Wednesday, October 2, 2002

VNC through SSH

VNCViewerAT&T Research Labs developed Virtual Network Computing (VNC) as a means to remotely control your servers over the network. It's similar, in function, to PCAnywhere with one MAJOR exception: it's free! RealVNC now maintains the original VNC product.

AT&T provided information (link to archive) about configuring SSH and VNC to work together for a more secure connection. They also have Windows specific information (link to archive). This document was based on their information and blood, sweat and tears. ;-)



In order to initiate the secure connection, you'll need to connect with SSH:

ssh -T -L 5901:myvncserver:5900 -C -N username@mysshserver

To break this down,

  • The "-T" tells SSH not to allocate a tty for shell related activities. This is an optional parameter.

  • The "-L 5901:myvncserver:5900" tells SSH to forward port 5901 on the local machine to port 5900 on myvncserver.

  • The "-C" tells SSH to employ compression. This is additionally useful because VNC also does not employ compression. This is an optional parameter.

  • The "-N" tells SSH not to execute a shell or commands. Since your purpose here is to connect via VNC, you don't really need the SH part of SSH here. ;-) This is an optional parameter.

Next, you'll want to start your VNC client and connect to localhost:1. At that point, you will be prompted with the VNC Password dialog box. Enter your password and go on your way. When you're done, exit VNC the way you normally would. Now, press "[Ctrl]+C" in the window where you started SSH to end the SSH connection.


One MAJOR note here is that if you are running VNC on the SSH server you are using, you'll need to turn on "AllowLoopback". For Windows, you have to modify a registry setting. You can save the following text to vnc.reg and double-click on it to import it into the VNC/SSH server's registry:


REGEDIT4

[HKEY_LOCAL_MACHINESoftwareORLWinVNC3]
"AllowLoopback"=dword:00000001

From the VNC Server's perspective, you're making the connection from itself, and VNC does not allow these connections by default.

2 comments:

  1. Mike,

    Thank you very much for clear, concise instructions on getting VNC to work with SSH. Evidently you're the only one who believes that saying flat-out "This is how you do it", will do any good. While I don't have it working yet, I have faith that it will work when I get home tonight, as I have ticked the box for "AllowLoopback" on my VNC server at work this morning.

    Again, thank you for your article.

    On the other hand, some (all?) of your links are broken on the VNC through SSH page. But they weren't really necessary since you did such a fine job of explaining it.

    Chris

    ReplyDelete
  2. Chris,

    AT&T's UK Research labs obviously isn't hosting VNC info anymore. I found an archive of the old information.

    -ME

    ReplyDelete