Virtual Network Computing (VNC) is a desktop sharing system which uses the RFB (Remote FrameBuffer) protocol to remotely control another computer. It transmits the keyboard presses and mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network.
Step by step procedure
You can easily tunnel VNC connections over ssh so that entire traffic get encrypted. Type the following command to tunnel VNC connections over SSH (you need to type command on your desktop computer running UNIX or Linux):
$ ssh -L 5901:localhost:5901 -N -f -l rocky sshserver.mydomain.com
OR
$ ssh -L 5901:127.0.0.1:5901 -N -f -l rocky 192.168.1.100
Where,
- -L 5901:localhost:5901 : Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. Here you are using port 5901 on the localhost to be forward to sshserver.mydomain.com on the 5901 port.
- -N : Do not execute a remote command i.e. just forward ports.
- -f : Requests ssh to go to background just before command execution. Requests ssh to go to background just before command execution. Once password supplied it will go to background and you can use prompt for type commands on local system.
- -l rocky : rocky is the user to log in as on the remote machine (sshserver.mydomain.com).
- sshserver.mydomain.com (192.168.1.100): Remote system with VNC server
In your localhost VNC client use 127.0.0.1:5901 for connection. Make sure you use appropriate port i.e. 5901 (VNC server running on display 1). This tunnel will provide nice enhanced security.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 10 comments… read them below or add one }
Great tutorial, it was clear and the explanation of the switches made it all understandable.
Thanks very much it helped me a great deal.
Thank you, very good and clear. Indeed simpler than that from vnc client on windows
Do you know if I need the SSH protocol over a network and behind a firewall in Window platform using tight VNC?
great reference on a great site! however, following the scenario i am prompted with a password in my vnc client (vinagre) and none of the ones i provide work. any ideas?
sorry, my bad, it was the vnc password
Thanks for this Ho-To. One additional note – you don’t have to specify “localhost” in the ssh -L command….I used this to tunnel from work into my home Linux box, and pointed it at the VNC server running on a laptop on my home network. Now I can nannycam! Here is what I did: ssh -L 5600:10.248.26.18:5900 plony@plony.com
(note, IP numbers/names have been changed to keep honest people honest :-)
Is there a way to force all users to tunnel to use vnc?
I followed these steps and could easily connect to remote machine. But now the problem is my localhost is not working as nginx server is unable to listen to 127.0.0.1. any solution?
For windows, to connect to a remote ssh session just download the free putty program and configure “tunnels” under the “SSH” category. You set the Source port to the local computers port that is connecting (i was connecting to a vnc session) like port 5900 and the destination port to localhost:5900 then when you open your favorit vnc program you can simply connect to the remote computer by typing “localhost” as long as your remote computer is setup to connect on port 5900. Thats my two cents for windows users.
Very clear n concise information.
thanks