Tunneling you VNC connection over SSH
There are two ways you can connect to a remote Linux server:
- SSh which is the most preferred way of doing it
- VNC which is also nice but not as nice
Well, you can also telnet but dude! This is 2019 man!
Why is VNC not as nice?
VNC is unencrypted unlike SSH and this makes it less secure. It is however nice since it is GUI based and very friendly for people who don’t like to use the terminal [Which is a really weird thing if you’re using Linux].
Now to make sure your Linux server is very secure, you can opt to tunnel your VNC connection over SSH thereby gaining SSH’s encryption benefits.
How do you do that?
For VNC to work, you usually need to allow a port e.g 5900 in your firewall settings. You can also allow like a range of ports, these port(s) are what you’ll use to connect.
In our way, remove the line allowing the port(s) from your firewall config.
If you had allowed a single port, run this on your terminal:
$firewall-cmd — zone=public — remove-port=<port>/tcpIf you had allowed a range, run:
$firewall-cmd — zone=public — remove-port=<port-port>/tcpAfter that, reload your firewall by running:
$firewall-cmd --reloadIf you’re unsure of which ports you had allowed, you can run:
$firewall-cmd --list-portsNow that the ports have been removed from the firewall exceptions, you’ll get an error if you try to VNC into your server.
It’s time to create the tunnel to your server now.
Run the following line on your client terminal:
$ssh -L 5901:127.0.0.1:5901 -N -f -l admin <remote server ip>The command above instructs ssh to create a tunnel on the specified ports.
Launch VNC client and enter: 127.0.0.1:<port> e.g. 127.0.0.1:5901
Voila! You are now connected via a tunnel.
