VNC secure tunneling using Windows PuttY ssh client


Objective: Getting secure (and fast) connection from Windows environment to remote VNC server behind router/firewall  with ssh server installed.

Achieved results: Secure connection to remote desktop using open source VNC or Tight VNC software (that is normally doesn’t encrypt traffic other than password). As a “side-effect”, shorter response times achieved due to ssh efficient traffic compression. Also, no additional port is left open other than ssh port on remote server/router/firewall.

Software: VNC or TightVNC server on remote end and viewer on local computer, PuTTY Windows ssh client, ssh server installed on server/router/firewall

  1. To start, download PuTTY and open the client.
  2. The main Session menu allows you to type your server IP address or hostname. Type your SSH server address in the Host Name (or IP address) text box. If your SSH port is different from the standard port 22, type this in the Port box.
  3. You’ll also want to save this session, so in the Saved Sessions text box, add a suitable name for your SSH connection, then click the Save button.
  4. In the left-hand menu, expand the Connection tab, then do the same for the SSH. Click on Tunnels.
  5. In the Port forwarding section of the Tunnels menu, you’ll be providing the details to allow PuTTY to tunnel your VNC connection over SSH. In the Source port text box, type 5901. In the Destination text box, type your remote IP address:5901, using the IP address of the remote desktop PC or server, and type add.
  6. Return to the Session section, click on your saved session name under Saved Sessions, then click Save to save your settings.
  7. With your PuTTY settings ready, make the SSH connection by clicking Open at the bottom. You’ll be required to insert the username and password required to make your SSH connection as PuTTY makes the attempt.
  8. Once the login process is complete, you’ll be given access to the SSH terminal window for your remote desktop.
  9. With the SSH tunnel to your remote desktop server active, you’ll now be able to make a VNC connection.
  10. Open TightVNC to begin. In the Connection section, type localhost::5901 or 127.0.0.1::5901 into the Remote Host text box.
  11. You’ll be asked for your VNC server password, so provide this in the VNC Authentication pop-up window, then click OK.

Leave a Reply

Your email address will not be published. Required fields are marked *