vnc ssh tunnel for remote graphical support

I was doing remote internet support the other day for a friend in England (and noticing how cheap their internet access is eg a fast unlimited O2 package is £21 ($AU31) versus the $AU60-80 we pay in Australia). Here’s how I connect remotely to the person’s desktop in graphical mode, using vnc and an ssh tunnel.

1. I setup a dyndns client (eg dyndns, tinydyndns, ez-ipupdate) so I can connect to the changing ip address of their machine by a dns name eg

local% sudo apt-get install ez-ipupdate

2. I copy my ssh key to their account – this way I’ll always have access and they can change their password in the future:

local% ssh-copy-id

3. I want to connect to vnc running on their desktop, so I can see what they see. But vnc runs on port 5900 and I don’t want to leave that open to the Internet. So I build an ssh tunnel, and startup vnc on the remote machine:

fredbox% ssh -L 5900:localhost:5900
fredbox% x11vnc -safer -usepw -localhost -once -noxdamage \
         -nowf -ncache 0 -scale 2/3 -display :0

4. And finally, I start up my vncviewer on my local Linux/Mac machine, and enter my vnc password when prompted:

local% vncviewer -encodings "copyrect tight zrle hextile" \
  -bgr233 -compresslevel 5 localhost

So here’s a little script that brings it all together:

# kill any previous/hung vnc's
ssh 'pkill x11vnc'
ssh -f -L 5900:localhost:5900 \
    'x11vnc -safer -usepw -localhost -once -noxdamage \
      -nowf -ncache 0 -scale 2/3 -display :0' \
    && sleep 5 \
    && vncviewer -encodings "copyrect tight zrle hextile" \
         -bgr233 -compresslevel 5 localhost
Tags: , ,

Share This


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>