Setting Up VNC, SSH Tunnels, and RDP

Thomas Pepler

June 11, 2015

If you have suggestions for improving this document, please email them to:
[email protected]

Contents
1 Connecting to DOE Linux Machines with PuTTY 2
1.1 Download and Setup PuTTY . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Configure PuTTY with DOE Connection Settings . . . . . . . . . . . . . . 2
1.3 Start an SSH Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 Setting up a VNC Session 2

2.1 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Creating Your VNC Password . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Changing the Default Desktop Environment and Other Settings . . . . . . . 4
2.4 Creating a New VNC Session . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.5 Listing Your VNC Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.6 Killing a VNC Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3 Adding an SSH Tunnel for Your VNC Session 6

3.1 Find an Available Port to Use For Tunneling . . . . . . . . . . . . . . . . . 6
3.2 Add an SSH Tunnel to Your VNC Port . . . . . . . . . . . . . . . . . . . . 7

4 Using a VNC Viewer to Access the VNC Session 8

4.1 Download, Install, and Run a VNC Viewer . . . . . . . . . . . . . . . . . . 8
4.2 Launch PuTTY and Log In to the SSH server (if not on the DOE network
/ off campus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3 Open the VNC Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5 Adding and using SSH Tunnels for RDP (Windows machines) 10

5.1 Adding the Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.2 Connecting to the Remote Machine . . . . . . . . . . . . . . . . . . . . . . . 11

Page 1 of 13
1 Connecting to DOE Linux Machines with PuTTY
1.1 Download and Setup PuTTY
1. If you do not already have PuTTY installed on your computer, then go to the fol-
lowing link, download and install a copy of PuTTY (on Windows OS, I recommend
using the Installer executable).
http://www.chiark.greenend.org.uk/˜sgtatham/putty/download.html

1.2 Configure PuTTY with DOE Connection Settings

1. The easiest way to configure PuTTY is to download the Windows registrey keys
available from the Department of Electronics (DOE) website, here. (If this link is
broken let me know.)
Alternatively, in PuTTY set the ”Host Name”, ”Port”, and ”Connection Type” to
those shown in figure 1. Then save these settings by typing a name in the ”Saved
Sessions” field (the instructions assume it was ’doe’) and click ”Save”. You can then
skip the remaining steps in section 1.2.

2. Find where you saved the file and double-click it, this should automatically add the
keys to your Windows Registry. The next time you run PuTTY there should be a
saved session named ’doe’ (see figure 1).

3. Load all the settings for the saved session by selecting the name and click ”Load”.

1.3 Start an SSH Session

1. At the bottom of the Sessions setup page, click Open.

2. If this is the first time logging in to this server, you may be asked to add a security
key for it; choose Yes to store the key and you will not get this warning next time.

3. A command prompt should pop up. Enter your DOE username and password at the
prompts. From the SSH server prompt, you can ssh to other Linux machines to run
CAD tools, or to start a VNC session.

2 Setting up a VNC Session

This section describes how to use your local Windows machine to set up a remote VNC
session that runs on the DOE Linux machines. The advantage of using VNC is that the
session remains running even after the connection to it has closed (i.e. your applications
remain open even after you close the VNC viewer).

Page 2 of 13
 Figure 1: An example of PuTTY with saved sessions, showing the ’doe’ saved session.

2.1 Preparation
1. Log in to the Linux server on which you want to create a VNC session. If necessary,
open a terminal. If you are using PuTTY, and followed the instructions in section 1,
at this point you will have to enter ”ssh <server you want your VNC session on>”,
e.g.: ”ssh odin”. You should now be ready to type commands at the prompt.

Note: I have tried to stick to the following conventions related to using terminal commands:
when asked to ”enter” something at the prompt, this means type it and then push ’Enter’
or ’Return’ on the keyboard; when directed to ”type” something, this means to type it, but
omit the ’Enter’ or ’Return’.

Page 3 of 13
2.2 Creating Your VNC Password
The first and most important thing to do is create a password (not only for your own
protection, but anyone else who uses the machine).

1. At the prompt, enter vncpasswd. You will be directed to enter the password (no
characters get echoed to the terminal while you enter your password), and then enter
it again to verify against any typos.

2. If everything worked fine, you will be back at the prompt and your VNC session
logins are now secured with a password.

An example:
odin ( tpepler ): ~ $vncpasswd
Password :
Verify :
odin ( tpepler ): ~ $

2.3 Changing the Default Desktop Environment and Other Settings

If you have never run VNC before, then your xstartup script will not exist in your .vnc
directory yet. In that case, skip to section 2.4 to make a ”dummy” session causing the
creation of your xstartup file, then section 2.6 to kill the session, then return here to change
some of the default settings.

1. To get the gnome desktop environment to load when you create your VNC session,
uncomment the two lines at the top of the xstartup script just after the comment
”Uncomment the following two lines for normal desktop”. Use any text editor to do
this, but the easiest might be: nano ~/.vnc/xstartup, you can replace ’nano’ in the
command with ’vi’, ’gedit’, or your own preferred editor.

