How to Use VNC with SSH Tunnel to Access a Linux Machine
VNC (Virtual Network Computing) has been used as the mainstream method for accessing a Linux machine's desktop environment remotely for more than a decade. There is an alternative called SPICE which brings some advantages and disadvantages compared to VNC. Neither VNC nor SPICE can stream the graphics as smooth as the Microsoft RDP in our experience so far. But having VNC is better than nothing when your computing experiments can benefit from having some visualizations, for example deep reinforcement learning experiments with video games. This article will show you how to set up a VNC viewer/client on your local computer to access a Linux machine provided by the Hanlon Financial Systems Laborotaries (Hanlon Labs) as an example. The SSH tunnel is required because we typically don't not allow VNC connections without encryptions.
If your local computer is a Linux (for example Ubuntu) machine, Remmina is recommended as the VNC client.
Before you can access a machine provided by the Hanlon Labs through VNC and SSH tunnel, you will need to receive the following information and confirmation from the administrators.
- VNC server IP/Hostname and port number.
- VNC server username and password if password is set in the VNC server. In the example below, password is not set in the VNC server.
- Your public key has been deployed into the remote Linux machine for SSH authentication. We, by default, do not enable password authentication for SSH for better security.
- Your username and password of the remote Linux machine. Your Linux user needs to have password enabled because you will need it to unlock the screen when it is locked. This is adding a layer of security when VNC is enabled.
Next, you will need to put "localhost:5900" in the Server of Basic tab. The localhost means you are connecting to a VNC server that is listening on "localhost" because, after the SSH tunnel is established, your local computer and the remote Linux machine will be connected as one "localhost". The port number 5900 needs to be replaced with the VNC port number you received from the administrator. The Username and User password will be empty in this example.
In the SSH Tunnel tab, click on "Enable SSH tunnel" and put the hostname or IP of the remote Linux machine in the "Custom" followed by ":22" which is the default SSH port. Since your user is ready to use key pair authentication in the remote Linux machine, you can put your username received from the administrator and specify the path to your SSH private key file and check the box for "SSH private key file".
Click on "Save and Connect" and you should see a window with the remote desktop environment in it. Sometimes you will need to "Toggle scaled mode" in Remmina because the resolution on the remote Linux machine is too high or too low for your local computer.