diff options
Diffstat (limited to 'x11vnc/help.c')
| -rw-r--r-- | x11vnc/help.c | 187 |
1 files changed, 145 insertions, 42 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c index 7d41797..3ea9606 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -400,7 +400,7 @@ void print_help(int mode) { "-http_ssl As -http, but force lookup for ssl classes subdir.\n" #endif "\n" -"-avahi Use the Avahi/mDNS ZeroConf protocol to advertize\n" +"-avahi Use the Avahi/mDNS ZeroConf protocol to advertise\n" " this VNC server to the local network. (Related terms:\n" " Rendezvous, Bonjour). Depending on your setup, you\n" " may need to start avahi-daemon and open udp port 5353\n" @@ -432,8 +432,67 @@ void print_help(int mode) { "-connect_or_exit str As with -connect, except if none of the reverse\n" " connections succeed, then x11vnc shutdowns immediately.\n" "\n" -" If you do not want x11vnc to listen on ANY interface\n" -" use -rfbport 0\n" +" By the way, if you do not want x11vnc to listen on\n" +" ANY interface use -rfbport 0 which is handy for the\n" +" -connect_or_exit mode.\n" +"\n" +"-proxy string Use proxy in string (e.g. host:port) as a proxy for\n" +" making reverse connections (-connect or -connect_or_exit\n" +" options).\n" +"\n" +" Web proxies are supported, but note by default most of\n" +" them only support destination connections to ports 443\n" +" or 563, so this might not be very useful (the viewer\n" +" would need to listen on that port or the router would\n" +" have to do a port redirection).\n" +"\n" +" A web proxy may be specified by either \"host:port\"\n" +" or \"http://host:port\" (the port is required even if\n" +" it is the common choices 80 or 8080)\n" +"\n" +" SOCKS4, SOCKS4a, and SOCKS5 are also supported.\n" +" SOCKS proxies normally do not have restrictions on the\n" +" destination port number.\n" +"\n" +" Use a format like this: socks://host:port or\n" +" socks5://host:port. Note that ssh -D does not support\n" +" SOCKS4a, so use socks5://. For socks:// SOCKS4 is used\n" +" on a numerical IP and \"localhost\", otherwise SOCKS4a\n" +" is used (and so the proxy tries to do the DNS lookup).\n" +"\n" +" An experimental mode is \"-proxy http://host:port/...\"\n" +" Note the \"/\" after the port that distinguishes it from\n" +" a normal web proxy. The port must be supplied even if\n" +" it is the default 80. For this mode a GET is done to\n" +" the supplied URL with the string host=H&port=P appended.\n" +" H and P will be the -connect reverse connect host\n" +" and port. Use the string \"__END__\" to disable the\n" +" appending. The basic idea here is that maybe some cgi\n" +" script provides the actual viewer hookup and tunnelling.\n" +" How to actually achieve this within cgi, php, etc. is\n" +" not clear... A custom web server or apache module\n" +" would be straight-forward.\n" +"\n" +" Another experimental mode is \"-proxy ssh://user@host\"\n" +" in which case a SSH tunnel is used for the proxying.\n" +" \"user@\" is not needed unless your unix username is\n" +" different on \"host\". For a non-standard SSH port\n" +" use ssh://user@host:port. If proxies are chained (see\n" +" next paragraph) then the ssh one must be the first one.\n" +" If ssh-agent is not active, then the ssh password needs\n" +" to be entered in the terminal where x11vnc is running.\n" +" Examples:\n" +"\n" +" -connect localhost:0 -proxy ssh://me@friends-pc:2222\n" +"\n" +" -connect snoopy:0 -proxy ssh://ssh.company.com\n" +"\n" +" Multiple proxies may be chained together in case one\n" +" needs to ricochet off of a number of hosts to finally\n" +" reach the VNC viewer. Up to 3 may be chained, separate\n" +" them by commas in the order they are to be connected to.\n" +" E.g.: http://host1:port1,socks5://host2:port2 or three\n" +" like: first,second,third\n" "\n" "-vncconnect Monitor the VNC_CONNECT X property set by the standard\n" "-novncconnect VNC program vncconnect(1). When the property is\n" @@ -578,7 +637,7 @@ void print_help(int mode) { " If multiple non-blank lines exist in the file they are\n" " all taken as valid passwords. Blank lines are ignored.\n" " Password lines may be \"commented out\" (ignored) if\n" -" they begin with the charactor \"#\" or the line contains\n" +" they begin with the character \"#\" or the line contains\n" " the string \"__SKIP__\". Lines may be annotated by use\n" " of the \"__COMM__\" string: from it to the end of the\n" " line is ignored. An empty password may be specified\n" @@ -721,7 +780,7 @@ void print_help(int mode) { "-unixpw_nis [list] As -unixpw above, however do not use su(1) but rather\n" " use the traditional getpwnam(3) + crypt(3) method to\n" " verify passwords. All of the above -unixpw options and\n" -" contraints apply.