In this example we are screen sharing a Red Hat Enterprise Linux 7 server from a macOS client. VNC is inherently not a secure protocol. VNC passwords often goes thru clear text or no password at all (think telnet and ftp). SSH can be used to help secure your VNC connection from end to end.
Initial password setup
SSH to the server to set your VNC password, the view-only password is optional. NOTE this password should be treated as an insecure password and should not be re-used elsewhere.
| Code Block |
|---|
$ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? y Password: Verify: |
Starting the VNC service
IMPORTANT: The password needs to be set before the service will start successfully.
...
Bug reference https://bugzilla.redhat.com/show_bug.cgi?id=667764
Connecting
From the
...
Server
Issue the following "lsof" command to determine which port the VNC server is set to use. In most cases VNC uses port in the 5900 range. The example below shows it using port 5903.
Code Block $ sudo lsof -i -P | grep -i "listen" Xvnc 1793 igpp 9u IPv4 10810 0t0 TCP *:5903 (LISTEN) Xvnc 1793 igpp 10u IPv6 10811 0t0 TCP *:5903 (LISTEN) $
From the Local Client
On your local client machine, create the tunnel with the port number obtained above. SSH to the server with the following command. The -C flag is optional for compression. Replace <username> with your username. Replace <servername> with name of the server.
Code Block ssh -C -L 5903:localhost:5903 <username>@<servername>.ucsd.edu
Once the ssh tunnel is established you can launch Screen Sharing via the Terminal or from the FinderFinder
via TerminalCode Block $ open vnc://localhost:5903
or
via Finder > Go > Connect to Server...
enter vnc://localhost:5903
- When prompted provide your VNC password. NOTE this password should be treated as an insecure password and should not be re-used elsewhere.
