VNC allows you to remotely start a desktop environment on a computer, and interact with that desktop from your local machine. Unforunately, VNC doesn't have built-in encryption, which means that all information sent through VNC can be caught by dubious third parties. One solution to this problem comes from utilizing ssh (The Secure Shell) to encrypt the traffic between you and your remote host. This tutorial will cover the basics of starting a VNC server, wrapping it in ssh, and connecting to your remote desktop securely. In the following examples I will be connecting to nemo.ece.pdx.edu using display 44, which means my port number will be 5944 (VNC port numbers are equal to 5900 plus the display number).

The very first time you want to start VNC server on a linux or unix box such as fab01.cecs.pdx.edu or nemo.ece.pdx.edu, you will need to edit/create the VNC startup file so you will see more than a terminal upon connection.

VNC Startup File:

chmod u+x ~/.vnc/xstartup

Starting the Server

Before we can connect to the remote desktop, we need to start the VNC server on the remote machine. In order to do this, open PuTTY and enter the remote host's address into the 'Host Name (or IP address)' field:

In a terminal, run the following command:

    vncserver -localhost

This will start the VNC server on the machine and tell it to only accept connections from the localhost, which is to say from users logged into the machine hosting the VNC server. You will be prompted for a password to log you into your VNC session (This is _not_ like logging in with your MCECS account. This password is arbitrarily chosen by you. It is _strongly_ advised that you not use your MCECS account password here!) It will also ask if you want to assign a view-only password. This would be a password you would give to someone if you wanted them to observe your VNC session without being able to interact the desktop. Afterwards, you should receive some output that looks like this:

    New 'X' desktop is nemo.ece.pdx.edu:44

    Starting applications specified in /u/cecsuser/.vnc/xstartup
    Log file is /u/cecsuser/.vnc/nemo.ece.pdx.edu:44.log

Take note of the number given at the end of the hostname; in this case, 44. This is the display number. You will use this later when connecting to your VNC server.

NOTE: The display number is where your VNC session is funneling your desktop. My server was started on display number 44 as it was the next display available. In theory, the display number can be anywhere from 1 to 9999, and you can manually choose a display granting that it's not already in use. (for reference, :0 is considered the root display; that is, displays physically connected to the machine).

Creating the SSH Tunnel in Windows

Here we'll be using PuTTY for our ssh needs. Open PuTTY and click on Connection->SSH->Tunnels in the left pane. Enter '59XX' under the 'Source port' field and 'localhost:59XX' under the 'Destination' field, where XX is the display number that your VNC server gave you. Hit 'Add'.

NOTE: If your display number is greater than 99, simply add 5900+(Display Number) to get the correct port number. For example, for display number 101, the port will be 5900 + 101 = 6001.

After clicking the Add button, the tunneling information will be added to PuTTY and should look like this:

Now connect to the remote host and leave PuTTY running in the background.

VNC in Windows

Here we will be using the Windows version of TightVNC.  If you're on a CECS lab machine, TightVNC Viewer can be found under Start->All Programs->General Applications.  Start up TightVNC Viewer and enter 'localhost:59XX'. (Use the same port that you forwarded in the previous step.)

A prompt will come up asking for your vncserver password:

After successfully authenticating, you should be at your remote desktop. Remember to log out from within the VNC session when you're done!