Responsive image

vncviewer via X11 forwarding over SSH tunnels

Date 2024-05-31 12:00

There have been situations where I've needed to access applications that run on my home network, or on Linux from a Windows machine. I found a way to make this work via vncviewer, vncserver, SSH, and X11 forwarding. This is likely a convoluted setup, but it works in a pinch for me.


To start off with, in this example, there are three servers/machines:

  • an Ubuntu 24.04 laptop, let's call "machine #1"
  • a Raspberry Pi 5, let's call "machine #2"
  • a Windows 10 or 11 machine with Windows Subsystem for Linux 2 (WSL2) installed, let's call "machine #3"

For this set up, machine #1 and machine #2 are on the same local area network (LAN), however, machine #3 is located across the Internet.


The setup steps for this involved going to the machine you want to host the vncserver instance. This will be the machine that will load the applications in to memory. In my example, that is machine #3.


  • On machine #3 (the machine I want vncserver on), I run vncserver -rfbport 5901 -geometry 1600x950 -localhost

This makes vncserver only listen on localhost, so we can only access it locally which we will do via SSH.


  • Next, go to machine #2 (the middle server), and run ssh -fX -L 5901:127.0.0.1:5901 -C -N -l USER 192.168.1.101

Replace "user" with your username on machine #3 and the IP address with the IP of machine #3 in this case. This will open up port 5901 on localhost on machine #2, so any application that tries to access 5901 on machine #2 will access port 5901 on machine #3.


  • Now, go to machine #1 and SSH in to machine #2 via, ssh -X -C raspberrypi5_ipaddy

This will enable X11 forwarding with compression. Now, if you run vncviewer & on machine #2 while SSH'ed in from machine #1, you should get a GUI popup of vncviewer asking you to connect. In it, you will input 127.0.0.1:5901 because you want to connect to 5901 on the localhost of machine #2, which then connects to 5901 on machine #3 via the SSH tunnel.


Here is an overview picture of the pre-setup:

For added security, it is good to set up everything with SSH keys only, instead of SSH passwords.


Additionally, if you need to or want to (for whatever reason) you can add more "middle" machines running the command that is running on machine #2. SSH tunnels can be daisy chained. This can be helpful if you are on a restrictive network, like Wi-Fi at a hotel.

Comments

comments powered by Disqus
where randomness meets the internet
~ About me ~
just a human doing random things
~ Follow me ~
~ Interesting Links ~
  • ListenBrainz
  • DuckDuckStart
  • Let Me DuckDuckGo That For You
  • Let Me StartPage That For You
  • The Story Graph
  • EFF
  • GitLab

    • © yano
    Proudly powered by Pelican, which takes great advantage of Python. Thanks to Bootstrap, Subtle Patterns, and Font-Awesome.
    Theme is Lovers by Christine Doig ©.