Prevent your passwords from being sniffed
In this article, I will talk about how you can tunnel any VNC connections over the SSH protocol, which ensures all traffic is encrypted and secure. I currently use this all the time before remotely connecting to any of my PC’s so that passwords and login info cannot be sniffed.
There are a few prerequisites that have to be completed before you can really use the information in this article.
1. SSH Server – Firstly, you have to setup a personal SSH server that will be used to create the secure VNC tunnel. That is beyond the scope of this article, but you can read a great post by LifeHacker on how to setup a personal SSH server. (That guide is more than a decade old, but still works. A different blog has a newer guide that also works.
2. VNC Server – Secondly, you need to install and configure a VNC server on each machine that you want to connect to.
3. Dynamic DNS – Lastly, if you want to be able to connect to your home computer from outside the local network, you will need to setup a free dynamic DNS account, unless you have a static IP already. You can read my earlier post here on how to setup dynamic DNS. This will allow you to use a unique domain name like myname.homeip.net, etc.
That might seem like a lot of stuff to complete before you can do this and it is! It took me a while to learn everything and get it all working, but once it’s setup and it works, you will feel like you just climbed Mount Everest!
The order in which you would want to complete those three prerequisites is setup dynamic DNS, then setup the VNC server software (fairly straight-forward), and then setup the SSH server.
Tunnel VNC Over SSH
OK, now to the tutorial for learning how to tunnel VNC over SSH! In this article, I will be using TightVNC as my remote control software and Putty as the SSH client. We will use Putty to connect to the SSH client and then use TightVNC to connect to the computer we want to control.
Step 1: Open Putty and click on the Session category in the left pane. In the Host Name box, you need to type in the dynamic DNS address for your home SSH server. Or you can type in the IP address if you have a static IP. Note this is your external IP address for the SSH server.
Also, type a name into the Saved Sessions text box like VNC over SSH and click Save. This way, you won’t have to do this each time.
Step 2: Now expand Connection, then SSH and click on Tunnels. Now type in the source port number and the destination port. The source port for TightVNC is 5900 because that is the port it listens for connections on.
The destination port will be the internal IP address for your SSH server followed by the same port number, i.e. 10.0.1.104:5900.
Step 3: Now click the Add button and it will show up in the list box directly above:
Step 4: You don’t need to change anything else. That’s it really! Now go back to the Session screen and click the Save button again.
You can test it by clicking Open and you should get a command window that asks you for your username and password. After logging into the SSH server successfully, it will bring you to the command prompt. Now you have created a VNC over SSH tunnel!
Step 5: Now open TightVNC and type in 127.0.0.1 in the VNC server field:
Now click Connect and you should be able to connect to your computer remotely! It’s a bit of a process and a little complicated, but if you keep trying, you will get it to work! Once you get the SSH server setup, you can also use that for encrypting your web browsing session!
If you have any questions or can’t figure something out, post a comment and I will try to help you out! Enjoy!