Forward VNC through SSH
Frequently I need to access my LinuxMCE machine over VNC, due to different reasons (when I am not home, when my Wii Remote batteries died, etc..). Usually SSH solves most of my needs, but sometimes it is very nice to control my linuxMCE box over VNC.
Here I will show you several very easy steps on how to configure your server/client to be able to tunnel VNC traffic through SSH, and be able to control your server in the GUI way 
This approach will work on most systems (not LinuxMCE specific) although here I chose Ubuntu as an “example OS”.
Before we begin, I would assume that:
- The server already has ssh server installed, if not:
sudo apt-get install openssh-server
- If connecting from the outside (like from work to home box), your router’s firewall forwards port 22 to your server’s IP
Here is how it is done:
Server Side Configuration
1. Installing VNC server, here I chose to install x11vnc, but it could be pretty much any VNC server of your choice (TightVNC, etc..):
sudo apt-get install x11vnc
2. Now let’s finish our server configuration by running the VNC server:
x11vnc
by default it is going to run without a password, and on port 5900
Client Side Configuration
1. In order to connect to the VNC server, we need to have a VNC viewer installed:
sudo apt-get install xvncviewer
* again, it can be pretty much any VNC viewer of your choice
2. Now the most interesting part of this whole process - enter this command:
ssh -L 5900:127.0.0.1:5900 yourusername@yourserver.com
this tells your system to tunnel all the traffic from the port 5900 on “yourserver.com” to the local (client’s) port 5900 via SSH. Simple, and yet very powerful - a “magic one-liner”
3. Fire up another shell on the client side and enter:
xvncviewer 127.0.0.1
do you see a cute colorful square screen? Do you recognize your server’s Desktop?
Done
P.S. For LinuxMCE specifically, you should also add a couple firewall rules:
- Go to the LinuxMCE web admin
- From the upper menu, go to “Advanced -> Network -> Firewall rules”
add this three rules:
tcp 5900 to 5900 5900 192.168.80.1 port_forward tcp 5900 to 5900 0 0 core_input tcp 22 to 22 0 0 core_input
- The first rule allows external network (Internet) to access the VNC server on the Core (LinuxMCE server)
- The second rule allows anybody inside the home network ( since it is not wise to open 5900 port on your router to the whole world ) to have their 5900 port to be forwarded to the Core.
- The third rule (I think you already have it) allows anybody to access LinuxMCE server via port 22 (SSH)
Be careful about the rules above, as I assume that your LinuxMCE server is behind another firewall, cause you really do not want to open 5900 port to the public
hardware howto interesting linux linuxmce software technology tutorials ubuntuYou can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
July 16th, 2008 at 5:23:53
Thx man - that is a great info you have here.. You know, I spent a couple of weeks trying to get linuxmce guys to answer me (IRC, linuxmce forum, etc..), but no straight answer.. more like “you don’t need it - you have orbiters and ssh for that”. But I do really NEED it, and many other people need it to according to other posts.
thx!
* Lux.
September 21st, 2008 at 18:40:14
This is brilliant! Now I can access my home PC from work! VERY NICE!
You know what that means, right?
).
That means if I have a connection to my home box via port 22 from my work, I do no longer care if access to some websites/resources is filtered (websensed
Now I can go to any website I like from work, with NO traces - niiice, I liike!
Thanks for the arcticle - very useful. Bookmarking it!