iEntry 10th Anniversary Rumors News

Mac Server Series: How to create an SSH tunnel for a secure VNC connection

Posted on April 16th, 2007 by Richard


Welcome to the site. Our most popular posts are a series of video tutorials on How To Use Your Mac As A Server. We also answer your Mac questions. Just Ask FMB Feel free subscribe to our RSS feed. Thanks for visiting!

Image
VNC is a convenient way to control a remote computer. The problem is that VNC isn’t secure. But with a little effort you can create an SSH tunnel that will keep your VNC connection safe and secure. This video shows how.

On the remote (controlled) computer you’ll need a VNC server, such as the free Vine Server, or you can turn on “Apple Remote Desktop” under the System Preferences Sharing pane.

On the local (controlling) computer, you’ll need a VNC client like the free Chicken of the VNC.

To create the SSH tunnel, you’ll need the free application JellyfiSSH (if you don’t want to type the SSH commands in the Terminal yourself.)

Watch it here: How to create an SSH tunnel for a secure VNC connection

Posted in Server Video Series, Tips |

13 Responses to “Mac Server Series: How to create an SSH tunnel for a secure VNC connection”

  1. Max Headroom Says:
    May 5th, 2007 at 8:59 am

    Well… as I see it, by activating VNC on the server via remote-desktop you also open it up to the world (firewall-hole gets created)… So… even if you connect to it through an ssh-tunnel from the client, the insecure service is still available on the server… People not into this might believe from your video that they don’t even need to specify a VNC-password, as they will just be connecting securely through ssh… Got my point?

  2. pz Says:
    May 18th, 2007 at 10:14 am

    hi,

    another very useful video, this one is giving me trouble though, I get an authentication failed every time I try to connect using the localhost/chicken connection

    any suggestions or other tutorials you can point me at

    i get jellyfish to connect but cant get chicken to use that connection

    Pz

  3. PT Says:
    May 18th, 2007 at 11:02 am

    JellyfiSSH worked flawlessly and I am able to connect the SSH tunnel. However, Chicken of the VNC does not connect and I receive a connection terminated message. I believe I have the VNC Server setup correctly because I am able to access it on the local network. Therefore, I think it is a firewall issue. Can anyone help?

  4. turkpipotutunu Says:
    June 6th, 2007 at 10:21 am

    Hi. Nice tutorial. Works perfectly on a LAN.

    But to do it over the internet between 2 locations i have a problem. I configure the ssh tunnel as the video shows it and since the machine i need to access remotely is on a lan behind a router, i have configured port forwarding on this router (both ports 5900 and 22) for redirection. Once i launch connection from jellyfish the terminal opens up and i am asked to input a password. Once the password is input i get this message :

    “bind: Address already in use”

    i’ve googled around and it seems that this is a classical problem with ssh port forwarding… but how do i solve it ????

    thx

    laurent

  5. Jordi Says:
    June 8th, 2007 at 9:12 am

    I believe is a NAT issue, probably nor Firewall. If you want to acces from outside your local network you may need to redirect a port on your router, so your conection from outside the network “seems” an internal connection for your VNC Server.
    Jordi

  6. Tim Says:
    June 11th, 2007 at 7:56 pm

    The How to create an ssh tunnel for VNC and VNC connecting was well done. It assumes, as it looks, one is using 10.4.x… how does one connect to a 10.3.x OS X install using VNC?

  7. drew Says:
    July 19th, 2007 at 4:56 am

    Hi - I believe you may have to pport forward the port 5900 or 5901 (depending on what you are using) through your firewall.

  8. Rob McIver Says:
    July 25th, 2007 at 9:35 pm

    I am having the exact same problem. No problems just SSh into the server in terminal but Chicken of the vnc sends back connection terminated message. Did you find a fix?

  9. GOGO Says:
    July 28th, 2007 at 10:52 am

    When I tried this over my LAN I got a “bind: Address already in use” message after I entered my SSH password in the terminal window that jellyfissh generated.

    Another try got this message:
    bind: Address already in use
    channel_setup_fwd_listener: cannot listen to port: 5900
    Could not request local forwarding.

    I fixed it by turning off remote login on my client machine. I assume it was using port 5900.

  10. Wade Says:
    August 1st, 2007 at 1:08 pm

    I right there with you guys. Kinda useless without GUI access.

  11. Wade Says:
    August 1st, 2007 at 1:30 pm

    Finally!

    I was using the password for the SERVER machine in CotVNC (as in the overall administrator’s account OS X password).
    What I should have been using was the VNC password in SysPrefs/Sharing/Apple Remote Desktop/”VNC viewers may control screen with password”.

    Is it possible that this is your problem?

  12. redpaw Says:
    August 6th, 2007 at 8:26 am

    @Rob, try changing the profile-> color settings. I find that the ‘Let Server Decide’ works OK but sometimes other settings will not (and result in same error you are seeing).

    @Richard, thanks for the series of articles - some nice stuff!

  13. Buck O Says:
    August 15th, 2007 at 12:47 am

    Thank you so much!

Leave a Reply