Neutral Axis

Secure VNC Remote Control Using SSH

by on May.17, 2009, under Uncategorized


Angelina Jolie in Hackers

OK, so maybe Angelina hacking into your computer isn’t so bad, but in general, keeping things secure is a good thing.  So thanks again to Steve from OZLUG for helping get me started accessing my Linux machine via VNC through a SSH tunnel for security.  VNC is an open source remote control program that provides the same sort of capabilities as commercial products like LogMeIn and GoToMyPC.  Unlike those products though, VNC has no built-in security encryption, so any work done through VNC is subject to eavesdropping.  These notes describe how to use SSH to generate a secure tunnel that is then used by VNC to make its connection.  They’re as much for me as for anyone else who might find it useful.


What we’re trying to do is create a secure connection between the remote computer and the local computer.  We’ll use SSH directly in Linux, and with PuTTY in Windows to create a secure link between the remote host’s IP and port to a local port at localhost.  Then the local VNC client will connect to this local link.  Thus, the insecure VNC connection is confined to the local machine and is secured as it heads out to the network.

Server Side Instructions:

Step 1:  If SSHD hasn’t been installed, do that first.  I believe its there by default with current Ubuntu distros, so I’m not covering that here.

Step 2:  Install a VNC server on the Linux machine.  I’m using Vino, and already had that too.  TightVNCserver should also work.

Step 3:  Since I”m behind a router, I have to open a port through which to communicate with SSH.  The standard port used by SSH is 22.  I chose to use a different port number for the exterior world and have the router’s port forwarding change it from the external port number to 22 inside the network.  Depending on the router being used, that option may not be available, in which case you’d need to stick with port 22.

Client Side Instructions (Using PuTTY from WindowsXP)

Step 4:  Install a VNC client on WindowsXP.  I’m using TightVNC.

Step 5:  Install PuTTY on WindowsXP.  PuTTY is the SSH client.

Step 6:  Run PuTTY and put in the IP or hostname of the Linux machine and the external port number you’ve chosen.  For argument sake, I’ll say the external port is 1234.  If you’re using standard ports, use 22.


Step 7:  Find the Tunneling option in PuTTY and put in the IP or hostname and port 5900.  5900 is used because its the default port for VNC.


Step 8:  Start the PuTTY session.  If the proper ports are open and SSH is running, you should get a prompt for your password and then be shown a command line from the remote computer.

Step 9:  Start TightVNC and put in “localhost” as the remote machine’s hostname.  You might be asked again for a password and will then see your remote machine’s desktop.


Client Side Instructions (Using SSH from Linux)

Step 4:  Install a VNC client in Linux.  I installed xtightVNCviewer, but was a little surprised that you don’t actually run any program by that name.  Instead you run Terminal Service Client and choose the VNC protocol.  Its the TightVNC installation that adds the VNC option to the protocol list.

Step 5:  Open a terminal window and execute one of these commands, substituting your real username and hostname:

(If using port 22) ssh -X -Y -C -g -L 5900:localhost:5900 username@hostname
(If using port 1234) ssh -p 1234 -X -Y -C -g -L 5900:localhost:5900 username@hostname

Step 6:  Start Terminal Server Client and put in “localhost” as the remote machine’s hostname and choose VNC as the protocol.  Click “connect” and you should see your remote desktop.


Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!


A few highly recommended websites...