Using VNC To Access CS Linux Computers

VNC (Virtual Network Computing) is supported as a method for remotely accessing our Linux Clients. Because VNC does not, by default, provide a securely encrypted network connection, you will need to tunnel your connections through SSH. Instructions for doing so are below.

Please keep in mind that our Linux clients are for everyone's use and graphical programs can use many system resources. Do not leave VNC sessions running unless you're actively using them. We reserve the right to terminate idle sessions in order to free up resources for others' use.

First Steps... Starting the VNC Service on the Remote Computer

You can start a VNC server by logging in to the remote system and running the vncserver program from a command line. It will print a message similar to the following:

New 'gradx.cs.jhu.edu:1 (account)' desktop is gradx.cs.jhu.edu:1

The :1 gives the X display number for your session. It will usually be 1, but might be higher if there are other graphical sessions active on the system.

If this is the first time you've run vncserver, it will prompt you for a password to use when connecting with a client. You can use anything you like here; it doesn't have to be the same as your CS account password. Be aware that the password is stored in a file in your home directory. By default, no one but you can read that file, but if its permissions are changed at some point, others might be able to read the password you set for your VNC sessions.

Note: The password is needed because of the way VNC works. Anyone who can log in to the system can connect to any VNC session running on the system, regardless of who started that session. The password ensures that only you can use your sessions.

When you're done with your session, run vncserver -kill :1 (where ":1" is whatever display number you're actually using).

Tunneling Your VNC Session through SSH

You must tunnel your VNC session through SSH for remote access to our our CS Linux computers so that your session is secured. To connect to the remote linux system, you will have to set up an SSH TCP tunnel to the port the server is listening on. That port number is 5900 plus the X display number, so it will most often be port 5901.

Some VNC clients now support SSH tunnelling natively; if there's an option for that in your VNC client, you don't need the instructions on the rest of this page.

Otherwise, the process for tunneling through ssh can be different, depending upon which local operating system (Windows, Mac, Linux) you are using. Each method is described below.

Windows SSH Tunnels

Windows does not have a built-in SSH client, but PuTTY is a reasonable, free Windows client. If you're using a different client, you'll have to consult its documentation on how to tunnel TCP ports.

When you start PuTTY, put the name of the system where you're running VNC into the "Host Name" field. "Protocol" should be set to "SSH" and "Port" should be 22.

In the left-hand pane, open the "Connection" tree and the "SSH" tree below that. Click on "Tunnels". The window will show, among other things, a "Port forwarding" section. Under "Add a new forwarded port:", put in the appropriate source port (e.g. 5901). For "Destination", use "localhost:5901", where "5901" is the actual port you're using. Make sure "Local" is checked below that and then click the "Add" button.

You can now click the "Open" button at the bottom of the window. A new window will open and you will have to log in to the system in that window. You don't need to use this window for anything else, but you must leave it open for as long as you want to be connected to the VNC server.

Now, open your VNC client. (If you don't have one, you can use TigerVNC.) Tell it to connect to "localhost:1", where ":1" is the X display number that your server is using. Type in the password you gave when setting up the VNC server and you'll be connected.

When you're done with your VNC session, you can close the PuTTY window.

Mac SSH Tunnels

OSX has a built in command line SSH client. To use it, open Terminal and type something like the following:

ssh -L 5901:localhost:5901 account@gradx.cs.jhu.edu

You should replace both occurrences of "5901" with the actual TCP port your VNC server is using; you should replace "account" with the name of your CS account; and you should replace "gradx" with the name of the system on which you're running your VNC server.

After you log in, you will have to leave the ssh session running for as long as you want to be connected to your VNC server.

Once ssh is running, open your VNC client. (If you don't have one, one suggestion is Chicken.) Connect to "localhost:1", where ":1" is the actual display number used by your VNC server. Type in the password you gave when setting up the VNC server and you'll be connected.

When you're done with your VNC session, you can log out of your SSH session.

Linux SSH Tunnels

Linux's SSH client works almost exactly like OSX's, so you can follow the #Mac SSH Tunnels instructions, except that you will be using a different VNC client. If you don't have one installed already, you can try TigerVNC or vinagre.