I have UNIX workstation and Linux server at work and Ubuntu desktop at home. It is recommended that I use ssh tunnel the VNC protocol for secure communication. How do I access my UNIX workstation desktop here at home over the Internet using ssh?
VNC can be accessed over the Internet using ssh protocol. This will improve security as traffic will be encrypted.
Sample Setup
pc22.nixcraft.in
+----------------+ +-----------------+
| Laptop @ Home |---> Internet ---> | UNIX PC @ Work |
+----------------+ +-----------------+
vncserver port 5901
OR
+----------------+ +-----------------+
| Laptop @ Home |---> Internet ---> | Router/firewall |
+----------------+ | port forwarding |
+-----------------+
| fw.nixcraft.in ssh/tcp22
|
///\\\
// \\
/ \
+-----------------+
| UNIX/Linux /OS X|
| at work |
+-----------------+
pc22.nixcraft.in
vncserver @ port 5901
Your work pc may be directly connected to the Internet. Otherwise most offices have a router and firewall installed. You need to make sure your firewall allows port forwarding for TCP port 22 to your UNIX / OS X / workstation or server called pc22.nixcraft.in. It works as follows:
+------------+
| SSH Client |-------> Internet ssh connection with encryption
| with | |
| vncviewer | |
+------------+ |
\|/
+------------------------+
| SSH server at port 22 |
| Vncserver at port 5501 |
+------------------------+
You connect from your local ssh client (localhost) to your ssh server (pc22.nixcraft.in) installed at your work UNIX pc with port forwarding at router / firewall level. I'm assuming that port forwarding is correctly configured at your office. Now, open the terminal and type the following command:
ssh -N -f -L 5000:localhost:5901 vivek@pc22.nixcraft.i
The above command will start an ssh connection to pc22.nixcraft.in and also listen on port 5000 on localhost and forward vnc connection to port 5901 on pc22.nixcraft.in. Usaully local and remote port numbers are same to avoid confusion:
ssh -N -f -L 5901:localhost:5901 vivek@pc22.nixcraft.i
Now, you can use vncviewer at your home as follows:
vncviewer localhost:5901
You can also use GUI tool and set VNC server location to localhost:5901
Fig.01: Setup ssh to tunnel VNC traffic over the Internet
Once connected you will get desktop login windows or last session window as follows:
Fig.02: VNC in action and more secure using SSH
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 3 comments… read them below or add one }
Awesome – I can use this at work. Thanks,
Superb …..very much informative
how do you expect to log in to your company’s network without a VPN to allow port 22. Why would your sever be directly connected to the internet?