Wednesday, October 2, 2002

VNC through SSH

VNCViewerAT&T Research Labs developed Virtual Network Computing (VNC) as a means to remotely control your servers over the network. It's similar, in function, to PCAnywhere with one MAJOR exception: it's free! RealVNC now maintains the original VNC product.

AT&T provided information (link to archive) about configuring SSH and VNC to work together for a more secure connection. They also have Windows specific information (link to archive). This document was based on their information and blood, sweat and tears. ;-)

In order to initiate the secure connection, you'll need to connect with SSH:

ssh -T -L 5901:myvncserver:5900 -C -N username@mysshserver

To break this down,

  • The "-T" tells SSH not to allocate a tty for shell related activities. This is an optional parameter.

  • The "-L 5901:myvncserver:5900" tells SSH to forward port 5901 on the local machine to port 5900 on myvncserver.

  • The "-C" tells SSH to employ compression. This is additionally useful because VNC also does not employ compression. This is an optional parameter.

  • The "-N" tells SSH not to execute a shell or commands. Since your purpose here is to connect via VNC, you don't really need the SH part of SSH here. ;-) This is an optional parameter.

Next, you'll want to start your VNC client and connect to localhost:1. At that point, you will be prompted with the VNC Password dialog box. Enter your password and go on your way. When you're done, exit VNC the way you normally would. Now, press "[Ctrl]+C" in the window where you started SSH to end the SSH connection.

One MAJOR note here is that if you are running VNC on the SSH server you are using, you'll need to turn on "AllowLoopback". For Windows, you have to modify a registry setting. You can save the following text to vnc.reg and double-click on it to import it into the VNC/SSH server's registry:



From the VNC Server's perspective, you're making the connection from itself, and VNC does not allow these connections by default.