How to Configure a SSH Tunnel On A VNC Server – Ubuntu 14

VNC is short for ‘Virtual Network Computing’. It’s a simple method for sharing a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.

Pre-Flight Check

• These instructions are intended for configuring a TightVNC VNC Server to Use an SSH Tunnel on a single Ubuntu 14.04 LTS node.
• I’ll be working from a Liquid Web Core Managed Ubuntu 14.04 LTS server, and I’ll be logged in as a non-root user, but with sudo access. For information on giving a user sudo access visit our page on How to Add a User and Grant Root Privileges on Ubuntu 14.04.
• If you don’t already have a desktop environment installed on your server then you can follow our tutorial on How to Install the Xfce Desktop Environment on Ubuntu 14.04 LTS. If you don’t already have a TightVNC VNC Server then you can follow our tutorial on How to Install VNC Server on Ubuntu 14.04 LTS.

We’ll have to configure a new xstartup file, so let’s take a backup of the original:

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor

vim ~/.vnc/xstartup

Insert the following into the new file:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

Save and exit, and then correct the permissions on the new file:

sudo chmod +x ~/.vnc/xstartup

We’re going to use vim to create and edit a service file for the vncserver service.

sudo vim /etc/init.d/vncserver

There are four sections that will be added to the service file. The first sets up the environment that the service will run. Here you can manipulate the user, which in this case is exampleuser, and the display resolution, which in this case is 1024×768:

#!/bin/bash
PATH=”$PATH:/usr/bin/”
export USER=”exampleuser”
DISPLAY=”1″
DEPTH=”16″
GEOMETRY=”1024×768″
OPTIONS=”-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost”
. /lib/lsb/init-functions

Using the -localhost feature is what limits VNC Server connections to ONLY possible once connected via an SSH Tunnel.

The second sections binds the start command to two functions: starting a VNC server and a message stating that it is being started:

case “$1” in
start)
log_action_begin_msg “Starting vncserver for user ‘${USER}’ on localhost:${DISPLAY}”
su ${USER} -c “/usr/bin/vncserver ${OPTIONS}”
;;

The third sections binds the stop command to two functions: stopping the VNC server and a message stating that it is being stopped:

stop)
log_action_begin_msg “Stopping vncserver for user ‘${USER}’ on localhost:${DISPLAY}”
su ${USER} -c “/usr/bin/vncserver -kill :${DISPLAY}”
;;

The fourth sections binds the restart command to running the stop and start command:

restart)
$0 stop
$0 start
;;
esac
exit 0

And then correct the permissions on the new file:

sudo chmod +x /etc/init.d/vncserver

Start VNC Server:

sudo service vncserver start

Stop VNC Server:

sudo service vncserver stop

Restart VNC Server:

sudo service vncserver restart

netstat -plant

Shows:

Proto  Recv-Q  Send-Q  Local Address  Foreign Address  State  PID/Program name
tcp    0       0       127.0.0.1:5901   0.0.0.0:*        LISTEN 27760/Xtightvnc

Per the previous article (How to Install VNC Server on Ubuntu 14.04 LTS), that means that VNC is listening on port 5901. But, instead of listening on all IPs (0.0.0.0:5901) VNC is only listening on 127.0.0.1, or localhost.

To Connect via Linux

First, establish an SSH tunnel:

ssh -L 5901:127.0.0.1:5901 -N -f -l exampleuser ip_address

Then connect to localhost:5901 via a VNC viewer such as TightVNC.

To Connect via PuTTy

Under Connection -> SSH -> Tunnels add:

Source port: 5901
Destination: localhost:5901

And connect to your server at its IP address and port 22 via PuTTY.

And then connect to localhost:5901 via a VNC viewer such as TightVNC.