Report a Problem:
Phone: 503-725-5420
Location: FAB 82-01
Home Students Fac/Staff CS Tutors Guidelines Windows Linux Mac Mail Network Software Web TheCAT Sitemap Contact
arrowHome arrow Windows arrow Remote Linux/UNIX Desktop Access with VNC Thursday, 30 March 2017  
Secure VNC from Windows Print
Written by Administrator   
Wednesday, 16 February 2011


NOTE: You must connect to the VPN before you can access the Redhat machines ( and

All remote access to those hosts requires the VPN. This includes SSH and VNC connections.
Read our Windows OpenVPN guide for how to connect to the VPN.

VNC allows you to remotely start a desktop environment on a computer, and interact with that desktop from your local machine. Unfortunately, VNC doesn't have built-in encryption, which means that all information sent through VNC can be caught by dubious third parties. One solution to this problem comes from utilizing ssh (The Secure Shell) to encrypt the traffic between you and your remote host. This tutorial will cover the basics of starting a VNC server, wrapping it in ssh, and connecting to your remote desktop securely. Wherever is, one could substitute


Important: In the following examples I will be connecting to using display 44, which means my port number will be 5944 (VNC port numbers are equal to 5900 plus the display number).


Starting the Server

Before we can connect to the remote desktop, we need to start the VNC server on the remote machine. In order to do this, open PuTTY and enter the remote host's address into the 'Host Name (or IP address)' field:


In a terminal, run the following command:

    vncserver -localhost

This will start the VNC server on the machine and tell it to only accept connections from the localhost, which is to say from users logged into the machine hosting the VNC server. You will be prompted for a password to log you into your VNC session (This is _not_ like logging in with your MCECS account. This password is arbitrarily chosen by you. It is _strongly_ advised that you not use your MCECS account password here!) It will also ask if you want to assign a view-only password. This would be a password you would give to someone if you wanted them to observe your VNC session without being able to interact the desktop. Afterwards, you should receive some output that looks like this:

    New 'X' desktop is
    Starting applications specified in /u/cecsuser/.vnc/xstartup     Log file is /u/cecsuser/.vnc/

Take note of the number given at the end of the hostname. In this case it is 44. This is the display number. You will use this later when connecting to your VNC server.

The display number is where your VNC session is funneling your desktop. My server was started on display number 44 as it was the next display available. In theory, the display number can be anywhere from 1 to 9999, and you can manually choose a display granting that it's not already in use. (for reference, :0 is considered the root display; that is, displays physically connected to the machine).

You may close this PuTTY window once you've noted the display number.

Creating the SSH Tunnel in Windows

Here we'll be using PuTTY again. Open a new PuTTY session and click on Connection->SSH->Tunnels, in the left pane. Let's say that 'XX' is the display number you got in the last step. In the 'Source Port' field, enter '59XX', and in the 'Destination' field, enter 'localhost:59XX'. Then click 'Add'.


Note: If your display number is greater than 99, simply add 5900 to it to get the correct port number. For example, for display number 101, the port will be 5900 + 101 = 6001.

After you click the Add button, the tunneling information will be added to PuTTY and should look like this:


Now connect to the remote host as usual by typing its name into the 'Host Name' field in the 'Session' menu of the sidebar, and then clicking 'Open'.

It is important that you now leave PuTTY running in the background because it will maintain your secure connection to the remote computer.

VNC in Windows

Here we will be using the Windows version of TightVNC.  If you're on a CECS lab machine, TightVNC Viewer can be found under Start->All Programs->General Applications.  Start up TightVNC Viewer and enter 'localhost:59XX'. (Use the same port that you forwarded in the previous step.)


A prompt will come up asking for your vncserver password:


After successfully authenticating, you should be at your remote desktop. Remember to log out from within the VNC session when you're done!


Common Issues

Problem: Your desktop looks flat and shows only a terminal window when you log in.

Solution: You have not edited your ~/.vnc/xstartup file to match the example in this document. To fix this problem, delete the plain default xstartup file by running `rm ~/.vnc/xstartup`. Then start the process again from the top, this time editing ~/.vnc/xstartup to exactly match the example in the first part of this tutorial.

Problem: Your password isn't working in TightVNC and when you run the`vncserver` command it isn't asking you for a new password to use.

Solution: You have an existing password file in your ~/.vnc directory, and you've probably forgotten what that password originally was. To delete it and get a clean slate, run `rm ~/.vnc/passwd`, and start the process again.

Problem: You are receiving the error "The connection was actively refused"

Solution: This can be caused by several issues, you should verify the following:

1.  You clicked the "Add" button after typing in the tunnel settings in PuTTY

2.  You specified the correct ports to PuTTY and in your config files

3.  That you have specified the correct machine name for the computer running the VNC server

4.  That you are connecting directly from your machine, through PuTTY to the remote machine where your VNC server is initiated.  

Last Updated ( Wednesday, 08 February 2017 )

©1999 - 2017 TheCAT