How to securely access Unix-based systems from Windows with VNC

Using SSH to tunnel connections to remotely connect to Unix-based servers from Windows computers provides a quick, encrypted way to perform tasks on remote devices.

3 tips to make using ssh easier

As an IT professional, you never really know when you'll be tasked with supporting a device or operating system that's not part of your norm. To add a bit of confusion to the mix, you also don't know what constraints may be imposed on your access.

Unless you manage a strict homogeneous environment, chances are that you've come across this type of scenario before, and it likely won't be the last time either. Considering how ubiquitous initiatives such as wireless internet access and BYOD have become, it's only a matter of time before your all-Windows shop begins supporting some Apple devices before moving on to add Linux servers, and so on.

Such was the situation I found myself in recently, having to provide impromptu remote support to a mission-critical Mac server and the only device I had available was a stock Windows laptop and public (untrusted) wireless connectivity, and about a one-hour window in which to complete the remote tasks securely and with encryption.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

I accomplished the task in 38 minutes, after some fiddling with the configuration to get the devices to communicate securely. But before I divulge how I got them to talk securely over the public internet, there are a few things that will be required to ensure this all works well:

  • Windows PC with Windows 7 installed (or later), along with the following:
    • SSH client (3rd-party)
    • VNC client (3rd-party)
  • Unix-based device to remotely administer (Linux or Mac are included), along with the following:
    • IP address of the remote device
    • SSH enabled (native)
    • VNC enabled (native or 3rd-party)
  • Wired or wireless Internet access

With the hardware, software, and informational requirements met, let's proceed to configure the Windows PC for secure communication.

1. Launch your SSH client, for the purposes of this tutorial, Putty is being used as it is a free, lightweight client that is versatile, easy configure, and allows profiles to be saved for later use (Figure A).

Vigo, Jesus

2. Scroll down to the SSH node and click the "+" sign to expand the section. Click on the Tunnels node as this is the section where we'll be setting up SSH to create the tunnel whereby VNC traffic will be encrypted (Figure B).

Vigo, Jesus

3. By default, VNC traffic broadcasts over port 5900. However, when using multiple displays, ports 5901-5902 may be used to connect. Configure the SSH tunnel using the correct port for your environment, and prefix the port with "localhost:". This will cause all traffic running only on that port to pass through your Windows PC and communicate with the destination server through the encrypted tunnel. Click the Add button to configure the forwarded port(s) (Figure C).

Vigo, Jesus

4. Once the tunneling settings are added, go back to the Session node and ensure the radio-button next to SSH is ticked. In the host name box, enter the name of the destination device or its IP address, and ensure the port is set to 22 (Figure D).

Vigo, Jesus

5. With the correct settings in place, click the open button and a terminal window will appear with a prompt to authenticate. Upon entering the proper credentials, the SSH tunnel will be established with the remote system to keep your data transmissions private (Figure E).

Vigo, Jesus

6. Next, with the tunnel established, launch the VNC client. In this example, UltraVNC Viewer was used. Configure your data speeds through the quick options, and set the screen resolution for the VNC window. Lastly, enter the hostname and port used previously in step 3, in this example "localhost:5900". Then, click the Connect button to execute the final step in connecting remotely with the destination device (Figure F).

Vigo, Jesus

Also see:

Have you ever had to remotely connect to a system in a pinch? What methods worked for you, allowing the issue to be resolved? Share your stories with us below.

Image: iStock/sarayut

By Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...