VNC over SSH : securing the remote desktop

By | 2007/06/12

I was discussing VNC this afternoon with some students and the question came up on how to secure VNC.  As you may have noticed most network protocols do not have much for built in security.  Many rely on other programs for their network security needs, such as ssh.  This is also the case with VNC.

If you use VNC regularly to connect to other Linux machines you may want to consider adding a lower-layer of encryption with ssh.  Here is a quick run-down on how that is done:

If you look at the man page for vncviewer (man (1) vncviwer) you’ll notice there is a small section for -via.  The -via option, as outlined in the man page will do:

Makes the connection go through SSH to a gateway host.  The gateway should be the target host for best connection secrecy.

Basically this is saying that you can tunnel VNC over SSH within your connection command.  Let’s give it a try.

vncviewer -via user@host localhost:0

This, of course, will require that you have both ssh and vnc access to a remote machine.

16 thoughts on “VNC over SSH : securing the remote desktop

  1. LaserJock

    Christer, nice post. Just one comment on your blog. Would it be possible to move the top Google ads lower or on the right? It always throws me off as the beginning is a skinny little column of text on the right that’s only 3-4 words wide. It makes it a bit difficult to read for me.

    Reply
  2. Aaron Throckmorton

    So how do you setup vnc on a server or desktop to accept connections using ssh?

    Reply
  3. Malcolm Parsons

    I didn’t know vncviewer had that option.
    I’ve been manually setting up ssh port forwarding of port 5900 for years.

    Reply
  4. mike

    So, when will this be added into rdesktop, the most usually installed application for the task of connecting remote desktops via rdp and vnc?

    Reply
  5. Mario

    For the last 2 years i’ve always manually set up a port forward for VNC. This is ingenious.

    Reply
  6. Carmelo Lisciotto

    Chris, nice blog, keep it going…

    Carmelo Lisciotto

    Reply
  7. Pingback: Compressing VNC Connections over SSH (vncviewer -via) : Ubuntu Tutorials : Breezy - Dapper - Edgy - Feisty

  8. Dave

    Nice article! I assume the ‘via’ option causes vncviewer to connect to remote port 22? How would you go about doing this if you were running SSH on another port?

    In my case, remote ssh is listening on 22, but the machine is behind a router forwarding port xxx to machine:22..

    Reply
  9. Sam

    Just managed to achieve the above:
    vncviewer -via “user@host -p port” localhost:0

    Reply
  10. monty

    does it mean, someone has to be always logged into remote machine.
    like in ssh, if someone else is logged on, i can still make login with my own account,

    whereas in vnc , can i do that? i mean, if u have used windows remote desktop ever, you know what i am talking

    Reply
  11. Christian

    Nice… Did not know about the -via option, how elegant!!!!

    Reply
  12. Pingback: Linux: Headless Ubuntu with VNC

  13. Pingback: Linux: Headless Ubuntu with VNC | Yeehaw Up

Leave a Reply

Your email address will not be published. Required fields are marked *