VNC allows you to remotely start a desktop environment on a computer, and interact with that desktop from your local machine. Unforunately, VNC doesn't have built-in encryption, which means that all information sent through VNC can be caught by dubious third parties. One solution to this problem comes from utilizing ssh (The Secure Shell) to encrypt the traffic between you and your remote host. This tutorial will cover the basics of starting a VNC server, wrapping it in ssh, and connecting to your remote desktop securely. In the following examples I will be connecting to nemo.ece.pdx.edu using display 44, which means my port number will be 5944 (VNC port numbers are equal to 5900 plus the display number).

Preliminaries

Starting the Server

Before we can connect to the remote desktop, we need to start the VNC server on the remote machine. In order to do this, ssh in to the machine where you'll be accessing the remote desktop. In a terminal, run the following command:

    vncserver -localhost

This will start the VNC server on the machine and tell it to only accept connections from the localhost, which is to say from users logged into the machine hosting the VNC server. You will be prompted for a password to log you into your VNC session (This is _not_ like logging in with your MCECS account. This password is arbitrarily chosen by you. It is _strongly_ advised that you not use your MCECS account password here!) It will also ask if you want to assign a view-only password. This would be a password you would give to someone if you wanted them to observe your VNC session without being able to interact the desktop. Afterwards, you should receive some output that looks like this:

    New 'X' desktop is nemo.ece.pdx.edu:44

    Starting applications specified in /u/cecsuser/.vnc/xstartup
    Log file is /u/cecsuser/.vnc/nemo.ece.pdx.edu:44.log

NOTE: The display number is where your VNC session funneling your desktop. My server was started on display number 44 as it was the next display available. In theory, the display number can be anywhere from 1 to 9999, and you can manually choose a display granting that it's not already in use. (for reference, :0 is considered the root display, for displays physically connected to the machine).

Creating the SSH Tunnel in Linux

Now that we have the VNC server running, we need to create the ssh tunnel from your local machine to the remote host. Log out of your ssh session (don't worry about vncserver dying when you quit, it's backgrounded) and reconnect to the same machine with the following:

    ssh cecsuser@nemo.ece.pdx.edu -L 5944:localhost:5944

Where cecsuser would be replaced with your MCECS account username.

NOTE: The syntax -L 5944:localhost:5944 is what is responsible for creating the ssh tunnel VNC will be using between your local host and the remote host. In essence, what it's saying is take everything that is being sent through the remote computer's port 5944 (the second number) and funnel it into the local computer's port 5944 (the first number). We're using the same two numbers here for simplicity's sake, but as above you can specify the port on the local computer (any number between 1024 and 65535).

VNC with Vinagre (Linux GUI)

Vinagre is the default remote desktop viewer included with Ubuntu (as of version 10.10). To start Vinagre, you can either go to Applications->Internet->Remote Desktop Viewer, or open a run prompt (Alt+F2 by default) and type 'vinagre'.

Once you have Vinagre open, click Connect, and enter the information below:

If you entered a password for your VNC session (which you really should do!), you will be prompted for it now:

Finally, you can enjoy your remote desktop session! Since you have a tunnel to the remote machine starting from your port 5944 and ending at the remote machine's port 5944, which is used by VNC, Vinagre will treat the VNC session as if it's running locally.

You might have noticed the Bookmarks menu on the toolbar. It's true that you can save all of the details of the login into your VNC session, but it is important to remember that the port numbers will be saved statically. In particular, hosts with high traffic may not always have your preferred port number available, and starting vncserver without an argument will default to the next available port number. In order to edit the bookmark, you will have to open the side panel (under View->Side Panel or just F9), right-click the bookmark and select 'Edit Bookmark'.

VNC from the Linux CLI

There are a number of available commandline VNC viewers available, among them is a commandline version of Vinagre as well as xtightvncviewer, which is the counterpart to tightvncserver. To install xtightvncviewer in Ubuntu, type the following into a terminal:

    sudo apt-get install xtightvncviewer

To start the viewer, follow the steps under Preliminaries and then enter the following:

    vncviewer localhost:5944

You will be prompted for your VNC server password:

You'll notice that xtightvncviewer has a much more spartan interace than Vinagre. In order to affect setting in xvncviewer, hit F8 to bring up a menu:

NOTE: It is important to log out from inside your remote connection. If you close your VNC viewer without logging out, the VNC server will continue running on the remote host and use system resources. If you leave it for too long, it will eventually be forcibly killed by a system administrator and you will be notified via e-mail. Please be considerate of others and correctly terminate your VNC servers!