LinuxQuestions.org - VNC with Putty Tunnel port

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - VNC with Putty Tunnel port (https://www.linuxquestions.org/questions/linux-software-2/vnc-with-putty-tunnel-port-119938/)

VNC with Putty Tunnel port

I found this post by Schreibg

Quote:

Here's a full walkthrough, enable tunnelling via PuTTY over SSH:

Download/install PuTTY on the local computer, and also the vncviewer.
Launch PuTTY. The opening window should have the Session option. Click on the SSH radio button. In the Host Name (or IP address) field, enter the IP address of the remote computer.
For the sake of argument, let's assume that the IP address is
123.456.789.123.
Choose Tunnels suboption in the SSH option.
In the Source port field, enter some arbitrary port number, e.g. 4901.
In the Destination field, enter the IP address of your remote computer and
the port, e.g. 123.456.789.123:5901.
The unix version of vnc uses the port 5900 + display number, so the
first display number is 5901 usually.
The format of the destination is the IP address, colon, port number, as
given in the example above. Make sure local is selected with the radio button at the bottom.
Now click on the Add button.
Go back and click on the Session option, and save this session so you
won't have to re-enter all the information.
Click on the Open button at the bottom of the window, and you'll be able
to connect to your home computer.
Enter the user name (case sensitive) and the password of your
user account (or passphrase for RSA/DSA keyusers)
If everything is fine, you'll be connected to your remote computer.
Now launch vncviewer on the local computer and enter localhost:4901 and
click the OK button.
If you're not prompted for the password for vnc, then either you're not
running vncserver on your remote computer or some information was
incorrectly entered in PuTTY setting.
Good luck.

if I want to remotely log into the server from work, what port do I need to open up on my router?

If you're tunneling VNC through SSH, you need to open port 22. Actually, if you are using a router that isn't your linux box, you need to forward port 22 from your router to your linux box.

That said, your place of work may have its own firewall that blocks port 22 and that may be a tougher problem to solve. Most IT people I know aren't going to be willing to open a hole in the firewall unless there is a really good reason. And even then, they usually aren't too happy about it.

hmm.. strange when I replace his example ip 123.456.789.123 with my enternal ip, i am unable to connect when I connect the vnc to my localhost:4901

any other setting I am suppose to change?

A couple of questions:
Did ssh connect? (like I said in my first post, your work firewall may be blocking port 22). If ssh isn't functioning, you aren't going to be able to tunnel through it.

Is vncserver running on the other end? If so, is it running on terminal 1 (you should be able to determine this with a netstat -al in the ssh terminal to see what port Xvnc is listening to).

I have no problem connecting w/ ssh.

I can connect using vnc behind the router, but when I use the external ip I can only connect only with the putty not the vnc viewer

The only way I can connect though the external ip is to open up port 5901 on my router, but that mean i'm not using ssh tunnel right?

OK, if you can make an SSH connection with Putty, 90% of the battle is won.

When I use Putty, I do everything in the Schreibg post EXCEPT

Quote:

In the Source port field, enter some arbitrary port number, e.g. 4901

Here I actually use 5901 rather than an arbitrary port number. Why? You'll see in a minute....

Now in VNC, when I connect, I connect to localhost:1. Here is where the 5901 bit comes in. The number after the : in this box is the display number, not the port number. In essence, since VNC works on the 5900 series of ports, display 0 is at 5900, display 1 is at 5901, display 2 is at 5902..... And I have no idea where display 4901 would be. I know I'm cutting a fine line here between display and port, but VNC is obviously doing some math with the value after the : and I think that is why you are having trouble.

So, as long as SSH is connected, the tunnel is established and vncserver is running on display 1 (Xvnc should be listening to port 5901 and you can check this with the netstat -al command), there should be no problem connecting. Port 22 should be the ony one you have to forward. And yes, if you have to open port 5901 on your router, you aren't using the ssh tunnel.

Hmm.. ok here are the configuration for putty:
Session -> Logging
Host Name: <my external ip>
Protocal: SSH

Forward Port:
L5901 <my external ip>:5901

I have the vncserver on display :1

After I connect w/ putty, load the vnc client, in the area for VNC Server: localhost:5901

it doesnt do anything when I connect with the vnc client. there wasnt even a message about can not connect.

I think that you are very, very close. It looks like SSH is set up to tunnel properly but I think you've got the VNC client connection wrong. Here is my config that I use on a daily basis. The Slackware box that acts as my ssh and vnc server has an IP address of 192.168.1.10

Putty
Session page:
Host Name box: 192.168.1.10
SSH radio button checked (port 22 in the Port box)
Connections->SSH->Tunnels
Source Port Box has 5901
Destination box has 192.168.1.10:5901
Click on the Add button so that L5901 192.168.1.10:5901 appears in the Forwarded Ports box

Go back to Sessions, save the configuration, then Open.

Once logged into the Slackware box, start vncserver if it isn't already.

Start Windows VNC client. In the VNC server box I put

localhost:1

Note that I do NOT put in localhost:5901. I think that is where you've gone wrong.

are you able to connect from an outside your router? I have no problem connecting in the lan but when I change the ips eg. 192.168.0.10 to the ip of my wan, thats where I can only connect the ssh but not the vnc.

I think I know what is going wrong.....I made the same mistake when I first started doing this and it drove me nuts for about a week.

When you want to connect from outside your lan, you need to change the IP on the Sessions page to your WAN ip but you need to leave the tunnel IP exactly the way it is for your network.

So lets say your router has a WAN ip of 1.2.3.4 and your linux box has an ip of 192.168.1.10

In the Host Name box on the Session page you would have 1.2.3.4 and you would of course have the SSH button selected.

On the Tunnels page, the source port box should have 5901 and the destination box should have 192.168.1.10:5901. So after you click the add button, you still have L5901 192.168.1.10:5901, just as if you were connecting from behind your router.

Then the VNC connection should still be to localhost:1. That bit doesn't change at all.

Thanks! it's working now