VNC and SSH Port Forwarding

To run graphical applications on ARSC systems remotely, the Virtual Network Computing (VNC) application is available and provides some advantages beyond using X Windows over SSH, such as a detachable session and better performance over a slow speed conenction. This article provides basic set up information required for this approach.

***Important Note: Please follow all of these steps with each new VNC session.***

Step 1: Install VNC on your local system

There are many different VNC viewer programs available with unique interfaces and features. The application installed on ARSC systems is TigerVNC.

MAC users can use the built in Apple "Screen Sharing" as a VNC client and do not have to install an additional client.

After installing the software, make sure ports 5900 and 5901 are open to allow VNC traffic through your local firewall.

Step 2: Setup port forwarding over ssh for the VNC session

On Linux or MAC systems:

localsystem $ ssh -L 5901:localhost:5901 username@pacman13.arsc.edu

On a Windows system:

You can setup a SSH tunnel with PuTTY on Windows.:

  • On the left side of the PuTTY dialog box when you open PuTTY, go to Connection->SSH->Tunnels
  • in Source Port enter 5901
  • in Destination enter pacman13.arsc.edu:5901
  • Click Add and you should see the following in the list of forwarded ports:

L5901 pacman13.arsc.edu:5901

Step3: Connect to the ARSC system and start the VNC server

Log onto the ARSC system over SSH and specify the appropriate ports for VNC client (your local system) and server (remote ARSC system) communication.  

Launch a VNC server instance on the remote ARSC system.  The initial vncserver instance will prompt you for a password to protect your session.  Subsequent launches of the vncserver will use the same password and you will not be prompted for a password.

 
pacman13 % vncserver -localhost

You will require a password to access your desktops.

Password:
Verify:

New 'pacman13:1 (username)' desktop is pacman13:1

Creating default startup script /u1/uaf/username/.vnc/xstartup
Starting applications specified in /u1/uaf/username/.vnc/xstartup
Log file is /u1/uaf/username/.vnc/pacman13:1.log

Step 4: Open VNC on your local system

Launch Apple "Screen Sharing" on a MAC:

The Apple "Screen Sharing" connect to server dialog can be accessed with {apple key} K or Finder - Go - Connect to Server.  Use "vnc://localhost:5901" as the "Server Address".

Launch VNC on Windows from the menu or a launcher icon:

On Windows the VNC application should have installed a launcher somewhere in the menus and may have also installed an icon on the desk or start bar depending on options you chose when installing. Use the menu or icon to start VNC.

Launch TigerVNC on a Linux machine from the command line:

Launch your VNC viewer program and connect to host "localhost" and port 5901.  The example below shows how to launch the client using TigerVNC.

localsystem $ vncviewer localhost:5901 

If you are using the TigerVNC GUI, enter "localhost:5901" into the "VNC server:" box then click the "Connect" button.  You will then be prompted for the password created in Step 2.  If your local VNC client connects successfully, you will then see your desktop on the remote pacman login node.

Your circumstances might require the use of different ports due to firewall issues or if you are running more than one VNC server session on the remote system. (Other people on the system might be running their own sessions as well and occupying the ports.) If this is the case, you may need to specify port 5902 or 5903.

To determine whether the VNC viewer has successfully connected, check the log file noted when the vncserver was started on the remote system.

After starting the server, the options exists to log out and back in again using different port forwarding parameters.

Note that some VNC viewer programs can automatically set up the SSH port forwarding through a command-line flag such as "-via" or some option in a graphical configuration menu.

Step 4: When finished, close the VNC session

To close your VNC session, view the open sessions then close the appropriate open session on the remote ARSC system.

pacman13 % vncserver -list

TigerVNC server sessions:

X DISPLAY #     PROCESS ID
:1                    252550

pacman13 % vncserver -kill :1

Troubleshooting

Orphaned Session

If a previous VNC session remains open on the remote ARSC system, that old session will need to be closed prior to establishing a new connection using the same port.  To identify and kill the old session first obtain the processID of the "Xnvc" process, then issue the kill command.

pacman13 % ps -elf | grep username | grep Xvnc

0 S username    236193      1  0  80   0 - 24842 poll_s Nov09 ?        
        00:00:10 /usr/bin/Xvnc :1 -desktop pacman13:1 (username) 
        -auth /u1/uaf/username/.Xauthority -geometry 1024x768 
        -rfbwait 30000 -rfbauth /u1/uaf/username/.vnc/passwd 
        -rfbport 5901 -fp catalogue:/etc/X11/fontpath.d -pn -localhost

pacman13 % kill 236193

Reset Server Password

To change the password for vnc server, run the 'vncpasswd' command on the system hosting the vnc server.  The manual page for this command is available online at http://linux.die.net/man/1/vncpasswd

More Information

Run "vncserver --help" and "man vncserver" for more information on how to use the application.

Back to Top