongly recommended you run the VSM in High Availability mode.
Follow this post to learn how to install and configure VSM High Availability:
cisco-nexus-1000v-vsm-high-availability

Running on runlevel 5 is not a good idea for a server, I try to run servers on runlevel 3 with as minimal packages as needed. But sometimes you need a graphical application or a browser for some reason or another. You can use VNC to connect to the server and do it over SSH to make sure the communication is encrypted.

This guide is to enable VNC over SSH on a Linux Server. I will use CentOS 5.2 server for this guide.

I will allow only user john to be able to VNC/SSH to the server. Since I will be testing GUI based stuff, I will need a graphical environment installed. I do not need to run my server in graphical mode, but I need to have the proper packages installed.

1) Install the X Window System group

[root@server ~]# yum groupinstall “X Window System”

2) Install the vncserver

[root@server ~]# yum install vnc-server

3) As the user that will use VNC, create VNC password

[john@server ~]$ vncpasswd

4) Modify VNC configuration to allow X (/home/john/.vnc/xstartup)

5) Start the vncserver as the user who will have access, use a display number that you will remember, here I am using 2. Also use the following arguments to make sure it ONLY listens to the localhost.

[john@server ~]$ vncserver :2 -geometry 1024×768 -nolisten tcp -nohttpd -localhost

6) Check that the VNC service is only listening locally

[john@server ~]$ netstat -ntlp

tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 7927/Xvnc

7) Ok, now lets connect using VNC over SSH
From a remote station you will start an SSH session and forward an arbitrary port(e.g. 5544) to the vnc server’s localhost address on port 5092. (It ends with 2 because you started the vnc server with :2)
That means that whenever you are on Server2 and you send packets to localhost on port 5544, those packets will be forwarded through the SSH tunnel to the vnc Server localhost on port 5902.

[alex@server2 ~]$ ssh -L5544:localhost:5902 john@server.example.com

8 ) Now on Server2 start a VNC client/viewer and on the server address, enter:

localhost:5544

9) Enjoy your secure VNC session!

VNC over SSH

VNC over SSH