What's new

Tutorial Jamesiswizard_1 tunnelling vnc over ssh

Status
Not open for further replies.

jamesiswizard_1

Forum Master
Joined
Aug 26, 2012
Posts
5,782
Reaction
43,459
Points
5,586
The following topics are covered in this guide -

Virtual Network Computing (VNC) can be used to access another PC over a network - including over the internet. A VNC connection can be used to transfer files (not supported in all versions) or as a graphical desktop sharing system to access a remote PC (similar in practice to Microsoft's Remote Desktop). There are security issues when using VNC applications - the following information was taken from the TightVNC website but applies to other VNC applications (highlights have been added by myself) -
"Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk....if you need real security, we recommend installing OpenSSH, and using SSH tunnelling for all TightVNC connections from untrusted networks."
Although TightVNC has been used in this guide it can easily be replaced with other versions of VNC. In fact, if the VNC version adheres to VNC code then a viewer from one version can be used to connect to a server using a different version.
VNC applications are usually comprised of a server and a viewer. The server should be installed on the SSH server set up earlier. If the preceding section of this guide was followed you will already have a working SSH server.
There are two distinct methods of running the TightVNC server, either as an application or as a service. If the VNC server is running as an application then it can only be accessed after logging in to the server using a valid user account, and will be closed when the user logs out or restarts the PC. Due to these restrictions we will be installing the VNC Server as a service. Running the VNC server as a service allows the PC on which it is installed to be accessed even when there is no user logged in - e.g. after a reboot before a user account is selected.
Two versions of TightVNC are covered in this guide, use version 2.0 if using Windows 7 as older versions of TightVNC are not fully compatible with this operating system and cannot register the TightVNC server as a service -

TightVNC Server (version 1.3.10)


  1. Install TightVNC. If the Windows installer package is used the default install location isC:\Program Files\TightVNC\.
  2. To install WinVNC as a service start a command prompt with Administrator privileges and enter the following command -
    "C:\Program Files\TightVNC\WinVNC.exe" -install [enter]
  3. open a command prompt and start the VNC Server using the command -
    net start winvnc [enter]
  4. The TightVNC configuration window should open. Enter a password in the Server tab settings - the password can be up to eight characters in length. After the password has been set click on the Apply button -
    vnc1.jpg

  5. Select the Administration tab and enable Allow loopback connections and Allow only loopback connections, then click on Apply and OK -
    vnc2.jpg

To make any further changes to TightVNC's configuration settings open the TightVNC properties dialog via the taskbar.
No further steps are required to configure the server. Connect to the SSH Server from the client PC using PuTTY before starting the VNC Client (see
You do not have permission to view the full content of this post. Log in or register now.).

TightVNC Server (version 2.0 beta1)



  1. Install TightVNC. If the Windows installer package is used the default install location isC:\Program Files\TightVNC\.
  2. To install tvnserver as a service if this option was not selected during installation, start a command prompt with Administrator privileges and enter the following command then restart the PC -
    "C:\Program Files\TightVNC\tvnserver.exe" -install [enter]
  3. Open the TightVNC Service Configuration windows via the icon in the taskbar and uncheck the Use passwords (VNC authentication) option in the Server tab-
    vnc2.0_1.jpg

    Note - as we will only be allowing loopback connections to tunnel TightVNC through a SSH connection it is safe to disable password authentication.
  4. Select the Access Control tab and select Allow loopback connections and Allow only loopback connections, then click on Apply and OK -
    vnc2.0_2.jpg

Connect to SSH Server


As the VNC Server has been configured to allow loopback connections only it will not respond to attempts to connect via port 5900 (the default port) - all connections will be routed through a Secure Shell tunnel.
To create a Secure Shell tunnel through which to encrypt the VNC stream use PuTTY (follow the instructions
You do not have permission to view the full content of this post. Log in or register now.)

TightVNC Client


To connect to the VNC server you will need a VNC viewer installed/copied to the client PC. We will be using the TightVNC viewer. Assuming that the server already has SSH installed with TightVNC server running and the client PC has opened an SSH tunnel using the settings in this guide -


  1. Start the TightVNC viewer (C:\Program Files\TightVNC\vncviewer.exe) on the client PC and enter 127.0.0.1:5900 in the VNC Server box -
    vnc3.jpg

    Note - If TightVNC Server version 2.0beta1 is running on the server and the settings covered in this guide have been used no password is required and the viewer should automatically connect to the server.
  2. If TightVNC Server version 1.3.10 is running on the server you will be prompted to enter the password set in step 4 -
    vnc4.jpg

  3. You should now see the server's desktop - possibly with the wallpaper removed -
    vnc5.jpg

 
Last edited:
Dear jamesiswizard_1,

Since 2 years have passed since the last reply in this thread, I am locking it to prevent necroposting. Feel free to start a new thread or contact any forum staff if you want this to be reopened.

Thread closed.
 
Status
Not open for further replies.
Back
Top