Using VNC over SSH

It is often convenient to be able to control a computer remotely. To accomplish this I recommend using VNC (Virtual Network Computing). Unfortunately, since most networks have firewalls these days, we need to run VNC through an ssh tunnel.

First, you need to install VNC. You can download a copy for free from the VNC website or get a copy of version 3.3.7 for the PC here.

Typical PC VNC servers listen on port 5900.
VNC X-servers listen on port 5901 for server :1, 5902 for :2, etc.
VNC www/java servers listen on port 5800, 5801, ...


VNC needs to be configured to allow loopback connections to work with the reverse-secure tunnel.
(It looks to vnc like the connection is coming from the same machine, even though its not, its been tunneled there from a remote machine)
As of VNC 3.3.4, the default behaviour is disallow loopback connections, and there is no way to enable them from the GUI. There is a backdoor to enable loopback through the registry.
On the registry editor, under HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 add a REG_DWORD with Name="AllowLoopback" and Value="1" (decimal, or 0x00000001 in hex)
Then restart the VNC server. The server should now allow loopback connections.


If you want to allow a VNC connection to your home machine, relayed through BOIM.COM, do the following:

  1. Start up the VNC server, and set an appropriate VNC password.
  2. Open up a secure tunnel to this server with a command like:
         ssh -R 5900:localhost:5900 guest@boim.com
    (Ask aaron for the guest account password, or use your boim.com account)

    If you are not using a command line version of ssh (like a newer version of putty) open a connection to boim.com and set the appropriate port forwarding options. On putty I think its something like "-R 5900:localhost:5900".

Now, people with VNC clients can access your machine with commands like:
  1. ssh -L 5901:localhost:5900 guest@boim.com
  2. vncviewer localhost:1 &

Last modified: Fri Jan 25 07:51:56 MST 2002