Wednesday, November 22, 2017

VNC + SSH Tunnel: In a Pinch

So you need an encrypted tunnel to a workstation; you have PuTTY, VNC and SSH, but you're hitting a wall somewhere.  Good news: you're in luck - you have the tools you need and the configuration is simple.

Sometimes trying to configure three tools to work in harmony can be a daunting task when you've never performed a similar configuration, when you don't know what to expect, and certainly when you're pressed for time.

What You Will Do, What will Happen

You're going to configure an PuTTY SSH session to an SSH / VNC server in conjunction with a PuTTY SSH tunnel.  You will then log into the remote SSH server using your saved PuTTY session, and using VNC, you'll connect to the localhost PuTTY SSH tunnel.  The tunnel will be used for the encrypted session between your client and the SSH+VNC server.

Configure a PuTTY SSH+tunnel Session

If you don't have PuTTY, get a copy here.

Configure an SSH session for the SSH+VNC server you wish access, then save the configuration:

In this example, the session is saved as"MacTitan (VNC)".  The SSH server name is "MacTitan.local", and the port is the standard ssh port, 22.  I'll refer back to this configuration as your "PuTTY SSH+tunnel" session.


Next, open SSH -> Tunnels and add a configuration for the VNC host, then click "Add".




The "destination" is the SSH host you configured above, using this syntax: hostname:listening_port.

The "Source port" is your localhost host listening port for VNC.  Clicking "Add" makes a configuration available for use, but it's not permanent until you save the session.


Be certain you save this configuration to your freshly minted PuTTY SSH+tunnel session.

Start an SSH Tunnel Server on your SSH+VNC Host

Using your PuTTY SSH+tunnel session, log into your SSH server using your <username> and start an SSH tunnel using the following command:

$ ssh -N -f -L 5901:localhost:5900 <username>@localhost

ssh will prompt you for your password.

Next, verify that the server is running using "ps aux | grep ssh"


If it's not running, try using the "-v" switch to understand where the failure is occurring.

For more information on the SSH command, see here: explainshell.com

PuTTY: Login to SSH Server

Assuming you're already logged in via the previous step, you can skip this (you don't need to log in twice).

Using the PuTTY SSH+Tunnel  session login to the SSH/VNC server.



VNC to localhost

If you don't have VNC, you can download it here.  

Start a VNC session to the localhost (127.0.0.1).  You may specify the port (5900) like this (localhost:5900 or 127.0.0.1:5900), but it is not required.  


And enjoy your encrypted session:


To Do

Configure a solution that does not require one to open a terminal session into the server.