Setting up VNC with SSH

VNC is becoming a popular piece of software for remote desktop functionality. It has a client/server architecture: a computer must run a VNC server to offer its desktop for use elsewhere on the Internet, and a VNC client must be started and connected to a VNC server to start using that desktop.

VNC has a weak security system: it allows arbitrary passwords to be used and doesn't encrypt them over the network. Therefore, it is better to use VNC in combination with SSH. This is done as follows.

• configure the VNC server on the remote machine to accept only local connections
• start the VNC server on the remote machine, if you aren't running one already; on Unix/Linux this is done with the vncserver command. It will report the port number to connect to
• configure the SSH client to tunnel VNC traffic (i.e. make the remote VNC server appear at the local end)
• make an SSH connection configured to do this to the machine running the VNC server
• on Unix/Linux, the initial desktop environment is configured in the file ~/.vnc/xstartup; if you want to run GNOME or KDE or anything else it must be specified here; see the one I use.

The screenshots (click on them to enlarge) show possible configurations for the two SSH clients mentioned before. VNC/X display numbers n correspond to TCP/IP network ports 5900+n, so normally you woul tell SSH to map port 5900 to remote port 5900, 5901 to 5901, and perhaps a few more. In this configuration the port numbers are shifted by 10, so if the remote VNC server is running on display :1, the local VNC client must connect to localhost:11 to access it. This allows me to still use ports :0 and :1 for other purposes, such as a local VNC server, an Exceed X server, or a Cygwin X server.

VNC servers on MS Windows

In this setup it is assumed that the VNC server runs on a Unix or Linux machine. However, VNC can just as well be used to connect to a Microsoft Windows system, if a VNC server is running there. The same considerations apply there: it is safer to restrict such a VNC server to local connections and use SSH to connect to it remotely.

However, this requires that a SSH server is running on the Windows machine. There are many ways to obtain such a beast; one is to use the one distributed with Cygwin. Configuring it to run, however, requires some arcane text file editing; see this somewhat related e-mail message for details.

Why stop here?

At work (and for my hobbies, too) I need to execute different tasks on different computer systems, whenever one system offers facilities (hardware properties or devices, OS capabilities, access to certain applications, services or files) that the other doesn't. For ideal convenience everything should be accessible from anywhere in the world, as long as some computer with an Internet connection is available there. Owing to tools such as VNC, for the things I do with computers this is effective reality today.

The previous screenshots already provided a reminder that VNC is just one out of a plethora of options for doing similar things. The following screenshot carries things even further over the top.

It shows the following computers and OSes in action:

• my desktop computer, pcwin518.campus.tue.nl, running Windows XP SP 2;
• a Cygwin command line prompt displayed in an xterm using the X Window server distributed with Cygwin; note that the X server doesn't provide a separate window for its applications, but instead, displays its application windows directly on the Windows desktop;
• a second X Window server, started with Xnest, in which a clock, a screenshot image and a different window manager (wmaker) are running;
• a second xterm command prompt running on another machine, antilope.win.tue.nl, which runs Red Hat Linux 9; this xterm was started from the first xterm using ssh, and displays in the first X server; the xeyes application running in the corner was started from this xterm, so it runs on antilope;
• a VNC connection to the same antilope.win.tue.nl machine, displaying its own window, and a bunch of xterms running within it; the X server created by the VNC server running on that machine does provide its own main window;
• a Windows 2000 operating system running within Virtual PC, an OS virtualization system similar to coLinux, VMWare, and others

Some similar tools, such as coLinux and Microsoft Unix Services for Windows, which has functionality similar to Cygwin, are also installed but do not appear in the screenshot.

See also

• BCF's page on this subject
• Windows Remote Desktop / rdesktop, a better way to connect to Windows XP systems

Colophon

This document was written by Reinier Post. Please report any problems, suggestions or improvements regarding this subject or this document back to me.

Thank you.