VNC Access
How to set up VNC to be accessed from outside CSAIL
First, be clear about the problem you’re trying to solve. Is VNC (originally for “Virtual Network Computing”) really the best solution? VNC is best for checking in on long-running graphical processes that will continue after your remote client disconnects.* Other kinds of “remote access” needs are often better solved using ssh tunnels, installing programs directly a laptop or remote device, using X11 to run programs on a remote machine and display them locally, or some combination of the above.
Due to security limitations of the VNC protocol (passwords are weak and do not encrypt characters typed or windows displayed), CSAIL does not allow direct VNC connections from outside our network perimeter. However, VNC can safely be tunnelled via SSH as follows:
A. Set up sshd on the host (if necessary)
- For a CSAIL Ubuntu host, this is likely already done. (See Setting up SSH.)
- For a Mac OS host, this means turning on System Preferences Sharing Remote Login, and preferably restricting it to only your username. If connections are refused, try turning off the appfirewall (System Preferences Security Firewall Allow all connections) for the first ssh connection, then re-enabling it.
- Not possible on a Windows host – use Remote Desktop instead of VNC.
B. Set up vncserver on the host
- For a CSAIL Ubuntu host:
- install with
sudo apt-get install tightvncserver - run with
longjob vncserver :0- if you omit “longjob”,
vncserverwill refuse connections with “configuration error” as soon as your Kerberos+AFS credentials expire (or as soon as you close the SSH session that started VNC) - if you get “host:0 is taken”, increment to vncserver argument to :1 and port (below) to :5901
- this will ask you for a password only the first time. If
you’ve forgotten it,
rm ~/.vnc/passwd
- if you omit “longjob”,
- install with
- For a Mac OS host:
- System Preferences Sharing Screen Sharing occasionally works (and then only with a TightVNC client)
- Vine Server (OSXvnc) usually gives better results. Under Authentication, set “Require remote login (SSH)” to YES.
- For a Windows host, suggest using Remote Desktop instead. Otherwise:
- TightVNC server
- UltraVNC server
- For a VitualBox OSE (4.2 or higher) virtual machine:
- Configure the VNC extension pack (only once per host system/user
account):
VBoxManage setproperty vrdeextpack VNC. - Shut the VM down if it’s currently running.
- Configure the VNC server IP address and port:
VBoxManage modifyvm <var>VM-name-or-UUID</var> --vrdeaddress 127.0.0.1 --vrdeport 5900 --vrde on. - Set a password for the VNC server:
VBoxManage modifyvm <var>VM-name-or-UUID</var> --vrdeproperty VNCPassword=<var>mypassword</var>. - Start the VM in headless mode:
VBoxManage startvm <var>VM-name-or-UUID</var> -type headless.
- Configure the VNC extension pack (only once per host system/user
account):
C. Establish ssh tunnel on the client
- This step is not necessary if your VNC client has integrated
tunneling support. Chicken (for Mac OS) and TightVNC are known to
support automatic
sshtunneling. - CSAIL Ubuntu client, Mac OS client (if not using Chicken or
TightVNC):
ssh YOU@HOST.csail.mit.edu -L5900:localhost:5900 - Windows client:
- Install PuTTY. Also see: Installing Kerberos For Windows.
- In PuTTY Configuration Connection SSH Tunnels,
enter “Source port”
5900, “Destination”localhost:5900, then click “Add.” - In Session, enter “Host Name:”
HOST.csail.mit.edu, “Saved Sessions:”HOST, and click “Save.” - Double-click
HOSTto connect via SSH with the tunnel. (Only this last step needs to be repeated for future connections.)
- iOS client (iPhone, iPad, etc): use a combined SSH+VNC client
- with iSSH: Add Configuration (fill in Description, Host, Login) choose SSH then VNC, then enter your VNC password Save.
D. Connect using VNC client
- CSAIL Ubuntu client:
- for example, install with
sudo apt-get install xtightvncviewerand run withxvncviewer -via <var>remotehost</var> localhost:0
- for example, install with
- Mac OS client:
- Use Chicken (a fork of “Chicken of the VNC”)
- In the connection dialog, enter
localhostfor the hostname, check the box labeled “Tunnel over SSH”, and enter the remote SSH server name in the “SSH Host” field.
- Windows client: use any of the below to connect to
localhost:0- TightVNC
- UltraVNC
- iSSH: tap configuration name to connect; enter SSH password when prompted.
E. Destroy your VNC session (optional)
- CSAIL Ubuntu host:
vncserver -kill :0 - Mac, Windows: switch to VNC Server window and choose “shut down” or similar.