Connecting to Linux using VNC from a Mac
VNC allows you to remotely start a desktop environment on a computer, and interact with that desktop from your local machine. Unfortunately, VNC doesn’t have built-in encryption, which means that all information sent through VNC can be caught by dubious third parties. One solution to this problem comes from utilizing ssh (The Secure Shell) to encrypt the traffic between you and your remote host.
This tutorial will cover the basics of starting a VNC server, wrapping it in ssh, and connecting to your remote desktop securely. In the following examples we will be connecting to eve.ece.pdx.edu using display 44, which means my port number will be 5944 (VNC port numbers are equal to 5900 plus the display number). Where ever eve.ece.pdx.edu is mentioned, one could also use any Ubuntu or Redhat/Centos Linux machine in MCECS.
Step 1 – Starting the VNC Server on the remote computer
Before we can connect to the remote desktop, we need to start the VNC server on the remote machine. In order to do this, ssh in to the machine where you’ll be accessing the remote desktop. In a terminal, run the following command:
This will start the VNC server on the machine and tell it to only accept connections from the localhost, which is to say from users logged into the machine hosting the VNC server. You will be prompted for a password to log you into your VNC session (This is _not_ like logging in with your MCECS account. This password is arbitrarily chosen by you. It is _strongly_ advised that you not use your MCECS account password here!)
NOTE: This password must be under 8 characters!
It will also ask if you want to assign a view-only password. This would be a password you would give to someone if you wanted them to observe your VNC session without being able to interact the desktop. Afterwards, you should receive some output that looks like this:
New 'X' desktop is eve.ece.pdx.edu:44 Starting applications specified in /u/cecsuser/.vnc/xstartup Log file is /u/cecsuser/.vnc/eve.ece.pdx.edu:44.log
NOTE: The display number is where your VNC session funneling your desktop. My server was started on display number 44, as it was the next display available. In theory, the display number can be anywhere from 1 to 9999, and you can manually choose a display granting that it’s not already in use. (for reference, :0 is considered the root display, for displays physically connected to the machine).
Troubleshooting: If you have forgotten your vnc password, or wish to change it use the vncpasswd command. It will prompt you for a new vncpassword and immediately change the vncpassword.
Step 2 – Creating the SSH Tunnel from your computer
Now that we have the VNC server running, we need to create the ssh tunnel from your local machine to the remote host. Log out of your ssh session (don’t worry about vncserver dying when you quit, it’s backgrounded) and reconnect to the same machine with the following commands in a terminal window:
ssh firstname.lastname@example.org -L 5944:localhost:5944
Where cecsuser would be replaced with your MCECS account username.
NOTE: The syntax -L 5944:localhost:5944 is what is responsible for creating the ssh tunnel VNC will be using between your local host and the remote host. In essence, what it’s saying is take everything that is being sent through the remote computer’s port 5944 (the second number) and funnel it into the local computer’s port 5944 (the first number). We’re using the same two numbers here for simplicity’s sake, but as above you can specify the port on the local computer (any number between 1024 and 65535).
Step 3 – Connecting to Linux with VNC
To connect to the VNC session we setup, follow these steps. First, click on the “Go” menu and choose connect to server.
MacOS has a VNC Viewer already built into it. For the Server Address, type vnc://localhost:5944 where 5944 was the port we forwarded above.
If you set up a password for your VNC session (and you should!) it will prompt you to enter it now.
Remember again, this password should be under 8 characters!
That’s it! You are now connected to a Linux machine via VNC.