Tunnelling VNC Through SSH
In some lab environments it’s impossible to use VNC to access remote machines due to security practices(ports being blocked, BSOs, etc). If your job requires you to access those machines pretty frequently this can be a huge headache. Thankfully, we can work around this and tunnel VNC using SSH. In my experiences SSH is almost always available.
This process basically relies on port forwarding, so use good judgement and be careful of firewalls – they may impact your ability to do this successfully (although for me, Zonelabs Integrity Client did not have problems).
SSH can allow you to forward a local port to a destination port and vice versa. Since VNC generally uses the 5900 range (by default on Windows, and usually 5901, 5902, etc on *NIX), you can forward those ports to other ports locally. In my environment I have to go to a jump point server, and then from the jump point to my target server. For you in may not be this difficult.
I’m using a Windows XP machine with cygwin installed. I haven’t tried using putty, so I can vouch for it.
Open a command line terminal:
ssh -g -L 5902:donner:5900 -C administrator@robstestserver.com
Again, the trick in my environment is I have to jump from the target host to the jump point, and from the jump point to my local machine. The -g and the -L allow me to do this. The -C is for compression.
Now open up a VNC Viewer and enter the following and you should see the contents of your target system in the VNC window.:
localhost:5902
In the example I gave above, it tells SSH to connect with Compression to robstestserver.com (the jump point server) as administrator, and then once there forward port 5900 on machine donner (which is defined in robstestserver’s hosts file) to port 5902. Then the VNC viewer on your machine is opened to port 5902 and uses that for I/O to port 5900 on donner.
This is a pretty nifty little trick to getting around the sometimes painful lab security.
If you have any questions or problems post them in the comments.
