"; */ ?>

Forward VNC through SSH

linuxmce screenshotFrequently I need to access my LinuxMCE machine over VNC, due to different reasons (when I am not home, when my Wii Remote batteries died, etc..). Usually SSH solves most of my needs, but sometimes it is very nice to control my linuxMCE box over VNC.

Here I will show you several very easy steps on how to configure your server/client to be able to tunnel VNC traffic through SSH, and be able to control your server in the GUI way :) This approach will work on most systems (not LinuxMCE specific) although here I chose Ubuntu as an “example OS”.

Before we begin, I would assume that:

  • The server already has ssh server installed, if not:
    sudo apt-get install openssh-server
  • If connecting from the outside (like from work to home box), your router’s firewall forwards port 22 to your server’s IP

Here is how it is done:

Server Side Configuration

1. Installing VNC server, here I chose to install x11vnc, but it could be pretty much any VNC server of your choice (TightVNC, etc..):

sudo apt-get install x11vnc

2. Now let’s finish :) our server configuration by running the VNC server:

x11vnc

by default it is going to run without a password, and on port 5900

Client Side Configuration

1. In order to connect to the VNC server, we need to have a VNC viewer installed:

sudo apt-get install xvncviewer

* again, it can be pretty much any VNC viewer of your choice

2. Now the most interesting part of this whole process – enter this command:

ssh -L 5900:127.0.0.1:5900 yourusername@yourserver.com

this tells your system to tunnel all the traffic from the port 5900 on “yourserver.com” to the local (client’s) port 5900 via SSH. Simple, and yet very powerful – a “magic one-liner” :)

3. Fire up another shell on the client side and enter:

xvncviewer 127.0.0.1

do you see a cute colorful square screen? Do you recognize your server’s Desktop?

Done :)


P.S. For LinuxMCE specifically, you should also add a couple firewall rules:

– Go to the LinuxMCE web admin
– From the upper menu, go to “Advanced -> Network -> Firewall rules”

add this three rules:

tcp  	5900 to 5900  	5900  	192.168.80.1             port_forward
tcp 	5900 to 5900 	0 	0                        core_input
tcp  	22 to 22  	0  	0                        core_input

– The first rule allows external network (Internet) to access the VNC server on the Core (LinuxMCE server)
– The second rule allows anybody inside the home network ( since it is not wise to open 5900 port on your router to the whole world ) to have their 5900 port to be forwarded to the Core.
– The third rule (I think you already have it) allows anybody to access LinuxMCE server via port 22 (SSH)

Be careful about the rules above, as I assume that your LinuxMCE server is behind another firewall, cause you really do not want to open 5900 port to the public