VNC over SSH via Linux box between two windows machines

lewiswalsh

7/20/24, 10:32 AM

I'm getting myself very confused trying to figure out how to connect to a VNC server on windows from a remote windows machine via a tunnel to a linux server local to the VNC server.

I'm not looking to have an SSH client on the Windows machine. Being on the same local network as the linux box I should be able to trust communication between the two.

What I'm effectively asking is, can I create an SSH tunnel so that port 5091 on a local windows machine will connect to a VNC server on another Windows machine via a linux box local to the VNC destination?

Can anyone point me in the right direction?

Windows client
      |
      v
  <internet>
      | SSH
      v
  Linux box (Ex IP: 192.0.2.1)
      | LAN
      v
Windows VNC server (Int IP: 192.168.1.1)

2 + 0

ssh

vnc

Score:2

Server

Nikita Kipriyanov

7/20/24, 10:45 AM

In general, you need something like this:

vncviewer -via 192.0.2.1 192.168.1.1

(which works with e.g. tigervnc in Linux). It builds an SSH tunnel automatically.

But you can build this tunnel by hand. First of all, you build a tunnel:

ssh -L 5901:192.168.1.1:5900 192.0.2.1

This will work with Windows's SSH Client feature installed (which is OpenSSH). If you use Putty, you can add this tunnel via session configuration GUI. This will make SSH client to listen on localhost:5901.

Second, you connect with vncviewer to the display localhost:1, to this SSH socket, and if the target destination is working correctly it will tunnel you to the target server's VNC. The target will see you as connecting from 192.0.2.1's local IP (it might be 192.168.1.2 or something like this).

A slight explanation about numbers: in VNC terminology the number after colon means "display number" and not "TCP port number". It gets added to 5900, so display #1 is on the port 5901. If you want to specify port number directly, you use double colon ::. I know, this is confusing, also some VNC clients don't use this scheme or relax these rules (e.g. if port 11801 doesn't answer they try 5901).

+ 1

lewiswalsh

7/20/24, 11:20 AM

Thank you! This cleared up my confusion.

Score:0

Server

lewiswalsh

7/20/24, 11:27 AM

Thanks to @nikita-kipriyanov I was able to figure out how to do it:

ssh -L :5900:<windows VNC server local IP>:5900 <linux box public IP> -l <ssh user> -N

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: VNC over SSH via Linux box between two windows machines

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.