SSH Tunnelling (for VNC)

  • Because VNC doesn't encrypt it's traffic and SSH with public/private key authentication (described in later slides) is less prone to brute force attacks than VNC with a password, it is recommended to connect to the remote host with SSH and use VNC through SSH, as we describe here.

  • Once you have SSH working, using VNC through SSH is easy.

    • First you create a tunnel to the remote server using a command such as ssh -f -L 5900:localhost:5900 username@ip-address "sleep 120"

    • Then you start vncviewer as usual

    • 5900 can be replaced by another portnumber, specifically the VNC port to which you wish to connect, as described on a previous slide.

    • 120 is replaced by the number of seconds for which you want the tunnel to exist, without it being used. It is recommended you keep this low, as it only needs to be left open this way for as long as it takes you to to go from opening the tunnel to vncviewer starting up.