Randomness

Access your Linux computer graphically and securely using SSH and VNC

Posted on: November 8, 2007

This was copied from the Johnny Chadda blog.

=================================

 

When you are out traveling or just at work, the need sometimes arises when you have to access your computer at home. This article will show you how to access your computer in a simple and secure way. The article is focused on Ubuntu, but can just as well be used with the remote desktop features of Windows XP.

We first of all want to create a secure channel between your current computer and your machine at home, and what better tool for the job than OpenSSH. In Ubuntu, you may install the SSH server by installing the packet called “openssh-server” like so:

sudo apt-get install openssh-server

This will enable remote connections into your computer on port 22, which is the standard SSH port. If your computer sits behind a router, you must forward the port to the computer from the router.

The next step is to enable the remote desktop facilities of the Gnome desktop in Ubuntu, by opening the “System” menu, “Preferences” and then selecting “Remote desktop”. You will be presented with a dialog like the following:

gnome-vnc.png
The options are self-explanatory, and since you will be connecting to it when you yourself are not around, be sure to untick “Ask you for confirmation”. This will start the VNC server at port 5900, which you should not expose to the internet. Instead, here is where SSH comes into play.

The primary purpose of SSH is to allow secure text-based remote management capabilities to servers. It can however tunnel arbitrary traffic over it too, and VNC traffic is of course not an exception. The endpoint should be to be able to connect to port 5900 which runs the VNC server, so we need to tell SSH to create a tunnel from the current computer to the home computer and then on to the VNC server. Let’s select port 50000 for the start of the tunnel, but it can be any free port between 1024 and 65535. If you are fortunate enough to be running Linux on your work computer, connect to your home computer using the following command:

ssh -l username -L 50000:localhost:5900 your.home.pc

Let’s take a minute to analyze this command. You issue the ssh command, and -l lets you specify which user-name to connect as. -L is the magic part where we specify endpoints of our SSH tunnel. The tunnel starts at port 50000 of the local computer, then travels to the SSH server on the other side. It then looks at the endpoint which is localhost port 5900, which happens to be the VNC server! The last part is to specify a host-name or IP-address to your home computer. It can of course also be done in Windows using the popular PuTTY terminal:

putty-host.png

putty-forward.png

On the first screenshot we specify which host to connect to, and the tunnel is set using the tunnel settings. The screenshots should be self-explanatory. Just don’t forget to click the add button to actually enable the tunnel.

After logging into the server either using a Linux or Windows machine, the time has come to actually try this out by connecting a VNC client to the server. Ubuntu users have a VNC client installed under “Applications” – “Internet” – “Terminal Server Client”, and Window users may for example download UltraVNC viewer. If you don’t want to install anything, choose the “Ultr@VNC Standalone Viewer” package, which only contains a zipped viewer.

To connect, we only need to specify the start of the SSH tunnel and it should take the data to its destination automatically.

ultravnc.png

Connect to localhost port 50000 like we specified for the start of the tunnel earlier. Notice the extra colon – we need to write this way since we are not connecting to a particular display. Remember to set the quick options in UltraVNC to “MEDIUM” if you have slow connection to make the interface relatively snappy and useful.

Click connect, and if everything works you should be prompted for the password you specified when configuring the VNC server earlier.

The SSH tunnel can of course also be used to secure Windows Remote Desktop access. It uses port 3389 by default and you might not have an SSH server running on a Windows client, but perhaps you have another Linux machine on your network? In that case, you can connect to the Linux server using SSH and set the endpoint of the tunnel to your Windows client. The following is an example in the Linux SSH notation:

ssh -l username -L 50000:192.168.0.10:3389 my.home.linux.server.pc

It works just like before, but instead of just looping the connection to localhost, it will forward the connection to 192.168.0.10 port 5900 on your network, and if that happens to be your Windows client you should be able to connect.

Advertisements

5 Responses to "Access your Linux computer graphically and securely using SSH and VNC"

Well done. I was a bit sketchy on how to forward VNC over SSH while out on the road to ensure noone could eavesdrop but thanks to you I’m quite confident on how to. Thanks!

I too was looking for help for a long time. I finally ran across this how-to that explained it very clearly.

Thanks go to the Johnny Chadda blog. The link is at the top of the article.

Later

get to your ssh server through a web browser –

http://www.browsershell.com

I know it is just due to my lack of knowledge, but the part about forwarding the port if you have a router completely escaped me.

cool. thanks for the info.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: