This will show what needs to be set-up and installed to use a secure line from a Linux box (eg. Ubuntu) to a Windows box via SSH-tunneled VNC but without the load of Cygwin installed on Windows. I used the nicely small package SSHWindows.
SSH server for Windows (on Windows machine)
- Download SSHWindows and run the installer. An alternative could be WinSSHD from bitvise. It’s 30 days trail and closed, though. You’ll be prompted with the warning to edit the passwd file. Read
quickinstall.txtorreadme.txtfor more details located in the install folder for%PROGRAMFILES%\OpenSSH\docs(hit WIN-KEY+R and copy&paste the path there for quick access). - From a prompt cd to
%PROGRAMFILES%\OpenSSH\bin. (WIN+R and typecmd, hit ENTER,c:ENTER,cd %PROGRAMFILES%\OpenSSH\bin) - Run the following (replace
<username>with the Windows username that should log in from Ubuntu):
mkgroup -l >> ..\etc\group
mkpasswd -l -u <username> >> ..\etc\passwd - Start opensshd as Windows service:
net start opensshd - Open incoming port in Windows firewall:
netsh firewall add portopening TCP 22 "OpenSSHd"
The “OpenSSHd” bit can be chosen individually; it’s only a string to identify this entry. - Test login locally with eg. PuTTY and than test it from the Linux box (
ssh winuser@winip). You might need to do some firewall (Windows and/or iptable) config. If your Linux box has to go through some kind of router/firewall machine you’ll most likely have to add port forwarding on that firewall to pass port 22 (SSH port) to the windows machine’s IP.
Install TightVNC (on Windows machine):
- Don’t forgett to click the options to setup VNCServer as Windows service and start it after installation.
- Open TCP port 5900 temporarily for testing like for opensshd:
netsh firewall add portopening TCP 5900 "VNCincoming" - Test it from Ubuntu with
vncviewer <windows-machine-ip> - If it works close the port in Windows firewall. You won’t need that hole any longer:
netsh firewall delete portopening TCP 5900
- Configure tunneling VNC through SSH (on Linux box):
ssh -L <local port>:<remote computer>:<remote port> <user>@<remote ip>andvncviewer 127.0.0.1- Test vnc connection again using -via option:
vncviewer -via user@host localhost:0
- Use compression in ssh?
- GNOME applet/shell skript?
References:
- Ubuntu guide to set up Ubuntu and Windows using Cygwin
- Tunnel VNC through SSH
- SSHWindows
- TightVNC (VNC Server for Windows) with their Win32-Documentation
- VNC over SSH : securing the remote desktop
- Command Line Manipulation of Windows XP SP2 Firewall
- Information on the vncviewer -via option
- SSH Tunneling Made Easy
- Using VNC Tunneling over SSH







