VNC over SSH, a quick HowTo

VNC over SSH, a quick HowTo

I know this area is well documented. However, I still have to search through forums to find the missing information. So, to show my appreciation, I wanted to put this quick notes together. This is very rough. Feedbacks are welcome.

Disclaimer: This instruction is provided AS-IS. Try them at your own risk. For support, try online forums, which will be much faster than what I can do.

What it is?
For VNC, please see http://www.realvnc.com/
For SSH, please see http://www.openssh.com/

Where do I get the software?
For VNC, you can get it from http://www.realvnc.com. If you use Linux, you may already have it. Just do a which command to verify.
For SSH, I assume it is already installed. It is available out-of-box for Solaris 9 or better and Red Hat Linux. For windows client, use PUTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/

How do I install VNC?
For VNC, If you download the software from realvnc.com, you can either follow the installation instruction by running the installation script. What I did for Solaris distribution was keeping all files in a user home directory to avoid using the root account. Make sure you update your PATH environment variable so that the user you want to use to run VNC server have access to it.

How do I configure the VNC Server?
For VNC on RedHat Enterprise Linux 4 beta 2, this is what I did:
IDEC Quality Systems

  • su to root

  • Un-comment the following lines in /etc/sysconfig/vncservers
    VNCSERVERS=”1:myusername”
    VNCSERVERARGS[1]=”-geometry 800×600″

  • su to user you will use for connecting to VNC server

  • Run the vncpasswd command to set the password.

  • Restart VNC Server. Ex: /etc/init.d/sshd restart

For VNC on Solaris, here is what I did:
IDEC Quality Systems

  • In order for VNC to work correctly with SSH, change AllowTcpForwarding parameter to yes in /etc/ssh/sshd_config. Ex: AllowTcpForwarding yes

  • To start VNC server:

    • su to the user that has access to VNC software (if you installed in a user home directory) or use a user of your choice.

    • Run vncserver -geometry 800×600

How do I establish a SSH tunnel?
Below is the command format that I used to establish a SSH tonnel between my client machien and the SSH server machine. Replace SSH_SERVER with the appropriate host name or IP. Replace USER_NAME with the appropriate user name.

/bin/ssh SSH_SERVER -l USER_NAME -L 5901:localhost:5901 -N -f

The above command will drop to background (due to -f option) and you should have your prompt back. Sometimes you may need to change localhost with an IP address, i.e. 127.0.0.1 If you setup your VNC server other than 5901, adjust this command accordingly. To find out which port your VNC server is open at, see VNC server log in .ssh directory in your user home directory on the server side.

How do I verify that the SSH tunnel is valid?
One way to verify the tunnel is to telnet localhost 5901. You should see a RFB… line.

What if I am behind a proxy server?
Check with your network administrator for socks proxy server information. SSH comand can be configured to use a socks proxy server. The one that I used is specific to my environment and therefore it is useless for public sharing at this time. At least I can say that I used -o option to add proxy information.

How to I use VNC over a SSH tunnel?
Just point your VNC client (vncviewer) to localhost:1 or localhost:5901. Then you should be asked to enter a password. If you get an error, check if the tunnel is valid (see above). You can also double check the port number that the VNC server listens.

What if I want to connect to a VNC server that is within a private net protected by a gateway running SSHD?
SSH can also do forwarding, try the following command:

/bin/ssh SSH_SERVER -l USER_NAME -L 5901:MY_VNC_SERVER_HOST:5901 -N -f

Change localhost in the -L option to the IP/host name of your VNC server.

Comments or Suggestions? Please feel free to leave me one!

Advertisements

One thought on “VNC over SSH, a quick HowTo

  1. I think the admin of this website is in fact working hard in favor of his website, as here every stuff is quality based stuff.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s