From Department of Statistical Science Computing Wiki
Jump to: navigation, search

This page describes how to configure PuTTY or F-Secure SSH to tunnel a VNC connection from a remote computer to a VNC session running on a Linux desktop in the DSS.

Why tunnel VNC connections?

While the password you use to access a VNC session is encrypted, the data connection between your remote computer and the VNC server is not. This leaves you open to someone snooping that connection and picking out keystrokes or watching "over your shoulder" as it were and is a serious security vulnerability.

The answer to this is to tunnel the VNC connection over an SSH session between your remote computer and the linux desktop you are trying to access remotely.


On the Linux desktop

  • VNC Server software -- All DSS desktops have the vncserver package installed.

On the remote computer

Configuring SSH Tunnels

The first step is to configure your ssh program to install an ssh tunnel between a port on your remote computer and the VNC port on the linux desktop at DSS you want to access.

Note: These instructions assume you are accessing a VNC session on :1.

SSH Tunnels in PuTTY

Here are directions to configure a VNC ssh tunnel in PuTTY:

  1. Run PuTTY
  2. In the tree on the left side, select Connection -> SSH -> Tunnels
  3. Put "`5901`" in the Source Port field
  4. Put "`localhost:5901`" in the Destination field
  5. Click the Local radio button
  6. Click the Add button to add the port forwarding.
  7. In the tree on the left side, select Session
  8. Enter the full hostname ( of the machine you are accessing in the Host Name (or IP address) field.
  9. Click the SSH radio button if it is not selected.
  10. Enter the full hostname of the machine you are accessing in the Saved Sessions field.
  11. Click the Save button to save these changes.
  12. Click the Open button to activate the session.
  13. The SSH terminal window will open. Log into the computer as per normal remote access.

You will now have a ssh tunnel forwarding from port 5901 (the port associated with a VNC session on :1) on your remote computer to port 5901 on the linux desktop you are accessing.

SSH Tunnels in F-Secure SSH

Here are directions to configure a VNC ssh tunnel in F-Secure SSH:

  1. Start F-Secure SSH
  2. Create or Load the profile for the machine you are accessing:
    1. If you already have a Profile for connecting to the linux desktop you want:
      1. Click on the Profiles button next to Quick Connect.
      2. Click on the name of the profile for the machine you want to access.
    2. If you don't have a Profile for the linux desktop:
      1. Click on the Profiles button next to Quick Connect.
      2. Click on Add Profile...
      3. Enter a name for the new profile.
      4. Click Add Current Connection to Profiles to create the new profile.
  3. Click on Edit -> Setting...
    1. If you just created this profile:
      1. Click on Connection directory under Profile in the tree diagram on the left side of the window.
      2. Enter the full hostname ( in the Host name or IP address field.
      3. Enter your DSS login name in the User Name field.
  4. In the tree on the left side, click on Local in the Tunneling section.
  5. Click the Add... button.
  6. Put 5901 in the Source Port field
  7. Put 5901 in the Destination Port field
  8. Click on the OK button at the bottom of the dialogue window to close it.
  9. Press the spacebar to activate the SSH connection to the linux machine. Enter your password when prompted.

Setting up a VNC Session on the Linux desktop

Before you can access a VNC session remotely, you need to have a VNC server running on the linux desktop. This can be done at any time before you need the remote connection. The VNC session will remain running until the machine is rebooted or your intentionally shut it down.

Starting a VNC Server on :1

  1. Log into the linux desktop you want the VNC session on.
  2. Run vncserver :1 -geometry 1280x1024 - This will start a VNC session on the linux box with a geometry of 1280x1024 pixels running on the :1 connection.
  3. If you have not used VNC before, you will be prompted for a password to use for authenticating when you connect to the VNC session later. Do NOT use your DSS, NetID, or other secure password for this password. Choose a different one.

You are now ready to access this session remotely.

By default, the standard VNC session on our desktops presents a VERY plain interface. It does not run the Gnome, KDE, or XFCE4 desktop environments. Directions for setting up a different [VNCDesktopSessions| desktop in your VNC session].

Running TightVNC over SSH

  1. Start either PuTTY or F-Secure SSH and log into the linux desktop running your VNC session. This step is required to create the SSH tunnel the VNC viewer will use to access your VNC session.
  2. Start TightVNC Viewer
  3. Enter localhost:1 into the VNC Server field.
  4. Click on Connect to initiate the connection.
  5. A large window will open and display your VNC session on the remote desktop.

Closing the VNC session

  1. Close the VNC session window.
  2. Log out of the linux desktop ssh session.

Note: If you exit PuTTY or F-Secure SSH, your VNC session will be closed. This will not terminate the VNC session, but does disconnect you from the session. You can always connect again at a later date.

Note on 5901 being used: If 5901 is currently in use when you start vncserver, you will need to restart the process with a different port chosen. :1 corresponds to 5901. For :2, use port 5902, and so on until you find an unused port.