\n" +" constraints apply.\n" "\n" " This mode requires that the encrypted passwords be\n" " readable. Encrypted passwords stored in /etc/shadow\n" @@ -1090,6 +1149,11 @@ void print_help(int mode) { " with libssl support it will exit immediately when -ssl\n" " is prescribed.\n" "\n" +" The VNC Viewer-side needs support SSL as well.\n" +" See this URL and also the discussion below for ideas\n" +" on how to enable SSL support for the viewer:\n" +" http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers\n" +"\n" " [pem] is optional, use \"-ssl /path/to/mycert.pem\"\n" " to specify a PEM certificate file to use to identify\n" " and provide a key for this server. See openssl(1) for\n" @@ -1098,12 +1162,12 @@ void print_help(int mode) { " The connecting VNC viewer SSL tunnel can optionally\n" " authenticate this server if they have the public\n" " key part of the certificate (or a common certificate\n" -" authority, CA, is a more sophisicated way to verify\n" +" authority, CA, is a more sophisticated way to verify\n" " this server's cert, see -sslGenCA below). This is\n" " used to prevent man-in-the-middle attacks. Otherwise,\n" " if the VNC viewer accepts this server's key without\n" " verification, at least the traffic is protected\n" -" from passive sniffing on the network (but NOT from\n" +" from passive sniffing on the network (but *NOT* from\n" " man-in-the-middle attacks).\n" "\n" " If [pem] is not supplied and the openssl(1) utility\n" @@ -1136,6 +1200,8 @@ void print_help(int mode) { " made based on your answers to its prompts for info such\n" " as OrganizationalName, CommonName, etc.\n" "\n" +" We expect most users to use \"-ssl SAVE\".\n" +"\n" " Use \"SAVE-<string>\" and \"SAVE_PROMPT-<string>\"\n" " to refer to the file ~/.vnc/certs/server-<string>.pem\n" " instead. E.g. \"SAVE-charlie\" will store to the file\n" @@ -1146,20 +1212,14 @@ void print_help(int mode) { "\n" " Example: x11vnc -ssl SAVE -display :0 ...\n" "\n" -#if 0 -" Reverse connections are disabled in -ssl mode because\n" -" there is no way to ensure that data channel will\n" -" be encrypted. Set X11VNC_SSL_ALLOW_REVERSE=1 to\n" -" override this.\n" -"\n" -#endif -" Your VNC viewer will also need to be able to connect\n" +" Your VNC viewer will need to be able to connect\n" " via SSL. See the discussion below under -stunnel and\n" -" the FAQ (ss_vncviewer script) for how this might be\n" -" achieved. E.g. on Unix it is easy to write a shell\n" -" script that starts up stunnel and then vncviewer.\n" -" Also in the x11vnc source a SSL enabled Java VNC Viewer\n" -" applet is provided in the classes/ssl directory.\n" +" http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers\n" +" for how this might be achieved. E.g. on Unix it is\n" +" easy to write a shell script that starts up stunnel\n" +" and then vncviewer. Also in the x11vnc source a SSL\n" +" enabled Java VNC Viewer applet is provided in the\n" +" classes/ssl directory.\n" "\n" "-ssltimeout n Set SSL read timeout to n seconds. In some situations\n" " (i.e. an iconified viewer in Windows) the viewer stops\n" @@ -1326,7 +1386,7 @@ void print_help(int mode) { " Once you have generated the CA you can distribute\n" " its certificate part, [dir]/CA/cacert.pem, to other\n" " workstations where VNC viewers will be run. One will\n" -" need to \"import\" this certicate in the applications,\n" +" need to \"import\" this certificate in the applications,\n" " e.g. Web browser, Java applet plugin, stunnel, etc.\n" " Next, you can create and sign keys using the CA with\n" " the -sslGenCert option below.\n" @@ -1400,7 +1460,7 @@ void print_help(int mode) { " Similar to -sslGenCA, you will be prompted to fill\n" " in some information that will be recorded in the\n" " certificate when it is created. Tip: if you know\n" -" the fully-quailified hostname other people will be\n" +" the fully-qualified hostname other people will be\n" " connecting to you can use that as the CommonName \"CN\"\n" " to avoid some applications (e.g. web browsers and java\n" " plugin) complaining it does not match the hostname.