Step-by-Step instructions for getting connected to a remote server with ssh and VNC:
In order to gain access to the graphical display of a remote server, you will use VNC and ssh. VNC stands for 'virtual network computing' and is a way to transport the graphics from a remote computer's desktop through the network to your local computer. VNC is not particularly safe, in order to mitigate the security risk, we use ssh (secure shell) to encrypt the VNC connection and create a safe network tunnel from the remote server to your local PC. Here are the steps needed to get an ssh-tunneled connection for VNC to work:- On your local PC/Mac/Linux device, open a command line shell and generate an RSA lock/key pair:
ssh-keygen -t rsa
You can also watch this short video which explains the concepts of public/private key pairs, and demonstrates how to generate a public rsa key. The commandline shell window under Windows is called 'cmd', look for it in the search field in the lower left corner of your screen. For Macs, the terminal app can be found under Applications (a black rectangle icon). After issuing the above command, simply hit enter until you get back to the command line. Watch the screen for the location of your private/public key/lock pair, typically in C:\Users\your_user_name\.ssh). - Attach the public lock (id_rsa.pub) file to an e-mail and send it to the system administrator.
- Connect to your account on the server:
ssh your_user_name@server
where 'your_user_name' is the username assigned by the system administrator on the remote server, and 'server' is the remote computer (e.g., jane@uslims.uleth.ca, or jane@142.66.17.10). - generate a VNC password by typing at the command line from the server:
vncpasswd
Your password will not be shown, and backspace/delete keys are ignored. If you make a mistake, abort this command with 'Ctrl-C' and hit the up-arrow or retype 'vncpasswd'. - Start your VNC server:
sudo vncctl start
Note the display port for your own personal display on the remote computer. Display ports always start with the two numbers '59'. The port on this number serves the graphical desktop only for your account to a remote computer. You will connect to it using a vncviewer client. To connect, you will need to establish an ssh tunnel, through which the VNC port can be safely transmitted, ssh provides secure communications and encrypts all communications in transit, so nobody else can listen in on your connection or hack into the server. ssh access is also tightly controlled on the remote server so only authorized users can connect. - Exit the terminal connection to the server:
exit
You should now see the prompt from your local computer again. - Next, establish a secure shell tunnel to the remote server and forward your VNC display port to your local computer. The remote display port and the local display port can be different. On the local computer you are the only user, so you can use the first '59' port, for example, 5901. The command below tunnels the port through ssh and forwards it to your local computer's VNC client/viewer:
ssh -fNCL 5901:localhost:59nn your_user_name@server
where 'nn' stands for your VNC display port number. Here is what this command means: 'ssh' is the secure shell command, the program that encrypts your connection to the remote server. '-fNCL' is the command switch to ssh that tells the program to forward the vnc port 59nn from the remote server to the local port 5901 on your 'localhost' computer, i.e., your own local PC. 'your_user_name@server' tells the program to connect to your account on the server, where you have an ssh digital lock/key combination (the two files id_rsa.pub and id_rsa) that authenticates you for this server.PLEASE NOTE: On Windows PCs the '-f' switch doesn't do anything, the Windows version cannot work in the background. That means your command will not return to the commandline until you stop the command with 'Ctrl-C'. The command appears to "hang". This is normal, as long as the command "hangs", the tunnel is open, and you can connect to the remote display by connecting to your localhost's 5901 port.
- Start your vnc viewer client and connect it to 'localhost:5901'.
There are different VNC programs available. You only need to install the VNC viewer components of these programs, unless you want to turn your own computer into a VNC server, which is typically not needed. For Windows, UltraVNC is recommended, for Linux computers Remmina is a good choice, though there are many others. Newer Macintosh computers have a VNC viewer built in, in your top menu bar, select the "Go" entry and then click on "Connect to server..." at the bottom. Enter: 'vnc://localhost:5901' in the dialog that pops up. For older Macs, you could use RealVNC, really old Macs can be made to work with Chicken of the VNC.