Divergent Thought

         by Josh Barfield

Reverse SSH tunnel for VNC

without comments

Earlier I mentioned that I had set up a reverse SSH tunnel for VNC so I could remotely work on my mom’s laptop. It’s pretty straight forward but I wanted to explain exactly how I set it up.

One of the reasons I like this so much is I don’t have to worry about the various locations mom’s laptop might be. No punching through firewalls or mapping ports through routers. All of that configuration is done on my end. All she has to do is open a file I placed on her desktop.

OS X (10.6.7 is what I’m using) has built a built in VNC server and VNC viewer. Everything needed is already on your machine; you don’t need any extra software to make this work.

On your machine (the one we’re connecting from):

Navigate to System Preferences -> Accounts and enable create a new standard user. I called mine tunnel. Give this user a simple password that you don’t mind sharing.

Navigate to System Preferences -> Sharing and enable Remote Login for the user you created.

Make sure port 22 is forwarded through your router/NAT and is allowed through your firewall.

To make things simple you might want some sort of DNS updater.

On her machine (the one we’re connecting to):

Navigate to System Preferences -> Sharing and enable Screen Sharing. I enabled it only for her user name. 1

While in the Screen Sharing pane click on Computer Settings. Check the VNC viewers may control screen with password: option and enter a password.

Open your favorite text editor and type inĀ ssh USER@IP -R 5900:127.0.0.1:5900 - where user is the user you created previously on your machine and IP is the IP or host for your machine. Again, a dynamic DNS updater would be ideal here. Save this file with the extension .command so the user will be able to launch it via Terminal. You’ll need to change permissions on this file to make it executable.

Open the file you just created. It should ask for the password 2 for the user you created above. Once entered the tunnel should be established.

Back to your machine (the one we’re connecting from):

Now that the tunnel is established from the other end open Finder and navigate to Go -> Connect to Server (command+k). The server will be vnc://127.0.0.1:0. If you previously enabled screen sharing for a specific user name you’ll need to enter those credentials now.

You should see a window open with the remote desktop within!

 

  1. Since this connection is over a secure tunnel you don’t really need the password authentication. However a password would protect against other users on the same network as the remote machine attempting VNC connections. 

  2. If you intend to do remote connect frequently you could set up SSH keys and eliminate the need to enter an SSH password. 

Written by selcouth

May 10th, 2011 at 1:30 pm

Posted in Technology

«
»