I was discussing VNC this afternoon with some students and the question came up on how to secure VNC.  As you may have noticed most network protocols do not have much for built in security.  Many rely on other programs for their network security needs, such as ssh.  This is also the case with VNC.

If you use VNC regularly to connect to other Linux machines you may want to consider adding a lower-layer of encryption with ssh.  Here is a quick run-down on how that is done:

If you look at the man page for vncviewer (man (1) vncviwer) you’ll notice there is a small section for -via.  The -via option, as outlined in the man page will do:

Makes the connection go through SSH to a gateway host.  The gateway should be the target host for best connection secrecy.

Basically this is saying that you can tunnel VNC over SSH within your connection command.  Let’s give it a try.

vncviewer -via user@host localhost:0

This, of course, will require that you have both ssh and vnc access to a remote machine.

I post tutorials very regularly on this site. You may want to consider subscribing to the RSS feed. Or if you'd prefer these tips sent to your inbox you can use Email Subscriptions.

Related Posts

Random Posts

-->

Comments

12 Responses to “VNC over SSH : securing the remote desktop”

  1. LaserJock on June 12th, 2007 8:59 pm

    Christer, nice post. Just one comment on your blog. Would it be possible to move the top Google ads lower or on the right? It always throws me off as the beginning is a skinny little column of text on the right that’s only 3-4 words wide. It makes it a bit difficult to read for me.

  2. Aaron Throckmorton on June 12th, 2007 9:09 pm

    So how do you setup vnc on a server or desktop to accept connections using ssh?

  3. Clint Savage on June 12th, 2007 11:30 pm

    Hey Christer,

    I’d say that you didn’t ready my post from a while back on this same subject. I like that you are learning though. Linux rocks!!

    http://fedora-tutorials.com/2007/03/14/vnc-seeing-linux-in-linux/

    Cheers,

    Clint

  4. Malcolm Parsons on June 13th, 2007 2:34 am

    I didn’t know vncviewer had that option.
    I’ve been manually setting up ssh port forwarding of port 5900 for years.

  5. mike on June 13th, 2007 4:16 am

    So, when will this be added into rdesktop, the most usually installed application for the task of connecting remote desktops via rdp and vnc?

  6. Mario on June 13th, 2007 3:53 pm

    For the last 2 years i’ve always manually set up a port forward for VNC. This is ingenious.

  7. Carmelo Lisciotto on June 16th, 2007 5:04 pm

    Chris, nice blog, keep it going…

    Carmelo Lisciotto

  8. Wes Turner on June 26th, 2007 10:30 pm

    Good call on the -via command. While it’s a considerably heavier setup, nx server seems worth mentioning.

    https://help.ubuntu.com/community/FreeNX

  9. Compressing VNC Connections over SSH (vncviewer -via) : Ubuntu Tutorials : Breezy - Dapper - Edgy - Feisty on June 27th, 2007 1:56 pm

    [...] might remember a recent tutorial I did on securing VNC via SSH with the -via option of vncviewer.  Today I started looking into it more with one of my students [...]

  10. browser on September 6th, 2007 9:14 pm

    for more advanced vnc over setup : http://users.rcn.com/tushar.manglik/

  11. Dave on October 5th, 2007 1:50 am

    Nice article! I assume the ‘via’ option causes vncviewer to connect to remote port 22? How would you go about doing this if you were running SSH on another port?

    In my case, remote ssh is listening on 22, but the machine is behind a router forwarding port xxx to machine:22..

  12. Sam on June 1st, 2008 11:27 am

    Just managed to achieve the above:
    vncviewer -via “user@host -p port” localhost:0

Leave a Reply




    OSCON


    OSCON 2008

    Subscribe to the RSS feed!


    subscribe to the ubuntu tutorials RSS feed

    Polls


  • Regarding the Ads on Ubuntu Tutorials...

    • I dislike all web-based ads and use AdBlock (or similar) to destroy them! (49%, 155 Votes)
    • I don't mind the text-based ads on ubuntu-tutorials.com and currently view them. (31%, 99 Votes)
    • I would be willing to disable AdBlock (or similar) for this site considering I have found it helpful. (16%, 51 Votes)
    • I subscribe to ubuntu-tutorials.com via RSS or email so ads are a non-issue. (15%, 48 Votes)
    • I'd be willing to use the "Donate" button instead of see ads. (5%, 17 Votes)

    Total Voters: 316

    Loading ... Loading ...

  • Blogroll

  • Ads by Google