Using VNC through a secure ssh tunnel
This document (7000593) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 10
Helpdesk or administrative systems need to be able to take remote control of client systems (SLED or SLES) through VNC but need to have the communication encrypted.
There is also another selection for Remote Administration in YaST but it does not allow a connection to display :0. It starts a session independent from the users so you do not see the users desktop. The Remote Desktop selection in the Control Center runs "vino" which is a vncserver equivalent that allows the connection to display :0 (what the user is viewing) on port 5900.
The client systems must also allow an ssh connection as we will use a ssh tunnel to secure the VNC communication. By default the firewall is turned on and ssh is blocked. Verify your firewall settings in YaST-->Security and Users-->Firewall. Add ssh to the allowed services if needed.
On the administrator system a ssh connection will need to be established to the remote system. From a terminal run the following command:
ssh -L 5900:127.0.0.2:5900 <user>@<remotesystem>
The -L port:host:port specifies that the given port on the local administrator host is to be forwarded to the given host and port on the remote side.
If port 5900 is already in use on the administrator system a different port could be used. For example, when vncviewer is run for display :1 it will attempt to connect to port 5901 rather than 5900 (vncviewer host:1). The command to setup the local port 5901 to route to 5900 on the remote system would look like this:
ssh -L 5901:127.0.0.2:5900 <user>@<remotesystem>
Once this connection is established you can switch to another terminal and startup the vncviewer with the following command:
The ":0" would use port 5900. Just change it to a ":1" to use 5901 as indicated in the second ssh example. The port number will follow the display indicated (5900+display).
A normal VNC connection should be established to the remote system. Once the VNC connection is terminated logout or exit from the ssh session and the ssh tunnel is closed.
plink -ssh -L 5900:127.0.0.2:5900<user>@<remotesystem>
Once the connection is established open the VNC client and connect to localhost.
SUSE Technical Support does not provide support for the Windows applications.
- Document ID:7000593
- Creation Date: 25-Feb-2009
- Modified Date:15-Mar-2021
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org