![]() # Let's examine what all these parameters do: Ssh -L 5901:localhost:5901 -Nf Enter your password at the prompt and the tunnel will be established. # Since most Linux distributions already have SSH installed, establishing the tunnel is as simple as executing this command in a terminal (Just be sure to change "vncuser" to your own username and "168.144.1.1" to your server's IP address): Now in your VNC client you can connect to localhost:5901 and this will tunnel over SSH to your VNC server listening on localhost. Leave the SSH window open to maintain your tunnel. # Click on Open and login with the username you created when intially setting up the VNC server. Now when you open PuTTY again, you can select the session and click the Load button to quickly open your configuration. To do that, under Saved Sessions, give your session a name such as "VNC Tunnel" and click Save. It would be a good idea to save this session, so you won't need to configure the tunnel again. In the Host Name field, enter your server's IP address or host name. # Use the Category menu and go all the way back to the top and click on Session. # Click the Add button and you should see an entry like this in the Forwarded ports list: In the Source port field put 5901 and in the Destination field put localhost:5901 so that your window looks like below: # Open up PuTTY and using the Category menu, navigate to Connection -> SSH -> Tunnels. The industry standard is called PuTTY, which can be downloaded using this link: ![]() ![]() Since Windows doesn't come with a pre-installed SSH client, we'll need to download one. That's it for our updated server configuration! # Save the file and restart your server using this command: VNCSERVERARGS="-geometry 1024x768 -localhost" The line should look something like this when done: # Edit the VNCSERVERARGS line for each VNC desktop you have configured, adding the -localhost parameter. # If on Debian or Ubuntu open up your config file using nano: # If on CentOS open up your config file using nano: This is easily done by editing our VNC server configuration and restarting the VNC server. We will make our VNC server listen only on localhost so that it is not internet accessible. All comments in this article will be preceded by a hash tag (#).Ĭonfiguring your VNC server to listen only on localhost If you've configured your VNC for multiple users/desktops, you may need to change this port. ![]() For simplicity we will be using port 5901 which corresponds to the first desktop server running. NOTE: This guide assumes you set up your VNC server using one of the GNOME or LXDE guides also included in this knowledge base. Doing this is very easy to do and requires minimal server configuration. Due to this we'll want to secure our VNC connection by tunneling it over an encrypted SSH session. Now why would we go to the trouble to do this? The answer is simple: VNC traffic is all sent in plain-text and is not secure by its own. In this guide, you will learn how to tunnel your VNC connection over SSH. How to Secure your VNC by Tunneling over SSH ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |