Mac Server Series: How to create an SSH tunnel for a secure VNC connection
Welcome to the site. Our most popular posts are a series of video tutorials on How To Use Your Mac As A Server. We also answer your Mac questions. Just Ask FMB Feel free subscribe to our RSS feed. Thanks for visiting!
VNC is a convenient way to control a remote computer. The problem is that VNC isn’t secure. But with a little effort you can create an SSH tunnel that will keep your VNC connection safe and secure. This video shows how.
On the remote (controlled) computer you’ll need a VNC server, such as the free Vine Server, or you can turn on “Apple Remote Desktop” under the System Preferences Sharing pane.
On the local (controlling) computer, you’ll need a VNC client like the free Chicken of the VNC.
To create the SSH tunnel, you’ll need the free application JellyfiSSH (if you don’t want to type the SSH commands in the Terminal yourself.)
Watch it here: How to create an SSH tunnel for a secure VNC connection
May 5th, 2007 at 8:59 am
Well… as I see it, by activating VNC on the server via remote-desktop you also open it up to the world (firewall-hole gets created)… So… even if you connect to it through an ssh-tunnel from the client, the insecure service is still available on the server… People not into this might believe from your video that they don’t even need to specify a VNC-password, as they will just be connecting securely through ssh… Got my point?
May 18th, 2007 at 10:14 am
hi,
another very useful video, this one is giving me trouble though, I get an authentication failed every time I try to connect using the localhost/chicken connection
any suggestions or other tutorials you can point me at
i get jellyfish to connect but cant get chicken to use that connection
Pz
May 18th, 2007 at 11:02 am
JellyfiSSH worked flawlessly and I am able to connect the SSH tunnel. However, Chicken of the VNC does not connect and I receive a connection terminated message. I believe I have the VNC Server setup correctly because I am able to access it on the local network. Therefore, I think it is a firewall issue. Can anyone help?
June 6th, 2007 at 10:21 am
Hi. Nice tutorial. Works perfectly on a LAN.
But to do it over the internet between 2 locations i have a problem. I configure the ssh tunnel as the video shows it and since the machine i need to access remotely is on a lan behind a router, i have configured port forwarding on this router (both ports 5900 and 22) for redirection. Once i launch connection from jellyfish the terminal opens up and i am asked to input a password. Once the password is input i get this message :
“bind: Address already in use”
i’ve googled around and it seems that this is a classical problem with ssh port forwarding… but how do i solve it ????
thx
laurent
June 8th, 2007 at 9:12 am
I believe is a NAT issue, probably nor Firewall. If you want to acces from outside your local network you may need to redirect a port on your router, so your conection from outside the network “seems” an internal connection for your VNC Server.
Jordi
June 11th, 2007 at 7:56 pm
The How to create an ssh tunnel for VNC and VNC connecting was well done. It assumes, as it looks, one is using 10.4.x… how does one connect to a 10.3.x OS X install using VNC?
July 19th, 2007 at 4:56 am
Hi - I believe you may have to pport forward the port 5900 or 5901 (depending on what you are using) through your firewall.
July 25th, 2007 at 9:35 pm
I am having the exact same problem. No problems just SSh into the server in terminal but Chicken of the vnc sends back connection terminated message. Did you find a fix?
July 28th, 2007 at 10:52 am
When I tried this over my LAN I got a “bind: Address already in use” message after I entered my SSH password in the terminal window that jellyfissh generated.
Another try got this message:
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 5900
Could not request local forwarding.
I fixed it by turning off remote login on my client machine. I assume it was using port 5900.
August 1st, 2007 at 1:08 pm
I right there with you guys. Kinda useless without GUI access.
August 1st, 2007 at 1:30 pm
Finally!
I was using the password for the SERVER machine in CotVNC (as in the overall administrator’s account OS X password).
What I should have been using was the VNC password in SysPrefs/Sharing/Apple Remote Desktop/”VNC viewers may control screen with password”.
Is it possible that this is your problem?
August 6th, 2007 at 8:26 am
@Rob, try changing the profile-> color settings. I find that the ‘Let Server Decide’ works OK but sometimes other settings will not (and result in same error you are seeing).
@Richard, thanks for the series of articles - some nice stuff!
August 15th, 2007 at 12:47 am
Thank you so much!