VNC allows you to remotely start a desktop environment on a computer, and interact with that desktop from your local machine. Unfortunately, VNC doesn’t have built-in encryption, which means that all information sent through VNC can be caught by dubious third parties. One solution to this problem comes from utilizing ssh (The Secure Shell) to encrypt the traffic between you and your remote host.

This tutorial will cover the basics of starting a VNC server, wrapping it in ssh, and connecting to your remote desktop securely. In the following examples we will be connecting to mo.ece.pdx.edu using display 44, which means my port number will be 5944 (VNC port numbers are equal to 5900 plus the display number). Where ever mo.ece.pdx.edu is mentioned, one could also use any Ubuntu or Redhat/Centos Linux machine in MCECS.

Before we can connect to the remote desktop, we need to start the VNC server on the remote machine. In order to do this, ssh in to the machine where you’ll be accessing the remote desktop. In a terminal, run the following command:

vncserver

This will start the VNC server on the machine and tell it to only accept connections from the localhost, which is to say from users logged into the machine hosting the VNC server. You will be prompted for a password to log you into your VNC session (This is _not_ like logging in with your MCECS account. This password is arbitrarily chosen by you. It is _strongly_ advised that you not use your MCECS account password here!)

NOTE: This password must be at least 6 characters long!

It will also ask if you want to assign a view-only password. This would be a password you would give to someone if you wanted them to observe your VNC session without being able to interact the desktop. Afterwards, you should receive some output that looks like this:

New 'X' desktop is mo.ece.pdx.edu:44

Starting applications specified in /u/cecsuser/.vnc/xstartup
Log file is /u/cecsuser/.vnc/mo.ece.pdx.edu:44.log

NOTE: The display number is where your VNC session funneling your desktop. My server was started on display number 44, as it was the next display available. In theory, the display number can be anywhere from 1 to 9999. (for reference, :0 is considered the root display, for displays physically connected to the machine).

Troubleshooting: If you have forgotten your vnc password, or wish to change it use the vncpasswd command. It will prompt you for a new vncpassword and immediately change the vncpassword.

Now that we have the VNC server running, we need to create the ssh tunnel from your local machine to the remote host. Log out of your ssh session (don’t worry about vncserver dying when you quit, it’s backgrounded) and reconnect to the same machine with the following commands in a terminal window:

ssh cecsuser@mo.ece.pdx.edu -L 5944:localhost:5944

Where cecsuser would be replaced with your MCECS account username.

NOTE: The syntax -L 5944:localhost:5944 is what is responsible for creating the ssh tunnel VNC will be using between your local host and the remote host. In essence, what it’s saying is take everything that is being sent through the remote computer’s port 5944 (the second number) and funnel it into the local computer’s port 5944 (the first number).

To connect to the VNC session we setup, follow these steps. First, click on the “Go” menu and choose connect to server.

MacOS has a VNC Viewer already built into it. For the Server Address, type vnc://localhost:5944 where 5944 was the port we forwarded above.

If you set up a password for your VNC session (and you should!) it will prompt you to enter it now.

Remember again, this password should be at least 6 characters!

That’s it! You are now connected to a Linux machine via VNC.