VNC is not secure and is unencrypted, so connecting over LAN or internet to VNC server is not the brightest idea. Better idea is to access VNC through SSH tunnel.
This tutorial assumes you have SSH Server and VNC Server installed and set on the server you want to connect to.
If you don’t have SSH server set, here is the tutorial – https://www.informaticar.net/how-to-install-ssh-server-on-centos-rhel/
If you don’t have VNC server set, here is another one – https://www.informaticar.net/how-to-install-vnc-server-on-centos-rhel/
Windows & Putty
First, we will go through Windows setup and use Putty and VNC viewer.
Remote server which we want to VNC into is on IP address 10.20.10.2
Open Putty
We will first setup SSH in Putty.
On Session category, choose SSH as connection type, in Host Name enter address of remote server (in my case 10.20.10.2) and port 22 (or different if you defined different SSH port)
Also, you can type a name into Saved Sessions and Save it for future use.
Now, under Category on the left side, choose Connection, SSH and click on Tunnels
Under source port enter 5901
Under Destination enter Remote IP address of VNC server you wish to connect to, and VNC port opened on it. In my case it is 10.20.10.2:5901
(VNC covers range of ports, so be sure to know to which VNC port you are connecting)
Click on Add, and its settings should appear in the box above the fields where we entered data. You can also go back to the Session and click on Save again to also save these changes.
As I mentioned, return to Session screen in Putty, save these additional changes and click on Open
Console Window will open and ask for credentials of the machine you are connecting to.
If everything went ok, you should be looking at the screen like the one above.
Connect to VNC session – Windows
Now, we have established SSH connection to remote server. Now, let’s connect to VNC
I’m using VNC viewer from RealVNC
In the address bar you should enter localhost:5901 and confirm with Enter
Why not IP address or name of the VNC server we are connecting to?
Because we are now tunneling port 5901, and SSH will forward that port from local machine to remote VNC machine we want to connect to. We defined it in tunnels section of Putty.
If you did everything ok, you will be prompted for VNC password: Enter it, and confirm with OK
It works ?
You can test your VNC connection as localhost:5901 without SSH tunnel, of course, it should not work.
Connect to VNC – Linux
I will cover Ubuntu, but more or less it is same for many distros. Open terminal and enter following command:
ssh -L 5901:localhost:5901 -N -f -l informaticar 10.20.10.2-L specifies local port that is forwarded to the given host and port on remote side.
-N just forward ports, do not execute
-f ssh will go to the background so you can use terminal
-l root – user to log into remote machine
10.20.10.2 – change with the remote IP of the server you want to connect to.
Now, after we established connection, we will start TigerVNC Viewer on Ubuntu, if you don’t have it installed, there is installation in Ubuntu Store
Start it and in VNC server window enter:
Localhost:5901Press Connect
You will be asked for password of remote VNC user
If everything went ok you will be connected
The -f switch dillema
Now, with the ssh command we used switch -f which means our ssh session is hidden. To terminate it properly, either don’t use -f switch so it will be easier, or if you used -f switch, after you are done with VNC and SSH enter following command
sudo killall ssh
That is it, we now know how to securely connect to VNC both on Windows and Linux machine.