2. While you’ve got the xstartup script open, you may as well make another change. To
allow copy/paste from the VNC viewer window to the client (e.g. Windows) machine,
add the line ”vncconfig -nowin &” before the two lines you just uncommented. In
general, for vncconfig to work it must be called before the desktop environment
startup (in this case, before those two lines).

3. Save the file. Your xstartup should now look similar to this:

# !/ bin / sh

# allow copy / paste , but do not pop up a window :

vncconfig - nowin &

Page 4 of 13
# Uncomment the following two lines for normal desktop :
unset SESSION_MANAGER
exec / etc / X11 / xinit / xinitrc

[ -x / etc / vnc / xstartup ] && exec / etc / vnc / xstartup

[ -r $HOME /. Xresources ] && xrdb $HOME /. Xresources
xsetroot - solid grey

# xterm - geometry 80 x24 +10+10 - ls - title " $VNCDESKTOP Desktop " &

2.4 Creating a New VNC Session

1. Everything should now be set up, so start a new VNC session with a specific resolution
and colour depth as follows (note: 24-bit colour is required for some CAD programs,
e.g.: Cadence Virtuoso):

odin ( tpepler ): ~ $vncserver - depth 24 - geometry 1920 x1080

New ’ odin . doe . carleton . ca :9 ( tpepler ) ’ desktop is

odin . doe . carleton . ca :9

Starting applications specified in / home / tpepler /. vnc / xstartup

Log file is / home / tpepler /. vnc / odin . doe . carleton . ca :9. log
odin ( tpepler ): ~ $

2. The first line that is printed by the vncserver program tells you which server and
display number is associated with this new VNC session. In the example above, the
server is ’odin.doe.carleton.ca’ and the display is ’9’. Take note of these, as you will
need them to connect using your VNC viewer or when creating an SSH tunnel.

2.5 Listing Your VNC Sessions

1. The vncserver program maintains a set of files in your .vnc directory for each VNC
session you have created. Currently running sessions are the files with a .pid exten-
sion, so to list your currently running sessions type ”ls ~/.vnc/*.pid”. e.g.:

odin ( tpepler ): ~ $ls ~/. vnc /*. pid

/ home / tpepler /. vnc / loki :3. pid
/ home / tpepler /. vnc / odin . doe . carleton . ca :11. pid
/ home / tpepler /. vnc / loki :4. pid
/ home / tpepler /. vnc / odin . doe . carleton . ca :9. pid

Page 5 of 13
/ home / tpepler /. vnc / loki :6. pid
/ home / tpepler /. vnc / oslo . doe . carleton . ca :1. pid
odin ( tpepler ): ~ $

2.6 Killing a VNC Session

From time to time, you may need to close your VNC session (e.g. a program has locked up
and you can’t recover). To do this, you need to know the server and VNC display number.

1. SSH in to the server using PuTTY, as outlined in section 1 and section 2.1. You
must be SSH’d (or logged in somehow) to the server with the VNC session you want
to kill.
2. Now issue the command ”vncserver -kill :<display number to kill>”.

For example, if I wanted to kill my odin:11 session:

ssh ( tpepler ): ~ $ssh odin
tpepler@odin ’ s password :
odin ( tpepler ): ~ $vncserver - kill :11
Killing Xvnc process ID 7881
odin ( tpepler ): ~ $

3 Adding an SSH Tunnel for Your VNC Session

This section describes how to use an SSH tunnel to access your VNC session from outside
the DOE network (e.g. somewhere else on campus, or off campus completely).

3.1 Find an Available Port to Use For Tunneling

1. On your Windows machine, open cmd.exe by: (a) Using the Start menu search to
find a program called ”cmd.exe”; or (b) type [Windows key]+R to open a run dialog,
and enter ”cmd”.
2. At the cmd prompt enter ”netstat -ano | find "<port_number>"”. For the <port_number>
you can put any number, but I suggest sticking to 4-digit numbers; 1234 seems to be
open on most systems.
3. If the command returns nothing, then the port is available for your use (make a note
of the number to use in a later part of the instructions). If the port is already being
used, the command will return some information about the port. An example of the
command first for an unused port number, then a used port number are shown in
figure 2.

Page 6 of 13
 Figure 2: Example of finding an open (”1234”) and used (”1972”) port.

3.2 Add an SSH Tunnel to Your VNC Port

1. If you have the PuTTY prompt already open, click on the icon in the top left corner
of the window (see figure 3) and choose ”Change Settings...”, if you’ve just started
PuTTY but not opened a connection, make sure you’ve loaded the settings for ’doe’
first (check that the Host Name and Port fields are set correctly). Either way, you
should now see a PuTTY configuration window like that shown in figure 1.

2. On the navigation panel on the left, expand (if needed) Connection, and then SSH,
then select Tunnels (you may need to scroll down).

3. In the Source port field, type in the open port you found in section 3.1. In the
Destination field type in the server and port in the format ”<server>:<port>”; for
VNC ports, the port number is calculated as [5900] + [display number] (remember
the one I told you to note down in section 2.4?).

