Created by Georgi
Kichukov in March 2002
Revised by Herbert J. Bernstein in September
2002
This page gives step-by-step instructions for the use of VNC via SSH to access Linux under MS Windows at Dowling College. Corrections, clarifications and suggestions for improvement to these instructions would be greatly appreciated. -- H. J. Bernstein yaya@dowling.edu.
These instructions were created after reading the excellent documents at http://www.uk.research.att.com/vnc/sshvnc.html on "Making VNC more secure using SSH" and http://www.uk.research.att.com/vnc/sshwin.html on "SSH-protected VNC: the case of the Windows client and the Unix server". The second page was written by Frank Stajano.
To quote from its home page http://www.uk.research.att.com/vnc/:
VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.In order to use VNC, you run a copy of vncserver on the computer that will generate images to be displayed and a copy of vncviewer on the compute that will actually display those images. The program works very well, but these days it is important to worry about people snooping VNC traffic and extracting passwords or other confidential information. A practical solution to this problem is to combine VNC with a special protocol that encrypts VNC's traffic.
SSH is an alternative to telnet and rlogin which provides a secure mechanism to log into a remote computer. It was defined by T. Ylonen in "The SSH (Secure Shell) Remote Login Protocol", (see http://www.free.lp.se/fish/rfc.txt). SSH is now the default standard (at least in the academic world) for secure terminal connections. It is available in both open source (http://www.openssh.org) and commercial (http://www.ssh.com) versions. For secure communications from Windows, the most commonly used version of SSH is called Putty (see http://www.chiark.greenend.org.uk/~sgtatham/putty/). However, in order to use SSH to protect VNC, we need an SSH feature called local port forwarding, which is not provided by Putty. Therefore, we also make use of a second windows version of SSH from http://akson.sgh.waw.pl/~chopin/ssh/index_en.html, which provides local port forwarding.
Step 1: Download Putty (if you don't have it already)
Note: Putty it is available at the labs in Dowling.
Go to: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Scroll down to: "For Windows 95, 98, ME, NT, 2000 and XP on Intel x86" and
Click on putty.exe to start downloading it.
Step 2: Dowload Pscp (if you don't have it already)
(Pscp, part of the Putty package, is needed to transfer files securely between systems).
Go to:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Scroll down to: "For Windows 95, 98, ME, NT, 2000 and XP on Intel x86"
Click on pscp.exe
to start downloading it. Save it in the same directory as Putty.
Step 3: Download VNC both for Linux and for Windows
Note: VNC Viewer is already installed in the labs at Dowling. VNC
for Linux is
already on arcib.dowling.edu.
Go to:
http://www.uk.research.att.com/vnc/download.html .
Fill out your name, email and organization then select the following packages
for download: (by checking the boxes next to them)
Skip this step is the system you are using already has vncserver.
PSCP is a command line application. This means that you cannot just double-click on its icon to run it and instead you have to bring up a console window. With Windows 95, 98, and ME, this is called an "MS-DOS Prompt" and with Windows NT and 2000 it is called a "Command Prompt". It should be available from the Programs section of your Start Menu. To start PSCP it will need either to be on your PATH or in your current directory. So make the directory where you saved Pscp (when you downloaded it above) your current directory by using the cd command.
For example: If your current directory is c:\WINDOWS and the directory where Pcsp is c:\putty you would type:
to go up
one level
and then cd putty to go to putty directory..
PSCP Usage:
Once you've got a console window to type into, you can just type pscp on its
own to bring up a usage message. This tells you the version of PSCP you're using,
and gives you a brief summary of how to use PSCP:
(PSCP's interface is much like the Unix scp command, if you're familiar with
that.)
To receive (a) file(s) from a remote server:
pscp [options] [user@]host:source target
So to copy the file /etc/hosts from our server arcib.dowling.edu as
user fred to the file c:\temp\example-hosts.txt, you would type:
pscp fred@arcib.dowling.edu:/etc/hosts
c:\temp\example-hosts.txt
To send (a) file(s) to a remote server:
So to copy the local file c:\documents\csh-whynot.txt to the server 149.72.28.28
as user fred to the file /tmp/csh-whynot you would type:
You can use wildcards to transfer multiple files in either direction, like this:
So here is how to upload the compressed Linux package downloaded in step 3
above from c:\temp at the local machine to the directory vnc on the remote machine.
This assumes that the dirctory vnc is prevously created by typing mkdir vnc in
putty.:
c:\temp\pscp *.tgz username@arcib.dowling.edu:vnc
After that type y and at then provide your password which I
step 6: Unzipping the file and running the VNC server
Skip this step is the system you are using already has vncserver.
Log in to your account using Putty and type cd vnc to go to the vnc directory.
Type: gunzip *.tgz to unzip the file. after that you will have one .tar file
Type: tar -xf *.tar to extract the files.
step 7: Starting vncserver
If you have installed VNC in step 6, or if your system manager has installed
it for you, make certain that the VNC binaries and perl are in your path.
Modify your .login and/or .cshrc if necessary. Then type
step 8: Installing and running the the ssh windows client.
Locate the ssh-win32.zip that you downloaded in step 4 above and double click
on it.
Your disarchiving software (assuming you have one) will open up. Usually you
click on
Extract and choose a directory where the ssh-client files will be extracted
to.
Go to that directory and start Ssh32.exe by double clicking on it. Hit OK on
the screen that
comes up. If you are being asked, where's crypt library, browse to "crypt32.dll".
Simple usage:
Field "Host Name" should be filled with "arcib.dowling.edu" (or whatever host you
want to connect to)
Port is 22
Field "User ID" should be filled with your username on the Linux system.
Be sure to select 3des in the cipher type field.
Click on Local forward: