17-02-2011, 03:54 AM
[Windows] How to tunnel a VNC session over SSH
VNC is a very handy tool, I use it almost daily to log in to other machines either remotely or on my network as it provides a GUI interface very similar to that of remote desktop but VNC is cross-platform.
I prefer it over remote desktop but one problem is that it can be considered insecure by some - How do we solve this? By tunnelling it over SSH (which is secure).
This tutorial is for Windows (XP) but the concept is the same for Linux, if the demand is there I am more than happy to make a tutorial for it.
In this example I'm using two Windows machines named XP1 and XP2, I will be referring to these throughout the tutorial.
What we need
TightVNC - (My personal favourite VNC)
Putty - (SSH client)
freeSSHd (SSH server)
Steps
Go over to the PC that you will be connecting to, in our case XP1.
1) Download VNC, http://www.tightvnc.com/download.php
Get the Self-installing package for Windows, at the time of writing this it's version 2.0.2 so save the file "tightvnc-2.0.2-setup" to your desktop.
2) Run the installer file, on this machine just install the TightVNC Server, (Not the Viewer), Register TightVNC Server as a system service and Add exception for TightVNC to the Windows Firewall.
Also enter a password on the next page. (For this tutorial I used 12345, make sure you use a strong one)
Once it's installed open TightVNC and go to "Access Control", make sure Allow loopback connections is ticked!
![[Image: VNC-SSH1.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH1.png)
![[Image: VNC-SSH2.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH2.png)
![[Image: VNC-SSH3.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH3.png)
3) Now, download an SSH server (freeSSHd.exe) and run through the installer.
http://www.freesshd.com/?ctt=download
Private Keys should be created. Should I do it now? - Yes
Do you want to run FreeSSHd as a system service? - Yes
![[Image: VNC-SSH4.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH4.png)
Once it's installed, in freeSSHd click on the users tab and add a user. (See image below)
![[Image: VNC-SSH5.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH5.png)
Then go to Tunneling and make sure Allow local port forwarding is ticked!
4) You need to add an exception for port 22 in your Windows Firewall.
Start > Control Panel > Security Center > Windows Firewall > Exceptions > Add Port > Name: SSH Port number: 22, TCP.
5) In your Router port forward port 22 to the machine on your local network (My local machine, XP1 being 192.168.2.26)
One of my other threads may be of use if you're having trouble doing this. [LAN] How to find and log in to your router
![[Image: VNC-SSH6.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH6.png)
6) Now, on your remote PC (the one you're connecting from) in our case XP2, install VNC viewer. Run the installer again but this time just select TightVNC Viewer and not Server.
7) Then download Putty. (putty.exe)
http://www.chiark.greenend.org.uk/~sgtat...nload.html
8) Open putty and go to SSH > Tunnels
Source port: 5900
Destination: 192.168.2.26:5900 (The internal IP of the machine you'll be connecting to)
Then click Add.
![[Image: VNC-SSH7.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH7.png)
Now go back to Sessions and put your external IP* in and connect. If it's your first time connecting you'll be prompted with something similar to this, click Yes.
*You can find your external IP by going to http://www.ipchicken.com
![[Image: VNC-SSH8.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH8.png)
Log in with the user and password that you created with freeSSHd and you should be greated with a command prompt for your machine. Just minimise the window.
![[Image: VNC-SSH9.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH9.png)
9) Now, open TightVNC viewer and connect to 127.0.0.1, click Connect, enter the password and you're good to go!
![[Image: VNC-SSH10.png]](http://markwood.co.cc/donotdelete/VNC-SSH/VNC-SSH10.png)
Job done.
Additional Information
In many of my threads I provide an Addition Information section, this information is often not needed to make things work but it helps you further understand the process and what things are or mean such as acronyms.
SSH = Secure shell
VNC = Virtual Network Computing
Mirror for the files
mcompute-VNC-SSH.zip
VNC is a very handy tool, I use it almost daily to log in to other machines either remotely or on my network as it provides a GUI interface very similar to that of remote desktop but VNC is cross-platform.
I prefer it over remote desktop but one problem is that it can be considered insecure by some - How do we solve this? By tunnelling it over SSH (which is secure).
This tutorial is for Windows (XP) but the concept is the same for Linux, if the demand is there I am more than happy to make a tutorial for it.
In this example I'm using two Windows machines named XP1 and XP2, I will be referring to these throughout the tutorial.
What we need
TightVNC - (My personal favourite VNC)
Putty - (SSH client)
freeSSHd (SSH server)
Steps
Go over to the PC that you will be connecting to, in our case XP1.
1) Download VNC, http://www.tightvnc.com/download.php
Get the Self-installing package for Windows, at the time of writing this it's version 2.0.2 so save the file "tightvnc-2.0.2-setup" to your desktop.
2) Run the installer file, on this machine just install the TightVNC Server, (Not the Viewer), Register TightVNC Server as a system service and Add exception for TightVNC to the Windows Firewall.
Also enter a password on the next page. (For this tutorial I used 12345, make sure you use a strong one)
Once it's installed open TightVNC and go to "Access Control", make sure Allow loopback connections is ticked!
3) Now, download an SSH server (freeSSHd.exe) and run through the installer.
http://www.freesshd.com/?ctt=download
Private Keys should be created. Should I do it now? - Yes
Do you want to run FreeSSHd as a system service? - Yes
Once it's installed, in freeSSHd click on the users tab and add a user. (See image below)
Then go to Tunneling and make sure Allow local port forwarding is ticked!
4) You need to add an exception for port 22 in your Windows Firewall.
Start > Control Panel > Security Center > Windows Firewall > Exceptions > Add Port > Name: SSH Port number: 22, TCP.
5) In your Router port forward port 22 to the machine on your local network (My local machine, XP1 being 192.168.2.26)
One of my other threads may be of use if you're having trouble doing this. [LAN] How to find and log in to your router
6) Now, on your remote PC (the one you're connecting from) in our case XP2, install VNC viewer. Run the installer again but this time just select TightVNC Viewer and not Server.
7) Then download Putty. (putty.exe)
http://www.chiark.greenend.org.uk/~sgtat...nload.html
8) Open putty and go to SSH > Tunnels
Source port: 5900
Destination: 192.168.2.26:5900 (The internal IP of the machine you'll be connecting to)
Then click Add.
Now go back to Sessions and put your external IP* in and connect. If it's your first time connecting you'll be prompted with something similar to this, click Yes.
*You can find your external IP by going to http://www.ipchicken.com
Log in with the user and password that you created with freeSSHd and you should be greated with a command prompt for your machine. Just minimise the window.
9) Now, open TightVNC viewer and connect to 127.0.0.1, click Connect, enter the password and you're good to go!
Job done.
Additional Information
In many of my threads I provide an Addition Information section, this information is often not needed to make things work but it helps you further understand the process and what things are or mean such as acronyms.
SSH = Secure shell
VNC = Virtual Network Computing
Mirror for the files
mcompute-VNC-SSH.zip