Tolbar
Powered by Squarespace

Blog Roster 

  • Monday: Techtip
  • Tuesday: Gadget
  • Wednesday: Software
  • Thursday: Website
  • Friday: News
  • Saturday: Thoughts
  • Sunday - Future Tech

HomeCam - Live Streaming

Free live streaming by Ustream

David Field
David Field


Create your badge

Blog Directory 

blogarama - the blog directory

« Review: Reebok Laser Alloy 21-speed Full Suspension Cycle | Main | Review: Linux Softphones »
Tuesday, April 21, 2009 at 8:37 AM
8:37AM

Howto: Secure VNC over SSH to your mac.

DateTuesday, April 21, 2009 at 8:37AM

So, i can't run NXServer on my mac, but it turns out a little SSH magic, on the Mac, is the same as SSH on Linux, (doh!) so these are the instructions i need.

http://www.gontztechnologyservices.com/tips-and-instructions/mac-os-x/tunneling-vnc-over-ssh-on-mac-os-x.html

 

The first step is to download and install the VNC server. Assuming that you've downloaded Vine Server (OSXvnc), open the disk image and drag Vine Server to your Applications folder. It is now time for configuration!

When you first open OSXvnc, you will prompted to enter a VNC password. Enter a password and click on done. (Vine Server 3.0):

Then in Vine Server 3.0 the default display number will be 0 and the port number will be 5900, which are both fine. However, for added security you should go to the Vine Server menu and click on Preferences... Then put a check in the box next to Require Remote Login (SSH) by clicking on it.

Also, by default the VNC server is only starts when when you launch the Vine Server application. If you would like to have the VNC load at boot time then click on the Startup button (still in Vine Server Preferences) and click on System Server...

After making changes to either of these items you will need to restart the server by clicking on Restart Server

Once we have our VNC server configured, it's time to make sure that SSH is set up. Open System Preferences, then click on "Sharing." Make sure that "Remote Login" is enabled.

At this point, we need to make sure that your network is accepting incoming connections on port 22 (because we are tunneling VNC over SSH, which uses port 22). If your computer is directly connected to the internet, then all that you need to know is what your IP address is. If you are unsure of it, try going to Whatismyip.com. If you are on a home network with a NAT router (ie Linksys, Airport, Dlink products), then go to your router's configuration page, and make sure that port 22 TCP is set to be forwarded to whatever the IP of your machine is (you can get this from System Preferences > Network). You then need to find out what your IP address is to the outside world, which again, can be found with Whatismyip.com.

It is now time to set up a client. I will show how to connect from another Mac, but there are clients out there to let you connect from Palm Pilots, Windows CE devices, Windows, and more. I can recommend that if you are connecting from a Windows machine that you use PuTTY to make your SSH connection, and the VNC client from RealVNC.

To start the SSH connection you need to firs open Terminal. (It is inside of the Utilities folder which is inside of the Applications folder. At the terminal command line type the following:

ssh <your username on the remote machine>@<IP address or domain name of the VNC server> -L 5900/127.0.0.1/5900


*Note: If you have never connected to this server before with SSH, then you will be prompted to remember the RSA fingerprint. Just type "yes". (*note*: This may create a security hole, since the RSA fingerprint may be that of another computer, trying to play a "man in the middle" attack. You should be warry of this, though you will be safe unless someone is trying to hack your connection at that exact time.) When prompted, enter your user password. If you login successfully, you will be prompted with a shell on the remote machine. You can minimize this window now; we won't actually be using the shell.

Also, for those of you who need to understand what everything does, the -L 5900:127.0.0.1:5900 : Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. Here you are using port 5900 on the localhost to be forward to <IP address or domain name of the VNC server> on the 5900 port.

Open Chicken of the VNC or whatever VNC client you have decided to use. Type 127.0.0.1 for the Host or Server (In chicken of the VNC you would type 127.0.0.1 in the Host box.) If you have a box / field labeled Display you would enter 0 if you set up the VNC server on port 5900, or 1 for 5901, 2 for 5902, etc. Then in the password box / field type the password that you entered when setting up your VNC server. You may also have options for color depth, which is how many different colors will be displayed on the screen and there may be an option for Fullscreen display. I recommend setting the depth to be lower than server depth, since it will use less bandwidth. Click on OK or Connect (Chicken of the VNC) and you should now be connected!

To disconnect, just close the VNC window and quit your VNC client, and then type "exit" in the terminal that you used to make the SSH connection.

*Note: If you did select Fullscreen display when using Chicken of the VNC you can exit full screen without breaking your connenction by using the following keyboard combination: [CTRL] + [alt/option] + [Apple/Command] + [`]

(That is, while holding down the COMMAND, OPTION, and CONTROL keys, hit the back-tick key (the key to the left of the number 1 key.))

 

AuthorDavid Field | Comments Off |

PrintView Printer Friendly Version

EmailEmail Article to Friend