Access your Linux computer graphically and securely using SSH and VNC
When you are out traveling or just at work, the need sometimes arises when you have to access your computer at home. This article will show you how to access your computer in a simple and secure way. The article is focused on Ubuntu, but can just as well be used with the remote desktop features of Windows XP.
We first of all want to create a secure channel between your current computer and your machine at home, and what better tool for the job than OpenSSH. In Ubuntu, you may install the SSH server by installing the packet called “openssh-server” like so:
sudo apt-get install openssh-server
This will enable remote connections into your computer on port 22, which is the standard SSH port. If your computer sits behind a router, you must forward the port to the computer from the router.
The next step is to enable the remote desktop facilities of the Gnome desktop in Ubuntu, by opening the “System” menu, “Preferences” and then selecting “Remote desktop”. You will be presented with a dialog like the following:
The options are self-explanatory, and since you will be connecting to it when you yourself are not around, be sure to untick “Ask you for confirmation”. This will start the VNC server at port 5900, which you should not expose to the internet. Instead, here is where SSH comes into play.
The primary purpose of SSH is to allow secure text-based remote management capabilities to servers. It can however tunnel arbitrary traffic over it too, and VNC traffic is of course not an exception. The endpoint should be to be able to connect to port 5900 which runs the VNC server, so we need to tell SSH to create a tunnel from the current computer to the home computer and then on to the VNC server. Let’s select port 50000 for the start of the tunnel, but it can be any free port between 1024 and 65535. If you are fortunate enough to be running Linux on your work computer, connect to your home computer using the following command:
ssh -l username -L 50000:localhost:5900 your.home.pc
Let’s take a minute to analyze this command. You issue the ssh command, and -l lets you specify which user-name to connect as. -L is the magic part where we specify endpoints of our SSH tunnel. The tunnel starts at port 50000 of the local computer, then travels to the SSH server on the other side. It then looks at the endpoint which is localhost port 5900, which happens to be the VNC server! The last part is to specify a host-name or IP-address to your home computer. It can of course also be done in Windows using the popular PuTTY terminal:
On the first screenshot we specify which host to connect to, and the tunnel is set using the tunnel settings. The screenshots should be self-explanatory. Just don’t forget to click the add button to actually enable the tunnel.
After logging into the server either using a Linux or Windows machine, the time has come to actually try this out by connecting a VNC client to the server. Ubuntu users have a VNC client installed under “Applications” – “Internet” – “Terminal Server Client”, and Window users may for example download UltraVNC viewer. If you don’t want to install anything, choose the “Ultr@VNC Standalone Viewer” package, which only contains a zipped viewer.
To connect, we only need to specify the start of the SSH tunnel and it should take the data to its destination automatically.
Connect to localhost port 50000 like we specified for the start of the tunnel earlier. Notice the extra colon – we need to write this way since we are not connecting to a particular display. Remember to set the quick options in UltraVNC to “MEDIUM” if you have slow connection to make the interface relatively snappy and useful.
Click connect, and if everything works you should be prompted for the password you specified when configuring the VNC server earlier.
The SSH tunnel can of course also be used to secure Windows Remote Desktop access. It uses port 3389 by default and you might not have an SSH server running on a Windows client, but perhaps you have another Linux machine on your network? In that case, you can connect to the Linux server using SSH and set the endpoint of the tunnel to your Windows client. The following is an example in the Linux SSH notation:
ssh -l username -L 50000:192.168.0.10:3389 my.home.linux.server.pc
It works just like before, but instead of just looping the connection to localhost, it will forward the connection to 192.168.0.10 port 5900 on your network, and if that happens to be your Windows client you should be able to connect.
Hi John,
Thanks a lot. I have been searching the net for many days for this. I greatly appreciate the way you have written this. I am going to try it out on a ubuntu-to-ubuntu connexion. Hope it works great.
will come back with the results.
great job…keep it going…
[quote comment="27679"]Hi John,
Thanks a lot. I have been searching the net for many days for this. I greatly appreciate the way you have written this. I am going to try it out on a ubuntu-to-ubuntu connexion. Hope it works great.
will come back with the results.
great job…keep it going…[/quote]
Thanks! I’m glad that you have some use for this article.
Hi john
I wish to talk to u bout the LTH@Lund univ…can u pls mail me ..its a bit urgent.. ive entered my mail ID there…
kind regards
AK
you have given us a nice tutorial, I have added a link on my blog to make more useful. but i found this good way to around for port forwarding in case if VNC.
so waht about this ??
