LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-26-2005, 05:39 AM   #1
ieuuk
Member
 
Registered: Aug 2004
Location: England, United kingdom
Distribution: Fedora 10 + Cent OS 5.3
Posts: 65

Rep: Reputation: 15
vnc over ssh


Hey, i have been trying to do vnc over ssh for ages but i cannot get it to work. Has anybody got any good how-to's on how to do it. or any advice etc.

thanks in advance
 
Old 01-26-2005, 05:48 AM   #2
theYinYeti
Senior Member
 
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897

Rep: Reputation: 66
I'm just guessing, but I would do like that, assuming a vncserver is running @server, in a xterm:
Code:
user@client$ xhost +
user@client$ ssh -X user@server
user@server$ vncviewer
This is just the rought idea. You have to give vncviewer adequate parameters. You have to enable X forwarding in your global ssh settings. And you can make the whole thing more secure by fine-tuning xhost, instead of simply disabling security (xhost +).

Yves.
 
Old 01-26-2005, 09:01 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
What YinYeti describes is X forwarding, which is a different beast than running VNC over an ssh tunnel. Both work, but X forwarding requires that you have an X server running on the remote machine, whereas VNC over a tunnel needs a VNC client.

The first step in getting this to work is getting the vncserver up and running. When you do this, you need to take note of what screen it is running on. Most of the time it is :1, but not always. One you know this, you need to set up your port forwarding through SSH. The port that the VNC server is listenting to is 5900 plus the number of the screen. So if vncserver is running on screen 1, the port is is listening to is 5901 (5900 + 1). If vncserver is on screen to, then the proper port is 5902 (5900 + 2) and so on.

OK, now to get ssh runnign with a tunnel you need to use the -L flag and list the ports like this

ssh -L 5901 1.2.3.4:5901
Be sure that 1.2.3.4 is replaced by the IP address of the computer running vncserver. Actually, have a look at man ssh since I'm not sure I have that syntax correct.

Once you have the tunnel set up, then run vncviewer and connect to localhost:screennumber. So if vncserver is running on screen 1, the command would be

vncviewer localhost:1

That should get vnc working over an ssh tunnel
 
Old 01-26-2005, 10:16 AM   #4
theYinYeti
Senior Member
 
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897

Rep: Reputation: 66
Hangdog42's method is the good one. You can do this. Yet, I want to do a small correction:
What I propose indeed relies on X forwarding, but does *not* require that you have an X server running on the remote machine.

Basically, vncviewer needs a X server to run on. So you have to have a X server running on your *local* machine.
Next, you run ssh with X forwarding, which means that a "proxy" X server is running on the remote machine; but this is not a real X server; it is a X "API" listening on DISPLAY=remote:10.0, that is managed by ssh and forwards all calls made to it to DISPLAY=local:0.0.
So when you remotely run vncviewer (on display localhost:10.0 for vncserver localhost:1), vncviewer is actually displayed on DISPLAY=local:0.0.

Yves.
 
Old 01-26-2005, 10:55 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
Basically, vncviewer needs a X server to run on. So you have to have a X server running on your *local* machine.
Actually that isn't true. All vncviewer needs is a connection to a vncserver and vncserver needs either X (if running on *nix) or the Windows environment (if it is running on Windows). Vncviewer only needs X if it is running on a *nix box, and then only because it is a graphical program. The Windows version of vncviewer runs just fine without X installed, it just uses the normal Windows environment.


You seem to be confusing the requriments for X forwarding with the requirements for VNC.
 
Old 01-26-2005, 11:57 AM   #6
ieuuk
Member
 
Registered: Aug 2004
Location: England, United kingdom
Distribution: Fedora 10 + Cent OS 5.3
Posts: 65

Original Poster
Rep: Reputation: 15
thanks for the response - i should have made it more clear. i am trying to connect from a windows xp machine using putty and real vnc viewer to a fedore core 3 box running vncserver.

when i am inside the network i can access the box just by linking the vncview to the server.

but i want to be able to get to it over the internet. when i try and connect to it with all the port forwarding i try to connect the vncviewer to the server and it sits and waits for a bit and then says that the connection timed out.
 
Old 01-26-2005, 12:11 PM   #7
theYinYeti
Senior Member
 
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897

Rep: Reputation: 66
Quote:
Originally posted by Hangdog42
Vncviewer only needs X if it is running on a *nix box, and then only because it is a graphical program. The Windows version of vncviewer runs just fine without X installed, it just uses the normal Windows environment.
You seem to be confusing the requriments for X forwarding with the requirements for VNC.
All True.
I don't get things confused It's just that I assumed, that both client and servers were Unix/Linux, thus allowing remote X.

Yves.
 
