Using VNC and SSH Tunnel Manager on a Mac

Simple Tutorial

Last updated March 4, 2007

by Jeffrey Kline

This is now on my "Blog" (to allow comments and questions)

After many months of frustration and struggle I have finally found/figured out how to use SSH Tunnel Manager to create a secure way to log into my home computer while on the road with my Mac iBook. I pieced this together from several tutorials. The most helpful tutorial was located at a nice blog entry by Kieran Kelleher. I cannot find any contact info on his website so I cannot ask him if it is ok to link.

I am not a unix expert nor am I an expert on SSH or even VNC, but I know enough to understand that VNC is not secure and that sometimes I need access my home computer while on the road. I also do not claim this is a secure method. My understanding is that it is a secure connection that allows you to access your local machine without anything traveling across the internet in the clear.

Terms I am going to use:

Client - this is the computer that you use to log into the Server. For me this is my iBook, that I am using from the road.

Server - This is the machine that you need to be able to access from a remote location. This does not have to be an actual server. But you do have to have a static IP or a known DNS or address like one available through dyndns.org.

This is the software that you need to get:

SSH Helper - This is the software that allows management of SSH keys that allow the two computers to talk to each other securely. Install on the client machine. Make certain that you establish a good password for the Key's.

Chicken of the VNC - This is a GNU GPL software that runs well and is a VNC client. Install this on the client computer.

Vine Server (OSXVnc) - This is a GNU GPL VNC Server that you run on the Server machine.

SSH Tunnel Manager - This is the software that allows you to create secure, encrypted ssh tunnels between the client computer and the server. SSH Tunnels are explained in the documentation available here. Install this on the client machine.

Steps:

You have to first create encryption keys that will allow the ssh tunnels to be created. Documentation for SSH Helper is available here. Follow the tutorial and create the keys and transfer the public key to the server as instructed.

Next

You have to understand IP numbers and networks. There is a tutotrial here at "howstuffworks.com"and here and here. Basically you have to understnad that your connection to the internet is what I call an extrenal IP address. But your network behind the router uses a private network IP address (10.x.., 172.x..., or 192.x...). If the server is behind a router then you have to understand it's internal IP and what the network's external IP address is.

If the server is behind a router or a wirless router like an Airport base station you have to set Port Mapping. If you have only one machine (server) directly connected to the Internet then you do not have to make these settings, but unless the machine is directly connected to the cable or DSL modem then there is a router of some sort and port mapping is necessary.

My sever is connected to an Airport so I set Port Mapping to direct SSH enquiries to the correct machine on the network. Do not set VNC ports (5900 or 5901) because you do not want those ports open, you jsut want to use SSH ports (21, 22).

Open the Airport Admin Utility. Go to Port Mapping. I use these settings. I only Port Map SSH connections (Port 22), because they are secure. Point the Ports to the Server (whatever it's local address is).

airport

Install Vine Server on the server machine.

Set it up as follows:

Here are the settings I use. The Display name can be anything.

vine_connect

vine_system

 

Note below that you allow only local connections this prevents you from leaving open VNC ports that are insecure. You are essentially only allowing the VNC server to be assessed from inside your network. When you create a Tunnel you are tunneling into the network. Someone would have to be able to create there own SSH tunnel to your server, which they cannot do if you use the encryption keys and do not give out your private key (or its password).

sharing

 

vine_startup

 

After configuring Vine. Go to your client machine and open SSH Tunnel Manager on the Client Machine

This is the part that confused me. But these are the settings.

ssh_tm

Host is the IP or the DNS Name of the Server. LAN Host has to be 127.0.0.1 (not localhost). These settings allow you to connect to the server through port 22 (SSH), with an encrypted connection (the keys generated earlier) and no one can read your connection or grab what you are typing. It is all encrypted.

Close this window and open the connection.

sssh_connection

Click on the small Arrow Head on the left. That will begin the connection.

When you start the connection you should first be prompted for a password to access your Key (the key that you created earlier with SSH Helper). Then you should be prompted for the login password for the Server Machine (your username password). I have found that creating the SSH tunnel takes 30 seconds to 1 minute. It is not instantaneous. It takes at least 30 seconds for the first password. Another 10 seconds for the second password.

After Tunnel is "Connected" then...

Last step. While on the Client Machine open Chicken of the VNC. Set it up like this.

cot_vnc

 

The Password is the password used in the VINE Server software. When you hit connect a window will open up. You will now see your desktop.

Make certain the Server does not go to sleep. If it is a sleep it will not wake up and get the connection. If the screen is password protected with a screen saver you will be able to just type in the password like you normally do.

Email me with corrections or questions.

Copyright © 2007 Jeffrey S. Kline
All Rights Reserved

My Day Job
www.jklinephd.com