\n" @@ -1408,7 +1468,7 @@ void print_help(int mode) { " You will also need to supply the CA private key\n" " passphrase to unlock the private key created from\n" " -sslGenCA. This private key is used to sign the server\n" -" or client certicate.\n" +" or client certificate.\n" "\n" " The \"server\" certs can be used by x11vnc directly by\n" " pointing to them via the -ssl [pem] option. The default\n" @@ -1621,13 +1681,51 @@ void print_help(int mode) { "\n" " This spares the user from having to type in\n" " https://mygateway.com/?PORT=443 into their web\n" -" browser. Note taht port 443 is the default https port;\n" -" other ports must be explicity indicated, for example:\n" +" browser. Note that port 443 is the default https port;\n" +" other ports must be explicitly indicated, for example:\n" " https://mygateway.com:8000/?PORT=8000. To avoid having\n" " to include the PORT= in the browser URL, simply supply\n" " \"-httpsredir\" to x11vnc.\n" "\n" #endif +"-ssh user@host:disp Create a remote listening port on machine \"host\"\n" +" via a SSH tunnel using the -R rport:localhost:lport\n" +" method. lport will be the local x11vnc listening port,\n" +" so a connection to rport (5900+disp) on \"host\"\n" +" will reach x11vnc. E.g. fred@snoopy.com:0\n" +"\n" +" This could be useful if a firewall/router prevents\n" +" incoming connections to the x11vnc machine, but\n" +" the ssh machine \"host\" can be reached by the VNC\n" +" viewer. \"user@\" is not needed unless the remote unix\n" +" username differs from the current one.\n" +"\n" +" By default the remote sshd is usually configured to\n" +" only listen on localhost for rport, so the viewer may\n" +" need to ssh -L redir to \"host\" as well (See SSVNC to\n" +" automate this). The sshd setting GatewayPorts enables\n" +" listening on all interfaces for rport; viewers can\n" +" reach it more easily.\n" +"\n" +" \"disp\" is the VNC display for the remote SSH side,\n" +" e.g. 0 corresponds to port 5900, etc. If disp is\n" +" greater than 200 the value is used as the port. Use a\n" +" negative value to force a low port, e.g. host:-80 will\n" +" use port 80.\n" +"\n" +" If ssh-agent is not active, then the ssh password needs\n" +" to be entered in the terminal where x11vnc is running.\n" +"\n" +" By default the remote ssh will issue a 'sleep 300' to\n" +" wait for the incoming connection for 5 mins. To modify\n" +" this use user@host:disp+secs.\n" +"\n" +" If the remote SSH server is on a non-standard port\n" +" (i.e. not 22) use user@host:port:disp+secs.\n" +"\n" +" Note that the ssh process may NOT be killed when\n" +" x11vnc exits. It tries by looking at ps(1) output.\n" +"\n" "-usepw If no other password method was supplied on the command\n" " line, first look for ~/.vnc/passwd and if found use it\n" " with -rfbauth; next, look for ~/.vnc/passwdfile and\n" @@ -1674,7 +1772,7 @@ void print_help(int mode) { " in RFB_CLIENT_COUNT. RFB_MODE will be \"accept\".\n" " RFB_STATE will be PROTOCOL_VERSION, SECURITY_TYPE,\n" " AUTHENTICATION, INITIALISATION, NORMAL, or UNKNOWN\n" -" indicating up to which state the client has acheived.\n" +" indicating up to which state the client has achieved.\n" " RFB_LOGIN_VIEWONLY will be 0, 1, or -1 (unknown).\n" " RFB_USERNAME, RFB_LOGIN_TIME, and RFB_CURRENT_TIME may\n" " also be set.\n" @@ -2913,7 +3011,7 @@ void print_help(int mode) { "-nowait_bog Do not detect if the screen polling is \"bogging down\"\n" " and sleep more. Some activities with no user input can\n" " slow things down a lot: consider a large terminal window\n" -" with a long build running in it continously streaming\n" +" with a long build running in it continuously streaming\n" " text output. By default x11vnc will try to detect this\n" " (3 screen polls in a row each longer than 0.25 sec with\n" " no user input), and sleep up to 1.5 secs to let things\n" @@ -3110,7 +3208,7 @@ void print_help(int mode) { " so take care.\n" "\n" " If the string begins with \"video\", see the VIDEO4LINUX\n" -" discusion below where the device may be queried for\n" +" discussion below where the device may be queried for\n" " (and possibly set) the framebuffer parameters.\n" "\n" " If the string begins with \"console\", \"/dev/fb\", or\n" @@ -3668,10 +3766,10 @@ void print_help(int mode) { " nohttp disable http client connections.\n" " deny deny any new connections, same as \"lock\"\n" " nodeny allow new connections, same as \"unlock\"\n" -" avahi enable avahi service advertizing.\n" -" noavahi disable avahi service advertizing.\n" -" mdns enable avahi service advertizing.\n" -" nomdns disable avahi service advertizing.\n" +" avahi enable avahi service advertising.\n" +" noavahi disable avahi service advertising.\n" +" mdns enable avahi service advertising.\n" +" nomdns disable avahi service advertising.\n" /* access, filename */ " connect:host do reverse connection to host, \"host\"\n" " may be a comma separated list of hosts\n" @@ -3684,6 +3782,8 @@ void print_help(int mode) { " If you know the client internal hex ID,\n" " e.g. 0x3 (returned by \"-query clients\"\n" " and RFB_CLIENT_ID) you can use that too.\n" +" proxy:host:port set reverse connection proxy (empty to\n" +" disable).\n" /* access */ " allowonce:host For the next connection only, allow\n" " connection from \"host\".\n" @@ -3819,11 +3919,14 @@ void print_help(int mode) { " noncache_no_moveraise disable no_moveraise mode.\n" " ncache_no_dtchange enable ncache_no_dtchange mode.\n" " noncache_no_dtchange disable ncache_no_dtchange mode.\n" +" ncache_old_wm enable ncache_old_wm mode.\n" +" noncache_old_wm disable ncache_old_wm mode.\n" " ncache_no_rootpixmap enable ncache_no_rootpixmap.\n" " noncache_no_rootpixmap disable ncache_no_rootpixmap.\n" " ncache_reset_rootpixmap recheck the root pixmap, ncrp\n" " ncache_keep_anims enable ncache_keep_anims.\n" " noncache_keep_anims disable ncache_keep_anims.\n" +" ncache_pad:n set -ncache_pad to n.\n" " wireframe enable -wireframe mode. same as \"wf\"\n" " nowireframe disable -wireframe mode. same as \"nowf\"\n" " wireframe:str enable -wireframe mode string.\n" @@ -3981,8 +4084,8 @@ void print_help(int mode) { " 8to24_opts 24to32 no24to32 visual scale scale_cursor\n" " viewonly noviewonly shared noshared forever noforever\n" " once timeout tightfilexfer notightfilexfer ultrafilexfer\n" -" noultrafilexfer rfbversion deny lock nodeny unlock\n" -" avahi mdns noavahi nomdns connect allowonce allow\n" +" noultrafilexfer rfbversion deny lock nodeny unlock avahi\n" +" mdns noavahi nomdns connect proxy allowonce allow\n" " localhost nolocalhost listen lookup nolookup accept\n" " afteraccept gone shm noshm flipbyteorder noflipbyteorder\n" " onetile noonetile solid_color solid nosolid blackout\n" @@ -4004,12 +4107,12 @@ void print_help(int mode) { " nodragging ncache_cr noncache_cr ncache_no_moveraise\n" " noncache_no_moveraise ncache_no_dtchange\n" " noncache_no_dtchange ncache_no_rootpixmap\n" -" noncache_no_rootpixmap ncache_reset_rootpixmap\n" +" noncache_no_rootpixmap ncache_reset_rootpixmap ncrp\n" " ncache_keep_anims noncache_keep_anims ncache_old_wm\n" -" noncache_old_wm ncache noncache ncache_size debug_ncache\n" -" nodebug_ncache wireframe_mode wireframe wf nowireframe\n" -" nowf wireframelocal wfl nowireframelocal nowfl\n" -" wirecopyrect wcr nowirecopyrect nowcr scr_area\n" +" noncache_old_wm ncache_pad ncache noncache ncache_size\n" +" debug_ncache nodebug_ncache wireframe_mode wireframe wf\n" +" nowireframe nowf wireframelocal wfl nowireframelocal\n" +" nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area\n" " scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n" " scr_parms scrollcopyrect scr noscrollcopyrect noscr\n" " fixscreen noxrecord xrecord reset_record pointer_mode\n" @@ -4074,7 +4177,7 @@ void print_help(int mode) { " command was processed by querying for any new settings.\n" " Note however that there is timeout of a few seconds so\n" " if the x11vnc takes longer than that to process the\n" -" requests the requestor will think that a failure has\n" +" requests the requester will think that a failure has\n" " taken place.\n" "\n" "-noremote Do not process any remote control commands or queries.\n" @@ -4120,7 +4223,7 @@ void print_help(int mode) { " associated options is:\n" "\n" " stunnel, ssl, unixpw, WAIT, id, accept, afteraccept,\n" -" gone, pipeinput, v4l-info, rawfb-setup, dt, gui,\n" +" gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh,\n" " storepasswd, passwdfile, custom_passwd, crash.\n" "\n" " See each option's help to learn the associated external\n" @@ -4257,7 +4360,7 @@ void xopen_display_fail_message(char *disp) { " the secret key that\n"); fprintf(stderr, " allows x11vnc to connect to the desired" " X DISPLAY.\n"); - fprintf(stderr, " - You can explicity indicate which MIT-MAGIC-COOKIE" + fprintf(stderr, " - You can explicitly indicate which MIT-MAGIC-COOKIE" " file should be used\n"); fprintf(stderr, " by the -auth option, e.g.:\n"); fprintf(stderr, " x11vnc -auth /home/someuser/.Xauthority" |