Pages

27.2.14

Secure VNC connections with Free VNC edition

VNC is a usefull tool which permits to administrate remotely a computer. The free version of this tool has great features, but not the one about SSL communication during a VNC session.
This may result in different security issues, such as traffic sniffing that can cause sensitive data theft. To avoid these possible annoying issues we can route the VNC session inside a SSL connection and secure the communication.

In this tutorial I will show how make a secure tunnel connection and then route the free VNC edition through this tunnel to secure the communication of the VNC session.

What we need:

  • 2 hosts, generally one is depicted as a server and the other one as a client.
    • VNC server installed on the server host
    • VNC viewer installed on the client host
    • freesshd installed on the server host (if windows based) or openssh-server (on linux machines)
    • putty installed on client machine (if windows based) or openssh-client (on linux machines)
 As seen in the post "SSH Tunneling" on this blog is possible to create a secure tunnel between two hosts. Here below we will see the commands that must be used to create a tunnel:

Under Linux machines on the client side:


ssh user@serverip -L <LOCAL_PORT>:127.0.0.1:<VNC_PORT_ON_SERVER>


Where:
  • <LOCAL_PORT> is the port on the client host where VNC connection will be redirected.
  • <VNC_PORT_ON_SERVER> is the port on the server where VNC service is running.
  • The middle address "127.0.0.1" means that the <VNC_PORT_ON_SERVER> on the host 127.0.0.1 (so the server to which we are connecting) will be redirected to <LOCAL_PORT> on the client.
Under Windows machines on the client side:

Start putty and under the Session section place user@serverip in the circled field.

Under SSH->Tunnels:
In Source Port place the equivalent of <LOCAL_PORT>
In Destination place the equivalent of "127.0.0.1:<VNC_PORT_ON_SERVER>"

Once set up, click Open.

Now, both on Windows or Linux machines, you can open the secure VNC session connecting to:

127.0.0.1:<LOCAL_PORT>

In this case the packets will be routed through the ssh connection until they get to the server.

VNC Free + secure connections.


Enjoy