Linux Blog

Secure VNC By Tunneling with SSH.

Filed under: General Linux,Quick Linux Tutorials — TheLinuxBlog.com at 10:09 pm on Saturday, October 13, 2007

Introduction
Remote administration is either a luxury of necessity when it comes to computing. I don’t know how many times I’ve heard people say they would like to be able to remotely access their files or us their computers. Luckily for Linux users this is an easy task.
VNC (Short for Virtual Network Computing) is used to open up a window of a remote desktop. It was created by Olivetti & Oracle Research Lab and acquired by AT&T, now there are many different flavors of VNC servers and clients available. I recommend the use of TightVNC and x11vnc.

Security
VNC is not a secure protocol by default, passwords and data are transmitted in clear text and can be sniffed by any malicious user. To resolve this problem I introduce SSH Tunneling. As we all know SSH is a secure remote shell and with this we can tunnel ports to create a secure connection.

Server Setup
The First step is to have a VNC server running on the box. I like to use x11vnc as it uses the current X session if its available. After x11vnc is installed make sure that X and x11vnc are running.

Client Setup
On the client a VNC Client is needed any client will do but I recommend using TightVNC or RealVNC.

Commence the tunneling
Once the server and client are set up a SSH connection will have to be set up with local to remote port forwarding. The syntax for this command is:

ssh [-R [bind_address:]port:host:hostport] [user@]hostname

To setup a connection from my laptop to The Linux Blog:

owen@linux-blog-lappy:~$ ssh -R 5999:192.168.1.x:5900 thelinuxblog.com

The “-R port:host:hostport” Portion of the command is the part that sets up the port forwarding. In my above example its telling the SSH client to forward localport 5999 to port 5900 on 192.168.1.x (my laptops IP). Once your SSH connection has been made the VNC Client on your local Linux box can be started.
Each client is different but with TightVNC from your run prompt or terminal you can just type:

vncviewer localhost::5999

This will open up the VNC client on your local machine, connect to your local port that you set up in the SSH connection and tunnel all information through the secure connection.

Conclusion
Voilla! There you have it, you can now use SSH and VNC in unity to achieve secure VNC communications. Neat!

Man Pages for commands in this post »

ssh
vncviewer
x11vnc

2 Comments »

368

Comment by Dave

February 26, 2008 @ 2:07 am

I think its actually easier to just let the TightVNC client create the SSH tunnel for you with the ‘-via’ option. I wrote a little about it on my blog here. I know RealVNC doesn’t support this option so I’d recommend TightVNC over it. I don’t know if UltraVNC does or doesn’t.

BTW, I’d like to see more details on configuring the x11vnc server-side.

369

Comment by Owen

February 26, 2008 @ 9:06 am

Hey great post! I did not know that such a feature existed in TightVNC. For me it seems that RealVNC seems to work faster than TightVNC but that could just be the automatic encoding type. I’ll look into the other VNC Clients and see if they do or not.

I can give some more details about configuring x11vnc server side, thats something thats never even crossed my mind.

- Owen

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>