4. Make sure the Local and Auto radio buttons are selected, then click Add to add this
tunnel to the list. See figure 4 for an example.

Page 7 of 13
 Figure 3: The PuTTY window icon to access the ”Change Settings” form.

5. Now select the Session category on the left pane of the PuTTY window, click ’doe’
and choose Save to save the setting you just changed (i.e. added a tunnel).

6. Finally, choose Apply at the bottom to apply the changes.

4 Using a VNC Viewer to Access the VNC Session

4.1 Download, Install, and Run a VNC Viewer
If you already have a VNC viewer installed, that should be fine, if not, RealVNC offers a
nice one.

4.2 Launch PuTTY and Log In to the SSH server (if not on the DOE network / off
campus)
If you were following the tutorial so far, PuTTY should already be running and logged
into the DOE. Each time you want to access your VNC session from off-campus, you will
have to first launch PuTTY and log in as described in section 1.3. If you are on campus

Page 8 of 13
Figure 4: Adding a new SSH tunnel.

Page 9 of 13
 Figure 5: Entering the server in the VNC Viewer dialog.

and connected to the DOE network, SSH tunneling (e..g. through PuTTY) should not be
needed.

4.3 Open the VNC Session

1. If you are on campus and connected to the DOE network, open the VNC Viewer
program and in the server field enter ”<server>:<display number>” (e.g. odin:9 as
per the example from section 2.4).

2. If off campus (or not connected to DOE directly), make sure you have PuTTY run-
ning and logged in, then in the server field enter ”localhost::<local port>”, where
<local port> is the ”Local” port you entered in section 3.2, e.g. see figure 5.

3. Finally, click Connect, if you get a warning about this being an unencrypted connec-
tion just continue anyway (and you can opt to not have the warning again), next you
should be prompted to enter the password that you set earlier, if that works your
VNC session should pop up.

5 Adding and using SSH Tunnels for RDP (Windows machines)

An alternative to VNC is Remote Desktop Protocol (RDP), and is what you would use to
access most machines running the Windows OS, e.g. the VLSI Windows servers maintained
by Nagui, or your office computer (if it’s running Windows).
The corresponding viewer, Remote Desktop Connection, is usually installed by default
on Windows; it is also available for Mac OS X, and there are equivalents for Linux (and
probably other OSes).

Page 10 of 13
 The process for using SSH tunnels to allow RDP access is basically the same as for
VNC, as shown below.

5.1 Adding the Tunnel

1. The default port for RDP is 3389 (although this can be changed by the administrator;
maybe there’s a way to find what it is, please let me know if you find out how).

2. Follow the same steps as in 3.1 and 3.2, except the destination port should be 3389
(or whatever else, if not the default), e.g.: ”134.117.38.203:3389”.

Note: For the VLSI servers maintained by Nagui, you will have to use the IP address
rather than the machine name, as the DNS does not seem to be configured for them.
Following is a list of the server names and corresponding IPs:

Server IP address
arboothroyd 134.117.38.15
macopeland (uses IPv6) fe80::1c90:cc21:63ad:da42 *

Marianne 134.117.38.41
Rami 134.117.38.25
Mounir 134.117.38.207
Tewfik 134.117.38.186
Michel 134.117.38.183
Marie 134.117.38.203
Sobhi 134.117.38.195
Galal 134.117.38.196
Celine 134.117.38.68
Aimee 134.117.38.204
* IPv6 addresses like that shown are only supported in
the latest (nightly) builds of PuTTY, and should be in-
cluded in PuTTY 0.65, when it’s released (I assume).
You would need to surround the address in square brack-
ets, e.g.: ”[fe80::1c90:cc21:63ad:da42]:3389”. After
trying all of that, it was still not working for me, let me
know if you have any success.

5.2 Connecting to the Remote Machine

1. Open Remote Desktop Connection, and in the ”Computer” field, type ”localhost:<local port number>”,
e.g. if I used port number 2345, that would be ”localhost:2345” (see figure 6).

Page 11 of 13
Figure 6: Example screenshot of Remote Desktop Connection for a tunnel through local
port 2345.

2. Before connnecting, you can adjust display options by clicking ”Show Options”, and
then the ”Display” tab (see figure 7). Here you can adjust the screen resolution of
the remote session by dragging the slider.
You can also use all monitors (if you have more than 1), by checking ”Use all my mon-
itors...” (although this may not work depending on the version of Windows running
on the remote machine).
As well, you can change the colour depth (24-bit is recommended since some programs
cannot run with less).

3. After making any changes, click ”Connect” and you should be prompted to enter
your username and password. You have to make sure your username also includes
the correct domain, in the format of <domain>\<username>, e.g. vlsi1\tpepler. The
VLSI servers use the domain name of ”vlsi1” while any of the DOE computers have
the domain of ”doe.carleton.ca”.

Page 12 of 13
Figure 7: Example screenshot of Remote Desktop Connection display options.

Page 13 of 13