Jun
12
VNC over SSH : securing the remote desktop
Filed Under Security
I was discussing VNC this afternoon with some students and the question came up on how to secure VNC. As you may have noticed most network protocols do not have much for built in security. Many rely on other programs for their network security needs, such as ssh. This is also the case with VNC.
If you use VNC regularly to connect to other Linux machines you may want to consider adding a lower-layer of encryption with ssh. Here is a quick run-down on how that is done:
If you look at the man page for vncviewer (man (1) vncviwer) you’ll notice there is a small section for -via. The -via option, as outlined in the man page will do:
Makes the connection go through SSH to a gateway host. The gateway should be the target host for best connection secrecy.
Basically this is saying that you can tunnel VNC over SSH within your connection command. Let’s give it a try.
vncviewer -via user@host localhost:0
This, of course, will require that you have both ssh and vnc access to a remote machine.
I post tutorials very regularly on this site. You may want to consider subscribing to the RSS feed. Or if you'd prefer these tips sent to your inbox you can use Email Subscriptions.
Related Posts
Random Posts
-->Comments
12 Responses to “VNC over SSH : securing the remote desktop”
Leave a Reply
Regarding the Ads on Ubuntu Tutorials...
- I dislike all web-based ads and use AdBlock (or similar) to destroy them! (49%, 155 Votes)
- I don't mind the text-based ads on ubuntu-tutorials.com and currently view them. (31%, 99 Votes)
- I would be willing to disable AdBlock (or similar) for this site considering I have found it helpful. (16%, 51 Votes)
- I subscribe to ubuntu-tutorials.com via RSS or email so ads are a non-issue. (15%, 48 Votes)
- I'd be willing to use the "Donate" button instead of see ads. (5%, 17 Votes)
Total Voters: 316
Loading ...-
Blogroll
OSCON
Subscribe to the RSS feed!
Christer, nice post. Just one comment on your blog. Would it be possible to move the top Google ads lower or on the right? It always throws me off as the beginning is a skinny little column of text on the right that’s only 3-4 words wide. It makes it a bit difficult to read for me.
So how do you setup vnc on a server or desktop to accept connections using ssh?
Hey Christer,
I’d say that you didn’t ready my post from a while back on this same subject. I like that you are learning though. Linux rocks!!
http://fedora-tutorials.com/2007/03/14/vnc-seeing-linux-in-linux/
Cheers,
Clint
I didn’t know vncviewer had that option.
I’ve been manually setting up ssh port forwarding of port 5900 for years.
So, when will this be added into rdesktop, the most usually installed application for the task of connecting remote desktops via rdp and vnc?
For the last 2 years i’ve always manually set up a port forward for VNC. This is ingenious.
Chris, nice blog, keep it going…
Carmelo Lisciotto
Good call on the -via command. While it’s a considerably heavier setup, nx server seems worth mentioning.
https://help.ubuntu.com/community/FreeNX
[...] might remember a recent tutorial I did on securing VNC via SSH with the -via option of vncviewer. Today I started looking into it more with one of my students [...]
for more advanced vnc over setup : http://users.rcn.com/tushar.manglik/
Nice article! I assume the ‘via’ option causes vncviewer to connect to remote port 22? How would you go about doing this if you were running SSH on another port?
In my case, remote ssh is listening on 22, but the machine is behind a router forwarding port xxx to machine:22..
Just managed to achieve the above:
vncviewer -via “user@host -p port” localhost:0