Frequently I need to access my LinuxMCE machine over VNC, due to different reasons (when I am not home, when my Wii Remote batteries died, etc..). Usually SSH solves most of my needs, but sometimes it is very nice to control my linuxMCE box over VNC.
Here I will show you several very easy steps on how to configure your server/client to be able to tunnel VNC traffic through SSH, and be able to control your server in the GUI way This approach will work on most systems (not LinuxMCE specific) although here I chose Ubuntu as an “example OS”.
Before we begin, I would assume that:
- The server already has ssh server installed, if not:
sudo apt-get install openssh-server
- If connecting from the outside (like from work to home box), your router’s firewall forwards port 22 to your server’s IP
Here is how it is done:
Server Side Configuration
1. Installing VNC server, here I chose to install x11vnc, but it could be pretty much any VNC server of your choice (TightVNC, etc..):
sudo apt-get install x11vnc
2. Now let’s finish our server configuration by running the VNC server:
by default it is going to run without a password, and on port 5900
Client Side Configuration
1. In order to connect to the VNC server, we need to have a VNC viewer installed:
sudo apt-get install xvncviewer
* again, it can be pretty much any VNC viewer of your choice
2. Now the most interesting part of this whole process – enter this command:
ssh -L 5900:127.0.0.1:5900 firstname.lastname@example.org
this tells your system to tunnel all the traffic from the port 5900 on “yourserver.com” to the local (client’s) port 5900 via SSH. Simple, and yet very powerful – a “magic one-liner”
3. Fire up another shell on the client side and enter:
do you see a cute colorful square screen? Do you recognize your server’s Desktop?
P.S. For LinuxMCE specifically, you should also add a couple firewall rules:
– Go to the LinuxMCE web admin
– From the upper menu, go to “Advanced -> Network -> Firewall rules”
add this three rules:
tcp 5900 to 5900 5900 192.168.80.1 port_forward tcp 5900 to 5900 0 0 core_input tcp 22 to 22 0 0 core_input
– The first rule allows external network (Internet) to access the VNC server on the Core (LinuxMCE server)
– The second rule allows anybody inside the home network ( since it is not wise to open 5900 port on your router to the whole world ) to have their 5900 port to be forwarded to the Core.
– The third rule (I think you already have it) allows anybody to access LinuxMCE server via port 22 (SSH)
Be careful about the rules above, as I assume that your LinuxMCE server is behind another firewall, cause you really do not want to open 5900 port to the public