How To Add SSH Secure VNC Viewer To Your Workstation
Last Modified: March 26, 2013
This document is also available on the WEB at
http://jilawww.colorado.edu/~software/installs/sshvnc.htm
[NOTE: Notation below referring to the “N:” drive means the samba drive served from node jilau1. Check your drive mappings and change the N: drive if necessary to be
\\jilau1\apps
]
Concept:
VNC, or Virtual Network Computing, allows one to connect to a remote machine and work on it as if you are sitting at the console. This is accomplished by a ‘server’ application that runs on the main machine. One then uses a ‘viewer’ application on a remote machine to talk back to the main machine’s ‘server’ application. This allows one to see, for example, a Linux desktop in all it’s full GUI glory on the server machine from a Windows remote machine . Think , your machine at home to jilau1. The applications pass back and forth only screen pixel changes that happen. All computing takes place on the server, only the view is handed out to the remote machine. This is done in a ‘smart’ way so as to minimize the amount of data being passed and thus the operation is quite fast, even through a wireless network or over SSH2.
By default, the connection is not secure, data is handed back and forth in the clear. Therefore we will require that all JILA related use is by SSH2 tunnel. This document describes how to set up SSH2, VNC, and how to get the SSH2 tunnel setup for use.
This is a great simplification of the process but it gives you a way to think about what is happening behind the scenes when you make the connections.
Note: You can also install a VNC Server on your local PC if you wish to connect to it via VNC, such as from your home machine or when you are on travel. This is much more complicated process but if you are interested you can see the installation information at
http://jilawww.colorado.edu/~software/installs/sshvncserver.htm
To Install:
Preliminary:
There are three parts that need to be installed, SSH2, VNC, and some DOS batch files and Windows shortcuts. These are described in order below. The default root location for all the files used to do the installs is
N:\win\sshvnc
If after reading over the following instructions you feel this is too complex, feel free to contact Alan Dunwell or anyone in the Computing group for assistance.
First Installation - SSH2: This first one is pretty involved. We are using a program called SSH2.exe which is included in the distribution of SSH Secure Shell. Other SSH2 programs may work as well (for example copssh at http://www.itefix.no/i2/node/27) but this is free and knows to work with the command line options we want to use.
NOTE: You may already have this program installed on your machine since we have been using it as our default for Windows machines for some time. Look in your Start, Programs menu for a folder called SSH Secure Shell. If it already exists then you do not need to run the self installing .exe mentioned below. However you do need to do the final step 2 in this section regarding the PATH variable.
- 1) Look in
N:\win\sshvnc\SSH-ssh.com
for the self installing .exe file. I will try to keep the latest version here, but on can always go to the web site and download the latest greatest if desired.
http://www.ssh.com/support/downloads/secureshellwks
Run this installer and take all the defaults, particularly the location of the files.
-2) The PATH environment variable must now be set to include the location of the ssh2.exe program. You need to be an Administrator or have administrator privileges to do this. Select Start Control Panel, and the System icon. Click on the Advanced tab and then the Environment Variables button. In the System Variables screen locate the ‘Path’ variable and Edit it. Go to the very end of any existing text, enter a semi-colon, and then add in the following. I suggest you cut and paste to avoid a typo.
C:\Program Files\SSH Communications Security\SSH Secure Shell
Click your way back out and close up all the Control Panel windows. You can test to see if this path is working by opening a Command Prompt (a.k.a - a DOS Window, or The Dark Place) and typing ‘ssh2'. It should find the executable and tell you that you don’t have enough parameters, etc. If you fail to get this working first try a restart of your computer and then if it still fails contact anyone in Computing to help you.
Second Installation - RealVNC or UltraVNC:
This is a lot easier. There are (at least) two options for a VNC viewer. We have been using the free version of RealVNC for a long time but it does not “Officially” support Vista or Win7, only the paid versions do that. We have found that it seems to work just fine with Win7 but is questionable with Vista. I suggest that you try to install RealVNC first and if you have troubles getting it to install then switch to UltraVNC. UltraVNC does support Vista/7 as well as earlier versions of Windows and is also free. There is a bit of a “gotcha” with UltraVNC in that it does not seem to render as well as RealVNC, the text looks a bit thready and blurred and graphics are not as good. If you can’t get the free version of RealVNC to install and UltraVNC is not sufficient for your usage, you may decide to purchase the paid-for copy of RealVNC. On the up-side, free UltraVNC and the paid versions of RealVNC allow you to select different screen resolution sizes while free RealVNC does not. I have nested the instructions for both here with the UltraVNC noted.
Again look in
N:\win\sshvnc\VNC4.x
or
N:\win\sshvnc\UltraVNC
for the executable file with the largest version number. I will try to keep this up to date but the latest version can always be downloaded from
or
double click on the desired executable and follow the install instructions. Again, take the default location of files. You can install the server, the viewer, or both. If you think you may want to connect to your PC from other machines you may install the server as well as the viewer, but only the viewer is needed for outgoing. (Server configuration is not discussed here, contact Alan Dunwell for further assistance in that process.)
Third Installation - Batch Files and Shortcuts:
I have created a few files that will assist the process of starting the SSH2 underlying tunnel and then starting a VNC Viewer session. Look in
N:\win\sshvnc
or
N:\win\sshUvnc
Right-Click Drag and Drop Copy the entire folder ‘sshvnc’ (or “sshUvnc”) so that it becomes
C:\sshvnc
or
C:\sshUvnc
Now go into that subdirectory and Right-Click on the file ‘sshvnc2jilau1’ (or ‘sshUvnc2jilau1’) and select Properties. In the Shortcut Tab and the Target entry field you will see that this is calling the DOS batch file in this subdirectory, ‘C:\sshvnc\sshvnc.bat’ (or ‘C:\sshUvnc\sshUvnc.bat’), you can read the extensive remarks section in that file if you want to know what it does. You need to modify some of the parameters on the Target line. Change the text ‘UserNameHere’ to be your login name on jilau1. If you do not have an account on jilau1 or you are making additional shortcuts to go to other machines, then modify your login name and the host name as well, but save it with a different name. The third parameter is the port number on the host machine to which you expect to connect. The default range of ports for VNC is 5900 - 5909. On jilau1 only two ports are implemented to provide two different resolutions to match your local screen resolution. Port 5901 is 1024 x 768 and port 5902 is 1280 x 1024. Enter the desired port number in the target line and save the shortcut. You may copy or move this/these shortcut(s) to your desktop if desired.
Connection Issues:
You are probably running a firewall on you local Windows machine. It is necessary to allow some ports through the firewall. You will need to add Allow status for Outgoing TCP for local and remote ports 22, 5900, 5901, 5902. If all that was so much gibberish then contact someone in Computing for help with the process.
Usage:
When you double click on one of these shortcuts two things will happen. First a DOS screen will come up that is an SSH2 tunnel to the host machine, and second a VNC Connection Details screen will pop up over that. You will need click on the DOS window first and to accept any security codes and login in to the host. This establishes the tunnel. Then click on the VNC window, enter the text ‘localhost:2’ and click OK. VNC should start and you will get the host login screen. Proceed as if it were an X-window terminal. When you are done on the host, log out as usual. This should close up the VNC session. Notice however that the DOS window with the SSH2 tunnel connection is still live. You still need to logout from that session as well by typing the word ‘exit’ in that DOS session.