Old 01-26-2005, 03:27 PM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
Originally posted by ieuuk
thanks for the response - i should have made it more clear. i am trying to connect from a windows xp machine using putty and real vnc viewer to a fedore core 3 box running vncserver.

when i am inside the network i can access the box just by linking the vncview to the server.

but i want to be able to get to it over the internet. when i try and connect to it with all the port forwarding i try to connect the vncviewer to the server and it sits and waits for a bit and then says that the connection timed out.
AH, that is actually pretty easy. First, make sure your router forwards port 22 to your linux box (if you have a router that is). Since VNC is horribly insecure, you don't want to connect directly to the vncserver over the internet. Second, fire up Putty. In the main screen, you should enter your WAN IP (the one you get from your ISP) in the Host Name box. Then click on Tunnels in the tree on the left. At the bottom of that screen is the Add new forwarded port section. In the Source port box you want to enter the port you will forward (5901 if you are running vncserver on screen :1) and in the Destination box you want to enter the IP address and port you want to forward to. In this case you would use something like 1.2.3.4:5901 only replace the 1.2.3.4 with the IP address of the vncserver box. Now this is important if you are using a router. The IP address you use in the destination box is the LAN IP address. For example, my vncserver has the static IP address of 192.168.1.90 so the destination box has 192.168.1.90:5901. You use the LAN IP address here even if it isn't a routable address. When you are done entering information, click on the Add button and you'll see the information in the box above.

Once you have that entered, go back to the Session screen, save, and then start the SSH session. Once that is connected, start vncviewer and connect to localhost:1. That should get the VNC connection going over the SSH tunnel.


Quote:
I don't get things confused It's just that I assumed, that both client and servers were Unix/Linux, thus allowing remote X.
OK, in which case you are absolutely correct.
 
Old 01-26-2005, 03:39 PM   #9
ieuuk
Member
 
Registered: Aug 2004
Location: England, United kingdom
Distribution: Fedora 10 + Cent OS 5.3
Posts: 65

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by Hangdog42
AH, that is actually pretty easy. First, make sure your router forwards port 22 to your linux box (if you have a router that is). Since VNC is horribly insecure, you don't want to connect directly to the vncserver over the internet. Second, fire up Putty. In the main screen, you should enter your WAN IP (the one you get from your ISP) in the Host Name box. Then click on Tunnels in the tree on the left. At the bottom of that screen is the Add new forwarded port section. In the Source port box you want to enter the port you will forward (5901 if you are running vncserver on screen :1) and in the Destination box you want to enter the IP address and port you want to forward to. In this case you would use something like 1.2.3.4:5901 only replace the 1.2.3.4 with the IP address of the vncserver box. Now this is important if you are using a router. The IP address you use in the destination box is the LAN IP address. For example, my vncserver has the static IP address of 192.168.1.90 so the destination box has 192.168.1.90:5901. You use the LAN IP address here even if it isn't a routable address. When you are done entering information, click on the Add button and you'll see the information in the box above.

Once you have that entered, go back to the Session screen, save, and then start the SSH session. Once that is connected, start vncviewer and connect to localhost:1. That should get the VNC connection going over the SSH tunnel.




OK, in which case you are absolutely correct.
wooooooooooooooooooooooooooooooooooooo thankyou soooo much - i now have it working. i have been trying for months to get this to work. it was the ip bit i was getting wrong.
 
Old 01-26-2005, 04:43 PM   #10
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Yeah, I've still got a bald spot from pulling my hair out over the correct IP address to use. Congrats!
 
Old 01-26-2005, 04:53 PM   #11
ieuuk
Member
 
Registered: Aug 2004
Location: England, United kingdom
Distribution: Fedora 10 + Cent OS 5.3
Posts: 65

Original Poster
Rep: Reputation: 15
thanks... something so simple but so hard to work out
 
Old 02-01-2005, 08:42 AM   #12
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 15
With a similar setup how do you do the same thing in reverse:

MS Windows XP client+VNC server &VNC viewer------>Firewall------>Internet---->Router(forwarding port 22)--->Linux Server+SSH server+VNC Client and Server
At the moment I can connect from the MS Win XP client(at work) to my home box and use VNC but I would also like to connect from home(using the Linux machine) to my work PC running windows XP.
At the moment I have the VNC server running on the XP machine, I started putty with the tunnel R5900 localhost:5900
Is that enough for me to connect to my work PC through the SSH tunnel.
PS: I can not ssh to my work PC as I can not open any ports in the firewall. I just plan on leaving my work PC(client) connected to my home Server.
 
Old 02-01-2005, 11:32 AM   #13
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
Is that enough for me to connect to my work PC through the SSH tunnel.
I don't believe that Putty can act as an ssh server, only as a client, which means that you're probably not going to be able to access the XP machine. You'll have to investigate Windows based ssh servers.
 
Old 02-01-2005, 12:37 PM   #14
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 15
What I meant was if I leave the windows machine connected to my Linux machine, I then go home and use the already estabilished tunnel from my linux machine? Is that doable and how?
 
Old 02-01-2005, 03:48 PM   #15
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I understood what you meant, I just don't think it is going to work. However, I also wouldn't be surprised to be proven wrong.

If it is going to work, it would be pretty much the same way you do it now. From the linux box you would connect vncclient to localhost:0 or localhost:1. You just need to know which screen vncserver is running on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh with vnc Dillius Linux - Security 1 03-11-2005 05:53 PM
VNC over SSH or ????? alirezan1 Mandriva 2 01-04-2005 11:55 AM
vnc with ssh lawkh Linux - Newbie 1 02-10-2004 02:12 AM
ssh and VNC linuxnube Linux - Security 4 01-28-2004 11:12 PM
how to use vnc with ssh ? norikage Mandriva 9 08-30-2003 01:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration