Linux Blog

Secure VNC By Tunneling with SSH.

Filed under: General Linux,Quick Linux Tutorials — at 10:09 pm on Saturday, October 13, 2007

Remote administration is either a luxury of necessity when it comes to computing. I don’t know how many times I’ve heard people say they would like to be able to remotely access their files or us their computers. Luckily for Linux users this is an easy task.
VNC (Short for Virtual Network Computing) is used to open up a window of a remote desktop. It was created by Olivetti & Oracle Research Lab and acquired by AT&T, now there are many different flavors of VNC servers and clients available. I recommend the use of TightVNC and x11vnc.

VNC is not a secure protocol by default, passwords and data are transmitted in clear text and can be sniffed by any malicious user. To resolve this problem I introduce SSH Tunneling. As we all know SSH is a secure remote shell and with this we can tunnel ports to create a secure connection.

Server Setup
The First step is to have a VNC server running on the box. I like to use x11vnc as it uses the current X session if its available. After x11vnc is installed make sure that X and x11vnc are running.

Client Setup
On the client a VNC Client is needed any client will do but I recommend using TightVNC or RealVNC.

Commence the tunneling
Once the server and client are set up a SSH connection will have to be set up with local to remote port forwarding. The syntax for this command is:

ssh [-R [bind_address:]port:host:hostport] [user@]hostname

To setup a connection from my laptop to The Linux Blog:

owen@linux-blog-lappy:~$ ssh -R 5999:192.168.1.x:5900

The “-R port:host:hostport” Portion of the command is the part that sets up the port forwarding. In my above example its telling the SSH client to forward localport 5999 to port 5900 on 192.168.1.x (my laptops IP). Once your SSH connection has been made the VNC Client on your local Linux box can be started.
Each client is different but with TightVNC from your run prompt or terminal you can just type:

vncviewer localhost::5999

This will open up the VNC client on your local machine, connect to your local port that you set up in the SSH connection and tunnel all information through the secure connection.

Voilla! There you have it, you can now use SSH and VNC in unity to achieve secure VNC communications. Neat!