This post will cover how to use VNC over an SSH Tunnel using Ubuntu. We’re going to configure things in such a way that a network administrator would have a hard time blocking or even knowing that you are doing this. There’s a few key things you will need to know and what they mean before we proceed.
- SSH – Stands for Secure Shell
- VNC – Open standard remote desktop program. It’s very slow and choppy but runs on almost any platform
- SSH Tunnel – You can tunnel specific ports through the SSH connection. Basically you encrypt the information from one computer you own to another
Why would you want to use VNC over an SSH Tunnel? Well, VNC by default has no security built into it. Your password is sent clear text the whole way. This makes it very easy to “sniff” your password. A person could then use the password they sniffed to log into your machine.
What will you need to follow along?
- 2 Computers. I’m going to be using a laptop and a desktop computer.
- Internet connection on either side
- Putty (Name of software)
- VNC Client (Type of software)
What you need to know about the “test” setup.
- Our SSH Server’s IP address will be 192.168.2.2
- Our Router’s Internal IP address will be 192.168.2.1
- Our Router’s External IP address will be 188.8.131.52 which is linked to company.dyndns.org
- SSH’s default Port is Port 22
- VNC Server port default is port 5900
- Port Putty will create for us will be 5902. This number can be almost anything as long as it doesn’t interfere with a port already in use on your computer.
- Port 22 outbound should be blocked if you are at work
- Port 443 is normally open. Can you imagine if it wasn’t?
Please write down what your own information like IP addresses before you start setting things up. Trust me. It makes things much easier to figure out. There are two main parts of this how to. The first part is getting the SSH connection up and running. Here’s how the SSH connection is going to look.
Ok. If you read the “What you need to know” section you’d already know that if you are at work you will most likely not be able to SSH into a box at home because any good admin doesn’t give their end users access to SSH. Unfortunately SSH can be run on almost any port. In this example we are going to be telling the SSH client to talk on port 443 and for the router to listen on port 443 for SSH. The router will convert the port 443 to port 22 using port forwarding. The router will send it to our server called “sshserver”.
NOTE – I recommend that if you plan on doing this often that you use a service like DynDNS. It allows you to type in an english domain name and be taken to your ip address no matter if your home IP address changes. In this example we will be using the DNS name “company.dyndns.org” which resolves to a public ip address of 184.108.40.206.
To setup the Ubuntu server we named sshserver we are going to install “open SSH server”. To do this we will type this command at the terminal:
The program will automatically create the certificates you are going to need to secure your communications.
Next we need to enable VNC. To do this it is very easy. We must:
(Ps- I move “Remote Desktop” up in the list just so the screenshot could be a bit smaller)
We need to allow people to view and control the desktop. We also need to enter a password that a person will use to log on to the VNC server.
That was easy to setup the server eh?
Now let’s setup the router. We will want to log in to the router. Each router is going to be different. What you are going to want to look for is “port fowarding”(linksys) or “virtual Servers” (dlink). In it you should have the ability to say what port you are wanting to listen on and what IP address and port you want to translate to.
Next we need to setup Putty on “laptop”. Laptop is running Ubuntu Linux with the latest version of Putty installed. We installed it from the Ubuntu Software Centre. If you have a windows box you can also run putty by going to the website and downloading the program.
We’re going to setup putty like this:
Enter the info and then click on “Default Settings” and hit Save. This alone will allow us to SSH into our server called “sshserver”. When you connect you will be prompted for your Ubuntu username and password. Once logged in it’s like your right in front of the terminal of “sshserver”! The best part is everything is completely encrypted!
This next part is the part I had the hard time with the first time I started using SSH. SSH Tunneling allows you to send certain ports across in a tunnel like fashion. We are going to use VNC and connect to our “sshserver” across the internet.
We already know that ON “sshserver” VNC is running locally on port 5900. We are going use Putty to create a port that “laptop” listen. Anything sent to this port we will forward to the destination port of 5902 on the “sshserver”. Making sense? To do this we will need to go down to the connection section in putty, Click on SSH so that it drops down and then select tunnels. This is how mine looked after I was done:
Just so that I don’t have to enter this info in again you should get back up to the first screen (Session), click on “Default settings” and click save.
You should now make a connection to “sshserver” using putty by click “open” button. Great! Log into the terminal by using the username and password of your “sshserver” default user.
We now need to open a vnc client. On Ubuntu you can click on “Applications-Internet-Remote Desktop Viewer”.
Click on “Connect”.
Click on VNC Protocol and then type the Local port ON the laptop that was created BY Putty.
Click Connect. You will be asked for a password. Enter the password you entered for the Remote Desktop. You’re done!