$ ssh -X user-name@ip-address
$ vncviewer localhost
http://techfandu.blogspot.com/2007/08/speed-up-hostel-pc-using-port.html
[quote comment="45042"]you have given us a nice tutorial, I have added a link on my blog to make more useful. but i found this good way to around for port forwarding in case if VNC.
so waht about this ??
$ ssh -X user-name@ip-address
$ vncviewer localhost
http://techfandu.blogspot.com/2007/08/speed-up-hostel-pc-using-port.html/quote
Thanks!
Well, this would use X11 forwarding to your remote host over SSH and then run vncviewer through it. Sure, why not, although I would think that this method is probably slower than directly tunneling VNC over SSH since the additional X11 layer is added.
Still an interesting solution – thanks!
Hi Johnny
I was able to connect to my remote computer using the ssh -X username@ipaddress and was able to access it. However it did not allow vnc to connect to it. (Probably some setting on that system is required). I don’t mind it though coz i can still see all my data. However, i want to copy data from that computer to my current computer in konqueror etc. When i try now it says it can’t be copied. How to go about this?
Awaiting an early reply.
Regards
hildebrand victor
@ johnny
I did not face any difference using vnc over port forwarding or X forwarding. both are equally slow in hostel lane.
@hildebrand victor
for copying , you need to use scp command, rather than, ssh -X, you are able to connect both pc using ssh then you can copy also,
1 ) scp
2) use gftp software, it is the best way, write host ip , user name, password, and select SSH2, and press enter.
3 ) using sshfs you can mount remote directory , it will be just like having a folder in your desktop, all the access (copy paste) action will be reflected at remote.
4 ) I do not use sshfs, In fedora , do to places , and then click on connect to server.
Narendra Sisodiya : http://techfandu.googlepages.com/
[quote comment="45310"]I did not face any difference using vnc over port forwarding or X forwarding. both are equally slow in hostel lane.[/quote]
Interesting. Thanks for trying it out. I will try it on a fast connection when I have time.
[quote comment="45171"]However, i want to copy data from that computer to my current computer in konqueror etc. When i try now it says it can’t be copied. How to go about this?[/quote]
In a local Konqueror window, use the sftp or fish kio-slave. In the address bar, type sftp://user@host and you should see the remote files and you can just drag and drop them to your local machine. sftp:// works in Nautilus for Gnome as well.
little update,,, on
$ ssh -X user-name@ip-address
$ vncviewer localhost
we can use -via option of vncviewer
like,,
$ vncviewer -via user-name@ip-address1 ip-address2
ip1 and ip2 can be same,,,,
Thanks for the tutorial. I was able to make a connection to my home machine using the Terminal Server Client. The only problem is that the only part of my home screen is the small area where authentication window was which is probably only about 1/20th of the whole screen. The rest is blank. Any ideas ? Again thanks for the help Johnny.
Hello Johnny,
Thank you for the tutorial. I found this one much more straightforward than any other on the web. But I am still a little confused about the ports. As you explained above when you tunnel thru ssh via:
$ ssh -l username -L 50000:localhost:5900 your.home.pc
you said 50000 is the port on my machine, 5900 is the port on remote machine. But I’ve seen some other people use “-p 22″ or any nonstandard port number such as “-p 1023″. What is this port defined by -p as in, for example:
$ ssh -l username -L 50000:localhost:5900 -p 22 your.home.pc
@shak Hello,
In you example, port 22 is the port where the SSH server listens for incoming connections. This is where the SSH client will connect. Port 50000 is where the tunnel will listen for incoming connections, and these connections will then be forwarded to the host localhost on port 5900 on the other side.
So there are two steps involved here:
1. The SSH connection is established, which is done from from the client to the server on port 22.
client:anyport –> your.home.pc:22
2. The tunnel is established over the above connection. It has its endpoints in the client port 50000 and the remote host at localhost:5900 like this.
client:50000 => client:anyport –> your.home.pc:22 => localhost:5900
The endpoint localhost:5900 could be changed to any host and port, like http://www.google.com:80 that the SSH server can access, so then the tunnel will terminate there instead. So if you go to localhost:50000 on your client, you will end up at http://www.google.com on port 80, tunneled through your SSH connection.
Hope I didn’t confuse you even more.
Johnny,
Thanks a lot! Can’t be any better explanation than this.
I’ve changed the standard SSH port (22) on my server to something else, and I will need to forward that port from my Wireless router and then I should be set.
Windoze???
BUAHHHHHHH!! …what for?