in Technology

Access your Linux computer graphically and securely using SSH and VNC

When you are out traveling or just at work, the need sometimes arises when you have to access your computer at home. This article will show you how to access your computer in a simple and secure way. The article is focused on Ubuntu, but can just as well be used with the remote desktop features of Windows XP.

We first of all want to create a secure channel between your current computer and your machine at home, and what better tool for the job than OpenSSH. In Ubuntu, you may install the SSH server by installing the packet called “openssh-server” like so:

sudo apt-get install openssh-server

This will enable remote connections into your computer on port 22, which is the standard SSH port. If your computer sits behind a router, you must forward the port to the computer from the router.

The next step is to enable the remote desktop facilities of the Gnome desktop in Ubuntu, by opening the “System” menu, “Preferences” and then selecting “Remote desktop”. You will be presented with a dialog like the following:

The options are self-explanatory, and since you will be connecting to it when you yourself are not around, be sure to untick “Ask you for confirmation”. This will start the VNC server at port 5900, which you should not expose to the internet. Instead, here is where SSH comes into play.

The primary purpose of SSH is to allow secure text-based remote management capabilities to servers. It can however tunnel arbitrary traffic over it too, and VNC traffic is of course not an exception. The endpoint should be to be able to connect to port 5900 which runs the VNC server, so we need to tell SSH to create a tunnel from the current computer to the home computer and then on to the VNC server. Let’s select port 50000 for the start of the tunnel, but it can be any free port between 1024 and 65535. If you are fortunate enough to be running Linux on your work computer, connect to your home computer using the following command:

ssh -l username -L 50000:localhost:5900 your.home.pc

Let’s take a minute to analyze this command. You issue the ssh command, and -l lets you specify which user-name to connect as. -L is the magic part where we specify endpoints of our SSH tunnel. The tunnel starts at port 50000 of the local computer, then travels to the SSH server on the other side. It then looks at the endpoint which is localhost port 5900, which happens to be the VNC server! The last part is to specify a host-name or IP-address to your home computer. It can of course also be done in Windows using the popular PuTTY terminal:



On the first screenshot we specify which host to connect to, and the tunnel is set using the tunnel settings. The screenshots should be self-explanatory. Just don’t forget to click the add button to actually enable the tunnel.

After logging into the server either using a Linux or Windows machine, the time has come to actually try this out by connecting a VNC client to the server. Ubuntu users have a VNC client installed under “Applications” – “Internet” – “Terminal Server Client”, and Window users may for example download UltraVNC viewer. If you don’t want to install anything, choose the “[email protected] Standalone Viewer” package, which only contains a zipped viewer.

To connect, we only need to specify the start of the SSH tunnel and it should take the data to its destination automatically.


Connect to localhost port 50000 like we specified for the start of the tunnel earlier. Notice the extra colon – we need to write this way since we are not connecting to a particular display. Remember to set the quick options in UltraVNC to “MEDIUM” if you have slow connection to make the interface relatively snappy and useful.

Click connect, and if everything works you should be prompted for the password you specified when configuring the VNC server earlier.

The SSH tunnel can of course also be used to secure Windows Remote Desktop access. It uses port 3389 by default and you might not have an SSH server running on a Windows client, but perhaps you have another Linux machine on your network? In that case, you can connect to the Linux server using SSH and set the endpoint of the tunnel to your Windows client. The following is an example in the Linux SSH notation:

ssh -l username -L 50000: my.home.linux.server.pc

It works just like before, but instead of just looping the connection to localhost, it will forward the connection to port 5900 on your network, and if that happens to be your Windows client you should be able to connect.