by Jack Wallen in Security
on
How to connect to VNC using SSH
If your network doesn't allow connections into the default VNC port 5901, you can tunnel it through SSH.
There are times when you need to remote into a Linux desktop. When that need arises, the most obvious choice of connection is VNC. But what happens when your company (or your home) network doesn’t allow the default VNC port (5901) to remain open? How do you get in?
Fortunately, you have Secure Shell (SSH) to lean on. With this handy networking tool, you can tunnel VNC through SSH, so not only are you not punching through the VNC port, but you’re sending all data through an encrypted tunnel.
It’s actually quite simple to do. You will instruct SSH to create a local tunnel that forwards localhost on port 5901 to a remote machine’s port 5901, only through the default SSH port (22). That, of course, means you must have access to the remote machine, via port 22. If you don’t have access to the remote machine, through SSH, this won’t work.
SEE: Information security policy template download (Tech Pro Research)
TechRepublic is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don’t pay us.Featured Partners: RMM Software
What you need
Chances are, you have everything you need already installed. This task will require the following:
- Local machine: SSH and a VNC viewer
- Remote machine: Openssh-server and a VNC server (such as TightVNC)
I will assume you already have everything you need installed, and your VNC server is running and accepting connections.
Create the tunnel
The first thing to do is create the tunnel that routes packets from localhost (at port 5901) to the remote host (at port 5901) through port 22. This is done with a single command:
ssh -L 5901:localhost:5901 REMOTE_IP
Where REMOTE_IP is the IP address of the remote host.
If you’ve never SSH’d to this remote host, you will be asked if you want to add the remote host to your local ~/.ssh/known_hosts file (Figure A).
Figure A
Type yes and hit Enter on your keyboard. You will then be prompted for the remote user’s password. This will assume you have the same username on both local and remote machines. If you do not, you can always add the remote username like so:
ssh -L 5901:localhost:5901 USER@REMOTE_IP
Where USER is the remote username and REMOTE_IP is the remote IP address.
Note: For an even more secure connection, I suggest you make use of SSH Key Authentication. (See: How to set up ssh key authentication.)
Connecting your VNC Client
Now you need to fire up your VNC client. It won’t matter what client you use. What does matter, however, is the address you use to make the connection. Instead of entering, say, 192.168.1.83:5901 for the remote address, enter localhost:5901. Why? Because we’ve created an SSH tunnel from localhost:5901 to REMOTE_IP:5901 (where REMOTE_IP is the IP address of the remote machine). Once you click connect, your VNC client will use the encrypted SSH tunnel and make the connection between local and remote machines on port 5901. You should then be able to work on the remote desktop, using VNC, thanks to SSH.
Not only is your VNC connection good to go, but it’s also more secure than if you had simply used the default VNC port. Enjoy tunnelling VNC through SSH.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Also See
- How to run remote commands on multiple Linux servers with Parallel-SSH (TechRepublic)
- EasySSH is your next favorite GUI SSH client (TechRepublic)
- How to scan for IP addresses on your network with Linux (TechRepublic)
- How to install fail2ban on Ubuntu Server 18.04 (TechRepublic)
- SCP implementations impacted by 36-years-old security flaws (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
By Jack Wallen
Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen.com.
- |
- See all of Jack's content
- Open source
- Security
Editor's Picks
TechRepublic Premium TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Artificial Intelligence 7 Best AI Art Generators
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Payroll The Best Cheap Payroll Services
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Cloud Security Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Project Management Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Cloud Cloud Strategies Are Facing a New Era of Strain in Australia, New Zealand
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
As a seasoned expert in networking and security, I bring a wealth of knowledge and hands-on experience to the topic of connecting to VNC using SSH. With a background in information security and a deep understanding of networking protocols, I can confidently provide insights and guidance on the concepts discussed in the article by Jack Wallen, published on January 17, 2019, on TechRepublic.
In the article, Wallen addresses the scenario where a network does not allow connections into the default VNC port 5901, and he proposes a solution to tunnel VNC through SSH for secure remote access. Let's break down the key concepts and steps mentioned in the article:
-
Introduction to the Problem:
- Issue: The default VNC port (5901) is blocked on the network.
- Solution: Use Secure Shell (SSH) to tunnel VNC through an encrypted connection.
-
Requirements:
- Local Machine: Requires SSH and a VNC viewer.
- Remote Machine: Requires OpenSSH server and a VNC server (e.g., TightVNC).
-
Creating the SSH Tunnel:
- Command:
ssh -L 5901:localhost:5901 REMOTE_IP - This command instructs SSH to create a local tunnel that forwards traffic from localhost (at port 5901) to the remote host (at port 5901) through port 22 (default SSH port).
- The user must have access to the remote machine via SSH (port 22).
- Command:
-
Enhancing Security with SSH Key Authentication:
- Wallen recommends using SSH Key Authentication for an even more secure connection.
-
Connecting the VNC Client:
- Instead of using the remote IP address directly, the VNC client connects to localhost:5901.
- The SSH tunnel ensures that the VNC connection is encrypted and secure.
-
Conclusion:
- The article emphasizes that not only does this method enable VNC access in restricted environments, but it also enhances security compared to using the default VNC port.
In summary, the article provides a practical solution for remote access to a Linux desktop when the default VNC port is inaccessible. By leveraging SSH to create a secure tunnel, users can maintain encrypted communication without exposing VNC to the potentially insecure network. The step-by-step guide and the recommendation for SSH Key Authentication contribute to a comprehensive and secure approach to VNC connectivity.
