If you are connecting to a remote desktop using the virtual network computing (VNC) protocol, your connection may be insecure. Some VNC clients, such as the popular TightVNC, do not encrypt your connection after the initial login phase. To work around the problem, you can tunnel the VNC connection through a Secure Shell (SSH) tunnel.
The SSH tunnel not only provides a completely secure connection for VNC, but also allows VNC connections when the typical VNC port (port 5901) is blocked. Some corporate networks will block public ports such as port 5901 for added security, so tunneling VNC over SSH will get you around this issue.
Windows 10 does have a built-in SSH client thanks to Windows PowerShell, but this is only a recent development. If you want to learn how to tunnel VNC over SSH, it is recommended to use PuTTY to connect to your SSH server.
PuTTY offers a graphical user interface that can be easily configured so that you can tunnel other software, such as your VNC viewer, over the connection. For this to work, you will need a suitable SSH server installed on the remote desktop PC or the server that you want to connect to via VNC.
- First, download PuTTY and open the client.
- The main session menu allows you to enter the IP address or hostname of your server. Enter the address of your SSH server in the Hostname (or IP address) text box. If your SSH port is different from the standard port 22, enter it in the Port field.
- You will also want to save this session, so in the “Saved Sessions” text box, add a suitable name for your SSH connection, then click the “Save” button.
- On the left menu, expand the Connection tab, then do the same for SSH. Click Tunnels.
- In the Port Forwarding section of the Tunnels menu, you will provide information to allow PuTTY to tunnel your VNC connection over SSH. In the Source port text box, enter 5901. In the Destination text box, enter your remote IP address: 5901 using the IP address of the remote desktop or server. For example, 192.168.1.100:5901 will do.
- Go back to the session section, click the name of your saved session in the Saved Sessions section, then click Save to save your settings.
- When your PuTTY settings are ready, establish an SSH connection by clicking “Open” at the bottom. You will be required to enter the username and password required for the SSH connection when PuTTY tries.
- After the login process is complete, you will be given access to an SSH terminal window for your remote desktop.
Now that the SSH tunnel to the remote desktop server is active, you can establish a VNC connection. You can use any VNC client of your choice, but this guide will show you how to connect using TightVNC, the popular and free VNC client for Windows and Linux.
You can minimize PuTTY while the connection is active.
Connect using TightVNC
If your SSH connection is active, connecting with TightVNC is pretty easy. This assumes that your VNC server is running on your remote PC or server.
- First, open TightVNC In the Connection section, enter localhost :: 5901 or 127.0.0.1::5901 in the Remote Host text box. PuTTY monitors this port and automatically forwards this connection, when an attempt is made, to your remote server.
- You can further customize your VNC connection by clicking Options, but if you’re ready to connect, click Connect.
- You will be prompted for your VNC server password, so enter it in the VNC Authentication popup and click OK.
If your SSH connection is working properly, TightVNC should load a VNC Remote Desktop window, ready to use.
SSH Customers with Tunneling Support
However, other VNC clients include SSH tunneling inside the client itself. One example is SSVNC, which, although basic, will tunnel through SSH before establishing a VNC connection. SSVNC is supported by Windows and Linux operating systems.
- Open the SSVNC client and fill in the required fields in the main SSVNC client window. In the VNC Host: Display section, enter SSHusername @ remoteIPaddress: 1. Replace SSHusername with the username you will use for your SSH connection and replace remoteIPaddress with the IP address of your remote desktop. For example, email@example.com: 1.
- Before connecting, make sure you have selected the Use SSH or SSL + SSL option. When ready, click the Connect button.
- You will be prompted for your SSH password in a pop-up terminal window. Enter your password and press Enter on your keyboard.
Once the SSH tunnel is active, your VNC connection will start and your VNC client window should appear where you can start using your remote desktop.
Although VNC connections are not encrypted by default, Microsoft’s own Remote Desktop Protocol is encrypted. If you are using Windows and plan to connect to a remote Windows PC or server, you can connect using the Remote Desktop Connection tool.