Tunneling VNC over SSH through Internet.

[stex2005]

Hello everyone,
I'm a newbie here so please be patient

I'm going to remotely control through Internet a RasPi with VNC.
I've just configured VNC and SSH remote control through internet and they work fine.
I have forwarded 22 port (SSH) and 5901 (VNC) port on my router correctly.

As the VNC connection is unencrypted I would like to tunnel it over SSH to secure it but i don't know how to do it.
I googled some guides but they all use a Linux client in local connection.

Here is my configuration:

RasPi connected in local to 192.168.1.150

Tight VNC Server correctly installed on RasPi, at boot up a X server is started at :1 (port 5901)

port 22 and 5901 forwarded to 192.168.1.150

my IP is determined by a no-ip ddns service: example.no-ip.com

Real VNC client correctly installed on Windows 10 Client.

PuTTy correctly installed on Windows 10 Client.

As I sad I correctly manage with SSH and VNC through Internet, the only problem is that I can't make VNC connection secure by tunneling it over SSH.

Please help
Stefano

[rayjoh]

Something like this. In putty navigate to Connection-SSH-Tunnels.

Code: Select all

Source port:  5901
Destination:  192.168.1.150:5901

Press "Add".
Source port is port forwarded from the computer where you run putty.
Destination is hostname and port as used if you run vnc client on the server where you login via putty.
Login to RasPi and point your vnc client to localhost:1.
You can then remove port forward of 5901 in your router.

[stex2005]

Something like this. In putty navigate to Connection-SSH-Tunnels.

Code: Select all

Source port:  5901
Destination:  192.168.1.150:5901

Press "Add".
Source port is port forwarded from the computer where you run putty.
Destination is hostname and port as used if you run vnc client on the server where you login via putty.
Login to RasPi and point your vnc client to localhost:1.
You can then remove port forward of 5901 in your router.

Thank you for your reply.
This should work while accessing the RasPi from the local net, what about when I access the RasPi through a DDNS from the Internet?

Thank you in advance

[rayjoh]

No problem. All TCP traffic between port 5901 on pc client and vnc server is tunneld via putty to/from the host you login to. The vnc client believes that the vnc server is running on your PC and the vnc server believes that the vnc client is running on the host you login to from putty. You loose the vnc connection if you logout from the ssh server.

You can google putty ssh tunnel vnc if you want to read more. Here is an example.
http://helpdeskgeek.com/how-to/tunnel-vnc-over-ssh/

[stex2005]

No problem. All TCP traffic between port 5901 on pc client and vnc server is tunneld via putty to/from the host you login to. The vnc client believes that the vnc server is running on your PC and the vnc server believes that the vnc client is running on the host you login to from putty. You loose the vnc connection if you logout from the ssh server.

You can google putty ssh tunnel vnc if you want to read more. Here is an example.
http://helpdeskgeek.com/how-to/tunnel-vnc-over-ssh/

You got the point. Thank you so much.