A Bit More on VNC over SSH

February 27th, 2008 · No Comments

I just re-read my earlier post on using TightVNC to easily setup an SSH tunnel for sending VNC data over. I can’t believe I forgot to point out some additional points:

  • You don’t need to make a separate VPN connection to your work network if your company has an externally facing host that is open to SSH connections and also has an internal IP address / NIC. In this case, you simply establish the SSH connection to this external host and rely on it to forward the VNC traffic over the work LAN to your target host. While this setup encrypts the VNC traffic over the public internet / WAN, it does leave it unencrypted within the work LAN. As a result, only do this if you trust your work LAN not to be snooping your VNC data. Here’s an example:
    vncviewer -via host.work.com  internalhost:10

    Here my externally accessible work machine has a hostname of “host.work.com” and the name of the internal machine running the VNC session, on display 10, is “internalhost”. Again, this works as long as “host.work.com” has an externally open port for SSH.

  • You can also provide a different username for the SSH connection and TightVNC will use it just like a standard ssh command. For example, I could have done:
    vncviewer -via dave@host.work.com internalhost:10

    in the above if I’d been logged into my local machine under a user account which doesn’t exist on host.work.com. In this case, TightVNC will first prompt you for a password for the SSH connection and then, assuming it can establish the SSH tunnel with those credentials, prompt you for the VNC password. In fact, since specifying the “-via” option just causes TightVNC to setup a tunneling connection for you by running the /usr/bin/ssh command, you can even get it to use a non-standard SSH port with a little bit of a hack. Simply provide any options, such as a port specification, within a quoted string as the argument to the “-via” option like so:

    vncviewer -via "-p 2222 dave@host.work.com" internalhost:10

    Again, this will prompt you for the SSH password, and only if that’s succesfull will it prompt you for the VNC password required by display 10 on internalhost.

Tags: IT/Network

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment