Sometimes it is useful to manage a Linux server remotely using VNC. A simple and secure method for doing so is to tunnel the VNC connection using Secure Shell. The following instructions have been tested on Redhat Enterprise Linux 5 AS.
On the server side:
First, we need to ensure the vncserver is actually running. SSH to the server or logon at the console as your regular user account. No root privileges are necessary. Once logged in, just type vncserver. You should see something like this:
[bm@app3 ~]$ vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: creating new authority file /home/bm/.Xauthority
New 'app3.domain.com:1 (app3)' desktop is app3.domain.com:1
Creating default startup script /home/bm/.vnc/xstartup
Starting applications specified in /home/bm/.vnc/xstartup
Log file is /home/bm/.vnc/app3.domain.com:1.log
If this is the first time you’ve run the application, you’ll be prompted to set a password for vnc clients, and it will also create default X Windows session configurations. You probably don’t want to use the defaults, so kill the current vnc server instance and edit those files.
[bm@app3 ~] vncserver -kill :1
Killing Xvnc process ID 29181
[bm@app3 ~]$ cat .vnc/xstartup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
Uncomment the lines in bold and then start vncserver again.
On the client side:
Open up a shell window (on your Linux/Mac OS X client) and configure your tunnel to forward the server’s VNC port (e.g., 5901/tcp) to your localhost. Please note that the VNC port range starts at 5900 and increases by screen number. For example, if you are trying to connect to myserver.domain.com:23 (i.e., screen 23), you will need to reference port 5923/tcp. For the purpose of this article, we’re assuming there is only one VNC instance running on the server, and the screen number is :1.
client:~ user$ ssh remoteserver.domain.com -L 5901/127.0.0.1/5901
Now, use your VNC client to connect to localhost:1 or localhost port:5901.
There are several good VNC clients for Mac OS X and Windows, and most distributions of Linux already have VNC installed.
Free VNC Applications:
- TightVNC(multi-platform)
- Chicken of the VNC(Mac OS X)
I have to say, SSH was the best thing they ever came out with. You can’t beat its security nor its reliabilty.