SSH Port Forwarding and VNC on a Mac
Virtual Network Computing (VNC) is a graphical desktop sharing system that makes it possible to remote control one computer from another computer. It uses a client-server model so that a client on one operating system can connect to a server on a different operating system.
One problem with VNC is that the RFB protocol it uses is not encrypted. That is why ssh port forwarding comes to the rescue. SSH port forwarding is a way for you to connect to a port on your local machine and have the data transferred securely on another computer. The reason it is secure is because Secure Shell (SSH) uses public-key cryptography to authenticate to the remote computer.
The first thing you want to do is start VNC on the server. For example, if you have a server called serverA you would start it by running:
$ vncserver -geometry 1024×768 -depth 16 :21
The command above would start the VNC server of window size 1024×768 with depth 16-bit on screen 21. The screen value is arbitrary and can be any two digit value. The first time you start VNC server, you will be asked to provide a password. You would use this password to log in from the client.
On your client machine called clientA, you would make an ssh port forwarding by running the following:
$ ssh -L 5920:localhost:5921 root @ serverA
The command above would create a secure tunnel between the client and the server on TCP port 22. ClientA will connect to serverA as user root. By default, VNC uses TCP port 5900 to connect to the server but you can specify any value for the last two numbers. In this example, 5920 is the port on clientA that VNC is listening on. 5921 is the port on serverA that you specified earlier when starting the VNC server. The -L option specifies that clientA should listen on port 5920 on the local computer and forward any data it receives to serverA on port 5921. The port forwarding is done through the ssh tunnel so that it is encrypted.
Since you are on a Mac OS X computer, you would be starting the VNC client using an application called vncviewer. However, an easier way would be to use a software called Chicken of the VNC. It is a fast, lightweight VNC client for Mac OS X and it is free. Once you have downloaded and installed it from SourceForge, open a new connection with the following configuration:
Password: <same password you specified for the VNC server>
You should now be able to see the remote desktop on serverA. Enjoy!
Incoming search terms:
- ssh port forwarding mac
- vnc port forwarding mac