1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial Jamesiswizard_1 tunnelling vnc over ssh

Discussion started by jamesiswizard_1, Jan 10, 2013.

  1. The following topics are covered in this guide -

    Virtual Network Computing (VNC) can be used to access another PC over a network - including over the internet. A VNC connection can be used to transfer files (not supported in all versions) or as a graphical desktop sharing system to access a remote PC (similar in practice to Microsoft's Remote Desktop). There are security issues when using VNC applications - the following information was taken from the TightVNC website but applies to other VNC applications (highlights have been added by myself) -
    "Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk....if you need real security, we recommend installing OpenSSH, and using SSH tunnelling for all TightVNC connections from untrusted networks."
    Although TightVNC has been used in this guide it can easily be replaced with other versions of VNC. In fact, if the VNC version adheres to VNC code then a viewer from one version can be used to connect to a server using a different version.
    VNC applications are usually comprised of a server and a viewer. The server should be installed on the SSH server set up earlier. If the preceding section of this guide was followed you will already have a working SSH server.
    There are two distinct methods of running the TightVNC server, either as an application or as a service. If the VNC server is running as an application then it can only be accessed after logging in to the server using a valid user account, and will be closed when the user logs out or restarts the PC. Due to these restrictions we will be installing the VNC Server as a service. Running the VNC server as a service allows the PC on which it is installed to be accessed even when there is no user logged in - e.g. after a reboot before a user account is selected.
    Two versions of TightVNC are covered in this guide, use version 2.0 if using Windows 7 as older versions of TightVNC are not fully compatible with this operating system and cannot register the TightVNC server as a service -

    TightVNC Server (version 1.3.10)

    1. Install TightVNC. If the Windows installer package is used the default install location isC:\Program Files\TightVNC\.
    2. To install WinVNC as a service start a command prompt with Administrator privileges and enter the following command -
      "C:\Program Files\TightVNC\WinVNC.exe" -install [enter]
    3. open a command prompt and start the VNC Server using the command -
      net start winvnc [enter]
    4. The TightVNC configuration window should open. Enter a password in the Server tab settings - the password can be up to eight characters in length. After the password has been set click on the Apply button -
    5. Select the Administration tab and enable Allow loopback connections and Allow only loopback connections, then click on Apply and OK -
    To make any further changes to TightVNC's configuration settings open the TightVNC properties dialog via the taskbar.
    No further steps are required to configure the server. Connect to the SSH Server from the client PC using PuTTY before starting the VNC Client (see
    Login to view Links).

    TightVNC Server (version 2.0 beta1)

    1. Install TightVNC. If the Windows installer package is used the default install location isC:\Program Files\TightVNC\.
    2. To install tvnserver as a service if this option was not selected during installation, start a command prompt with Administrator privileges and enter the following command then restart the PC -
      "C:\Program Files\TightVNC\tvnserver.exe" -install [enter]
    3. Open the TightVNC Service Configuration windows via the icon in the taskbar and uncheck the Use passwords (VNC authentication) option in the Server tab-
      Note - as we will only be allowing loopback connections to tunnel TightVNC through a SSH connection it is safe to disable password authentication.
    4. Select the Access Control tab and select Allow loopback connections and Allow only loopback connections, then click on Apply and OK -
    Connect to SSH Server

    As the VNC Server has been configured to allow loopback connections only it will not respond to attempts to connect via port 5900 (the default port) - all connections will be routed through a Secure Shell tunnel.
    To create a Secure Shell tunnel through which to encrypt the VNC stream use PuTTY (follow the instructions
    Login to view Links)

    TightVNC Client

    To connect to the VNC server you will need a VNC viewer installed/copied to the client PC. We will be using the TightVNC viewer. Assuming that the server already has SSH installed with TightVNC server running and the client PC has opened an SSH tunnel using the settings in this guide -

    1. Start the TightVNC viewer (C:\Program Files\TightVNC\vncviewer.exe) on the client PC and enter in the VNC Server box -
      Note - If TightVNC Server version 2.0beta1 is running on the server and the settings covered in this guide have been used no password is required and the viewer should automatically connect to the server.
    2. If TightVNC Server version 1.3.10 is running on the server you will be prompted to enter the password set in step 4 -
    3. You should now see the server's desktop - possibly with the wallpaper removed -
    Last edited: Sep 17, 2014
  2. di ko magets to sir james..=)...wala ba tayong mas madaling paliwanag po sorry lowgets ata ako=) salamt!
    jamesiswizard_1 likes this.
  3. parang team viewer
    japoy03 likes this.
  4. ah un oh=) salamat po =)..kala ko may kinalaman sa shh na network eh...
    jamesiswizard_1 likes this.
  5. may kinalaman din.,at pang peer to peer ito
    japoy03 likes this.
  6. Patry naman idol (y):sneaky:
    jamesiswizard_1 likes this.
  7. sige lang enjoy
  8. boss pwede ba to sa globe tattoo?
    kailangan po ba yung dalawang version ng server..? or kahit isa lang doon?
    jamesiswizard_1 likes this.
  9. imbaustic

    imbaustic Forum Guru Established

    nice share keep it up (y).
    jamesiswizard_1 likes this.
  10. welcome bro
  11. jamesiswizard_1 likes this.
  12. kahit anu.,
  13. try ko nga.. :)
  14. sige lang
  1. PHCorner uses cookies to help personalise content and tailor your experience. By continuing to use this site, you are consenting to our use of cookies. Accept Learn More
    Dismiss Notice