Instructions for Use of VNC via SSH to access Linux under MS Windows at Dowling College

Created by Georgi Kichukov in March 2002
Revised by Herbert J. Bernstein in September 2002


This page gives step-by-step instructions for the use of VNC and/or Putty via SSH to access Linux under MS Windows at Dowling College. Corrections, clarifications and suggestions for improvement to these instructions would be greatly appreciated. -- H. J. Bernstein yaya@dowling.edu.

These instructions were created after reading the excellent documents at http://www.uk.research.att.com/vnc/sshvnc.html on "Making VNC more secure using SSH" and http://www.uk.research.att.com/vnc/sshwin.html on "SSH-protected VNC: the case of the Windows client and the Unix server". The second page was written by Frank Stajano.

What is VNC?

To quote from its home page http://www.uk.research.att.com/vnc/:

VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
In order to use VNC, you run a copy of vncserver on the computer that will generate images to be displayed and a copy of vncviewer on the compute that will actually display those images. The program works very well, but these days it is important to worry about people snooping VNC traffic and extracting passwords or other confidential information. A practical solution to this problem is to combine VNC with a special protocol that encrypts VNC's traffic.

What is SSH?

SSH is an alternative to telnet and rlogin which provides a secure mechanism to log into a remote computer. It was defined by T. Ylonen in "The SSH (Secure Shell) Remote Login Protocol", (see http://www.free.lp.se/fish/rfc.txt). SSH is now the default standard (at least in the academic world) for secure terminal connections. It is available in both open source (http://www.openssh.org) and commercial (http://www.ssh.com) versions. For secure communications from Windows, the most commonly used version of SSH is called Putty (see http://www.chiark.greenend.org.uk/~sgtatham/putty/). However, in order to use SSH to protect VNC, we need an SSH feature called local port forwarding, which is not provided by Putty. Therefore, we also make use of a second windows version of SSH from http://akson.sgh.waw.pl/~chopin/ssh/index_en.html, which provides local port forwarding.

If you are on the road without convenient instructions, an easy way to get a copy of Putty is just to do a Google search on the phrase "putty download".

Steps to set up a Windows System to use VNC or Putty via SSH.

Step 1: Download Putty (if you don't have it already)
Note: Putty it is available at the labs in Dowling.

Go to: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Scroll down to: "For Windows 95, 98, ME, NT, 2000 and XP on Intel x86" and
Click on putty.exe to start downloading it.

Step 2: Dowload Pscp (if you don't have it already)
(Pscp, part of the Putty package, is needed to transfer files securely between systems).
Go to: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Scroll down to: "For Windows 95, 98, ME, NT, 2000 and XP on Intel x86"
Click on pscp.exe to start downloading it. Save it in the same directory as Putty.
If you are only going to need text-oriented connections, without graphics (e.g. to just run python or java compilers), and don't need a graphics connection, Putty and pscp are probably all you need.
Step 3: Download VNC both for Linux and for Windows

Note: VNC Viewer is already installed in the labs at Dowling. VNC for Linux is already on arcib.dowling.edu.
Go to: Fill in the form, and move on the to download page and download.

Step 4: Ensure that your Linux system has a vnc server installed. Skip this step is the system you are using already has vncserver.

Step 5: Running PSCP PSCP is a command line application. This means that you cannot just double-click on its icon to run it and instead you have to bring up a console window. With Windows 95, 98, and ME, this is called an "MS-DOS Prompt" and with Windows NT and 2000 it is called a "Command Prompt". It should be available from the Programs section of your Start Menu. To start PSCP it will need either to be on your PATH or in your current directory. So make the directory where you saved Pscp (when you downloaded it above) your current directory by using the cd command.

For example: If your current directory is c:\WINDOWS and the directory where Pcsp is c:\putty you would type:

cd..

to go up one level and then cd putty to go to putty directory..

PSCP Usage: Once you've got a console window to type into, you can just type pscp on its own to bring up a usage message. This tells you the version of PSCP you're using, and gives you a brief summary of how to use PSCP:

(PSCP's interface is much like the Unix scp command, if you're familiar with that.)

To receive (a) file(s) from a remote server:
pscp [options] [user@]host:source target

So to copy the file /etc/hosts from our server arcib.dowling.edu as
user fred to the file c:\temp\example-hosts.txt, you would type:
pscp fred@arcib.dowling.edu:/etc/hosts c:\temp\example-hosts.txt

To send (a) file(s) to a remote server:

pscp [options] source [source...] [user@]host:target

So to copy the local file c:\documents\csh-whynot.txt to the server 149.72.28.28
as user fred to the file /tmp/csh-whynot you would type:

pscp c:\documents\csh-whynot.txt fred@149.72.28.28:/tmp/csh-whynot

You can use wildcards to transfer multiple files in either direction, like this:

pscp c:\documents\*.doc fred@149.72.28.28.com:docfiles
pscp fred@149.72.28.28:source/*.c c:\source

So here is how to upload the compressed Linux package downloaded in step 3 above from c:\temp at the local machine to the directory vnc on the remote machine. This assumes that the dirctory vnc is prevously created by typing mkdir vnc in putty.:
c:\temp\pscp *.tgz username@arcib.dowling.edu:vnc
After that type y and at then provide your password which I

step 6: Unzipping the file and running the VNC server
Skip this step is the system you are using already has vncserver.
Log in to your account using Putty and type cd vnc to go to the vnc directory.
Type: gunzip *.tgz to unzip the file. after that you will have one .tar file
Type: tar -xf *.tar to extract the files.

step 7: Starting vncserver
If you have installed VNC in step 6, or if your system manager has installed it for you, make certain that the VNC binaries and perl are in your path. Modify your .login and/or .cshrc if necessary. Then type

vncserver which should start vncserver for you. The first time you run it it will ask you to provide a password. Use something non-obvious, but make certain you remember it. You will use that password to connect. In addition, vncserver will report the display number (sonething of the form :nn) that it creates. Write that number down.


step 8: Installing and Running the VNC Viewer
Note: VNC Viewer is already installed in the labs at Dowling.
Go to start programs and select VNC viewer from the list.

If it is not installed go to the folder where you downloaded the files from step 3 above locate the file vnc-3.3.3r9_x86_win32.zip and double click on it. Your disarchiving software (assuming you have one) will open up. Usually you click on Extract and choose a directory where the vnc-viewer will be extracted to.

Go to that directory and start vncviewer.exe by double clicking on it. In the box enter 127.0.0.1, the IP of the localhost, followed by a colon and the display number nn you wrote down in step 7, such as: 127.0.0.1:53

Type your password and you are up and running an X Window Terminal.