Using VNC with SSH
How to setup and use vnc with an ssh tunnel.


SAN/Fabric Links:

Brocade/McData Cisco (san) QLogic


Storage Links:

EMC HDS IBM NetApp 3Par Xiotech

set up and use vnc with ssh tunnel
setting up and using vnc with an ssh tunnel:


Basic Configuration

 

Configure PuTTY


Start PuTTY - In the Session section in the left most window pane, put in the name of the host for the machine you wish to connect to (e.g. canubelievedickcheney@badrepublicans.com), and make sure the SSH radio button is selected.


Then, click the SSH section in the left-most pane, select the Tunnels sub-category. Type in a source port of 5901 and a destination port of localhost:5901. Click the Add button.


Return to the Session section (by clicking on it). In the Saved Sessions box type a name for your session, such as "badrepublicans.com". Click Save.


Click Open now. SSH will ask for your username and password. Once you are logged in, start the vncserver.


Start the vncserver on the remote machine:

# vncserver


Note: The first time you run vncserver on a machine it will ask you for a new password and to confirm it. This will be your VNC password.


If you forget your vncserver password, you can remove your ~/.vnc directory to cause vncserver to ask you for a new password, like this:


#rm -rf ~/.vnc


Note the desktop or Display number, in this case it is 1 badrepublicans.com:1


Start VNC Viewer and connect


Start VNC Viewer - In the Server box enter: localhost:1 Click OK.


To Shut Down vncserver When You are Done


You can shut down the vncserver when you are done by typing this command in your ssh window:


#vncserver -kill :1


To Make an SSH Tunnel


In a terminal window use the following command to connect to a remote machine and create an SSH tunnel for use with VNC:

# ssh -L5901:127.0.0.1:5901 -C username@host.name.com



Linux Client Instructions


Make an SSH Tunnel


In a terminal window use the following command to connect to a remote machine and create an SSH tunnel for use with VNC:

# ssh -L5901:127.0.0.1:5901 -C username@host.name.com

Start vncserver on the remote machine:

# vncserver

Automatically start up applications


specify applications in ~<myhome>/.vnc/xstartup


Starting vncviewer on client


On your client, start vncviewer, point it to localhost:

# vncviewer localhost:5901:1


Shutting down the vncserver when done


You can shut down the vncserver when you are done by typing this command in the ssh terminal window:

#vncserver -kill :1


Reversing SSH Connections for VNC
There are several reasons for reversing an SSH connection - or to set up an ssh tunnel through a firewall. You might want to punch a hole through a firewall to an external computer. You might only be able to VPN in, but you want to send an encrypted terminal to another box. Or you might want to export a VNC session from your computer behind the firewall to another computer that is not VPN connected to your network. You can also use this for NAT translations.

There are 3 machines in this scenario:
A host computer which is sitting behind a firewall or NAT translation. This is the server you want to access.
A client computer that you want connectivity to the host with.
An access computer that you can connect to the host computer from -- either the host itself, or a VPN'd box.

We will set up a Reverse SSH connection FROM the Host to the Client.

to set up a Reverse SSH connection and forward a VNC session on display #51 (:51):
vpn/ssh to your host computer that is running VNC

ssh -R 5951:localhost:5951 client_computer.to_view_from.com

then on your client computer, run:
vncviewer localhost :51

If your vnc server was running on :1, you would use the following:
ssh -R 5901:localhost:5901 client_computer.to_view_from.com

You can also use this to connect an SSH tunnel between other computers. Handy if your primary box is a linux/mac and your access/vpn box happens to be a Windows box.
ssh -R 3000:localhost:22 client_computer.not_vpnd.net

then from your client computer:
ssh localhost:3000

you'll be sitting on the the server now, from your client computer. Be aware that if you do this multiple times from multiple different machines, you will cache a different key for each in ~/.ssh/authorized_keys. You may have to edit that file and remove the offending entry. If you don't, you might get this error message:
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.


Info to modify IPTables if you need to connect directly to server with vnc
Also how to modify apache port so httpd works:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# RSG (090502) -> added line below in order to allow vncserver to work correctly
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 5901:5902 -j ACCEPT
# RSG (090503) -> added line below in order to allow apache port 80 to work correctly
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT