VNC is the method we can use to remotely control our Ubuntu computer (now also an SSH server) [see SSH Basics & Server Setup]. In the administration section of the Ubuntu computer you will find a GUI to help set up your VNC over your local network (ticking boxes and assigning a password).

Once you have that set up, you can then VNC to your server (now a SSH/VNC Server & Ubuntu Desktop) with a program such as Tight VNC on windows or Mac’s built in VNC client, simply point your program (VNC Client) to your Servers internal IP address (assuming your on the same network, 192.168.1.??) and choose the port number (a hole in your computers firewall to let data through) for example I would point my VNC client to as port 5900 is the default VNC port.

VNC has its disadvantages, anyone clever enough to control simple sniffing software can see nearly everything your doing; sending passwords, your screen etc. As VNC (by default) has no encryption so all of the data pumping through that port 5900 can be clearly visible to anyone (wich is fine if its on your home network, but not suitable for the big wide world of the internet). To solve this problem we create a SSH tunnel (a connection between us [client] and the computer [server]) and pipe the VNC through that, now know one can see what we are up to.

You can find out more about configuring your VNC at

BTW: to enable standard VNC access on the internet (so you can VNC to your server from anywhere) you just need to forward the port 5900 on your router. There is some general advanced help about port forwarding here but it’s rather quite simple, just dial into your router with (normally) in any web browser and fumble your way around. However this does now mean that people on the internet (not just your home network) can clearly see what you are doing with your VNC, as VNC is very insecure.

Same goes with SSH, if you want to SSH to your sever from anywhere in the world and pump anything through that SSH (like VNC) just forward the port 22 on your router as that is the default port for SSH. Just to let you know if you are planning to VNC through a SSH tunnel (the safer option) you do not need to forward VNC port(s) as it is all squished through the SSH tunnel on port 22.

Now we have SSH and VNC up and running (whether that be over the internet or over our local network) we can now VNC through our SSH.

VNC through SSH

To VNC through SSH, we need to connect to the SSH server and tell it to send the VNC connection through our SSH tunnel and onto out computer (client).

From a Linux or Mac terminal, we execute…

ssh username@hostname -L 9999:localhost:5900

That code explained; shh invokes the SSH client program, we tell it what computer to connect to the server with username@hostname [see SSH Basics & Server Setup for more information], the “-L” tells the SSH program that we are going to start a local port forwarding. We tell it to send port 5900 on localhost (the server we are connected to) to our computers port 9999, you can use any port number instead of 9999 as long as it is not in use by another program.

More on local port forwarding with SSH here

Once we have entered the password, We load our GUI VNC Client and point it to:

On Mac, Go to Finder > Connect to Server and enter


As you can probably tell from the command we are telling our computer to VNC to its self, normally this would fail however we have had the VNC port forwarded from the SSH server through the SSH tunnel to our computer.

Happy remote desktoping.

EDIT: I suggest you take a look at our new post about SSH security.


One thought on “SSH & VNC…

Leave a Reply

Your email address will not be published. Required fields are marked *