Frequently I need to access my LinuxMCE machine over VNC, due to different reasons (when I am not home, when my Wii Remote batteries died, etc..). Usually SSH solves most of my needs, but sometimes it is very nice to control my linuxMCE box over VNC.
Here I will show you several very easy steps on how to configure your server/client to be able to tunnel VNC traffic through SSH, and be able to control your server in the GUI way 🙂 This approach will work on most systems (not LinuxMCE specific) although here I chose Ubuntu as an “example OS”.
Before we begin, I would assume that:
- The server already has ssh server installed, if not:
sudo apt-get install openssh-server
- If connecting from the outside (like from work to home box), your router’s firewall forwards port 22 to your server’s IP
Here is how it is done:
Server Side Configuration
1. Installing VNC server, here I chose to install x11vnc, but it could be pretty much any VNC server of your choice (TightVNC, etc..):
sudo apt-get install x11vnc
2. Now let’s finish 🙂 our server configuration by running the VNC server:
by default it is going to run without a password, and on port 5900
Client Side Configuration
1. In order to connect to the VNC server, we need to have a VNC viewer installed:
sudo apt-get install xvncviewer
* again, it can be pretty much any VNC viewer of your choice
2. Now the most interesting part of this whole process – enter this command:
ssh -L 5900:127.0.0.1:5900 firstname.lastname@example.org
this tells your system to tunnel all the traffic from the port 5900 on “yourserver.com” to the local (client’s) port 5900 via SSH. Simple, and yet very powerful – a “magic one-liner” 🙂
3. Fire up another shell on the client side and enter:
do you see a cute colorful square screen? Do you recognize your server’s Desktop?
P.S. For LinuxMCE specifically, you should also add a couple firewall rules:
– Go to the LinuxMCE web admin
– From the upper menu, go to “Advanced -> Network -> Firewall rules”
add this three rules:
tcp 5900 to 5900 5900 192.168.80.1 port_forward tcp 5900 to 5900 0 0 core_input tcp 22 to 22 0 0 core_input
– The first rule allows external network (Internet) to access the VNC server on the Core (LinuxMCE server)
– The second rule allows anybody inside the home network ( since it is not wise to open 5900 port on your router to the whole world ) to have their 5900 port to be forwarded to the Core.
– The third rule (I think you already have it) allows anybody to access LinuxMCE server via port 22 (SSH)
Be careful about the rules above, as I assume that your LinuxMCE server is behind another firewall, cause you really do not want to open 5900 port to the public