Tunnel_VNC_over_SSH
Purpose
This is a basic example of how to create an SSH tunnel for VNC. This is very similar to SSH Reverse Tunnel but instead of tunnelling through to the Destination SSHD, I am tunnelling through to a VNC server.
The purpose of doing is this so that I can connect to my VNC Server running on Machine 1 from the outside internet (Machine 3) securely and without having any ports open to Machine 1. Ie: I don't want the VNC port sitting for anyone to connect to.
Originally Written by leritzi (russelldm@gmail.com). Feel free to clean it up -- I'm not an english major.
Current Setup
Before we do anything, this is what we have:
- Machine 1: WINXP Box @ 192.168.1.99
- Machine 2: Gentoo Box @ 192.168.1.95
- Machine 3: Some random box on the internet (in my case WINXP at University)
Machine 1 and Machine 2 are sitting behind the same router.
Install SSH on Machine 2
You'll need to install SSH on Machine 2. I also think it is best to run by securing your box page GWikInstall Essential Daemons#Securing_SSH as your Machine 2 will be SSH able by anyone on the outside.
Once you've got all that setup, you'll need to forward port 22 (default SSH port) on your router to point at your Machine 2. You'll need to use a static IP on machine 2 for this.
Install VNC Server on Machine 1
Just install and run – easy as that. Just make sure the VNC ports aren't being forwarded by your router. As you don't really want the ports on Machine 1 exposed to the internet.
Connecting
Ok now all the Setup and Install is done, let’s go on to how to connect. This part is broken down into two choices: 1. Connecting from a Windows Machine 2. Connecting from a Linux Machine
Connecting from a Windows Machine
What I do is a keep a copy of PUTTY and VNC client on my pen drive for quick access.
One thing that is a pain in the ass with PUTTY is that it stores its settings in the registry. This is painful for when you don't have permission to write to registry or always on a different machine. There is a version of PUTTY which has been modified to keep its settings in an ini file for easy use. I haven't used this myself – but I will once I get around to it. http://jakub.kotrla.net/putty/
Setting up of Putty
Note: If I haven’t mentioned a setting in the following I’ve left it as the default PUTTY value. Enter your host name and Port you decided to use for SSH (default port is 22) You may want to setup a dyndns account if you are using a dynamic IP address. Go here: http://www.dyndns.com/services/dns/dyndns/
Proxy
In most cases Machine 3 probably won't be behind a Proxy. In my case it is. Anyway check out the screenshot for details if you think you need this. The settings are actually for the Proxy at my university your case won’t be the same. You'll have to look these details up somewhere. If you're lucky you might be able to check out IE options for proxy details though sometimes automatic scripts are used.
Creating Tunnel
For my case my VNC server is on Machine 1 sitting at 192.168.1.99 on port 5900 (default VNC port). Note that this is an internal IP address; we don't want this computer accessible direct from the outside.
In the screenshot I've used: Source Port: 5901 Destination: 192.168.1.99:5900 (Address of VNC Server)
So it tunnels Port 5900 on Machine 1 (Destination) to the computer you're running PUTTY on. Also source port 5901 means that putty will listen on local port 5901 where vnc viewer connection will be accept. Don't forget to press ADD!
Now save your settings and press connect. If all is well you should get a login prompt for your Machine 2. If an error occurs retry without the tunnel just to try to connect to that machine. If you still have problems you’ve probably messed up the config or something else is blocking the connection – depending on the error.
Connecting VNC
Once you've logged in and sitting at shell, leave that running and open up your VNC Viewer and type the following:
Server = localhost:1
Then press OK! Here 1 means to connect to local port 5901 since the vnc server port starts from port 5900.
If all is successful you should be sitting at the desktop of your Machine 1.
Connecting From a Linux Machine
First, verify that you can connect from Machine 3 to Machine 2:
| Code: Verify SSH connection |
machine3 $ ssh username@machine2 Password: machine2 $ exit |
You should be prompted for the password. You may be prompted to accept the host key if you've never made this connection before.
To start the tunnel, run the following on Machine 3:
| Code: Start the Tunnel |
machine3 $ ssh -X -f username@machine2 -N -L 1111:machine1:5900 |
Here are the parts of the command in detail:
- ssh is the base command
- -f tells ssh to fork to the background
- username is the name you use to login on Machine 2
- machine2 is the hostname of Machine 2. This could be a FQDN (like machine2.your.tld), a hostname (if your host configuration allows it), or an IP address
- -N tells ssh not to open a remote port
- -L performs the actual forwarding, with its arguments being
- 1111, a port on which Machine 3 will listen. This can be any 'high' port number.
- machine1, the hostname of Machine 1
- 5900, the port on Machine 1 on which to connect. The last digit of this is equal to the display number of SSH. Common defaults are '0' and '1' ('5900' and '5901' respectively).
Optionally, -X enables X11 forwarding, which isn't used for this application. After connecting, you should be asked for the password to establish the tunnel. Still on Machine 3, connect through the tunnel:
| Code: Start the Tunnel |
machine3 $ vncviewer localhost::1111 |
Note carefully the two colons, meaning 'port' rather than 'display'. You can also connect with a vncviewer GUI, specifying the same host::port string. You should be asked for the password.
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and list their apartments, townhouses and units.