Easy method to tunnel VNC over an SSH connection

This has been done many times in many different ways, but I’ve finally found a workable solution that suits my needs and my setup, and (perhaps most importantly when it comes to ports and tunneling…) that I can get my head around πŸ™‚


So… at home, I have a Windows machine with remote desktop enabled, but I don’t want to open up yet another port on my router or firewall (or to expose a Windows machine to the world) for the few times that I want to get a remote desktop connection to it.

But, I have a web-facing Ubuntu Linux host which I use frequently to access the non-Windows parts of my Home Network – another Linux host, an occasionally used FreeBSD VM, Solaris 10 server, a couple of iMac’s and my ATV2.

I can see the Windows file system ok by ssh’ing in to the Linux box (it’s file system is shared and mounted) but I can’t see or access the Windows desktop when I’m outside of my home network. Doing so is handy for access to the VM Ware vClient to manage my ESX Server, etc.

A solution for this is to tunnel the VNC protocol from my remote host to the Internal Windows server via the (already exposed) SSH connection on my web-facing Linux host. To do this from outside my home, I kick off an SSH session like this:

ssh -L 5900: myuser@www.donaldsimpson.co.uk

that command breaks down like this:

ssh using the -L arg ([-L [bind_address:]port:host:hostport]), which forwards the local port 5900 to, and attaches the tunnel on its port 5900 (the port that RDP or VNC is running on).

Note that the IP address is my “internal” Windows server with a non-routable IP address – it’s accessible to/from my Linux Host (www.donaldsimpson.co.uk), but not from anywhere outside my network.

After that, I specify the SSH logon details for my Linux host and when that connection is made I’m prompted for the password for “myuser@www.donaldsimpson.co.uk“. When that is accepted I am logged on to my Linux box at the console (Cygwin with SSH installed in this case) as per usual, and I’ll need to leave this terminal open. The SSH Tunnel has been created and will end when this session does.

The next and final step is to launch “mstsc” (or VNC or another RDP Client) on my local host and create a connection – not connecting to www.donaldsimpson.co.uk, but toΒ – this is the local end of the tunneled connection; at the other end, via my SSH Host, is the listening port on the Windows host. After supplying the requested credentials, it makes the connection, then finally shows me my Windows Desktop – woohoo, job done.

One thought on “Easy method to tunnel VNC over an SSH connection”

Leave a Reply

Your email address will not be published. Required fields are marked *