University of California at Berkeley
           Department of Electrical Engineering & Computer Sciences
                         Instructional Support Group

/share/b/pub/vnc.help

                                                               Oct 11, 2006

VNC over SSH tunnels in UNIX
----------------------------

Here's the quick guide on how to run VNC securely over SSH Tunnels.  There
are VNC products that include encryption, but those cost money and we don't
support their use on instructional servers.  VNC ports will be detected by
campus and department scanners and we will have to kill any and all services
detected by the scanners.

VNC can be securely run through an SSH tunnel in a three (3) step process.

First, you will need to start an ssh connection and set up tunneling.

Second, you will need to start the VNC server at the remote station, telling
it to only accept connections through the tunnel.

Third, you will need to connect to your local machine with your vnc client.

When VNC is run this way you connect to your local machine through a secure,
encrypted tunnel.  This, however will produce a slower connection than a
normal unencrypted VNC channel.

Directions may be found on the internet :
     http://www.google.com/search?hl=en&lr=&q=vnc+ssh+tunnel&btnG=Search


VNC over SSL tunnels on Windows
-------------------------------

The only difference here is that an OpenSSL service is started on instead 
of SSH.  Remote desktop is faster and easier, so instructions will not be 
provided.

We do not allow students to run VNC on our windows systems.  You would be
monopolizing our workstations.  As an alternative, we do allow remote 
desktop connections for instructional users on iserver2.eecs.berkeley.edu.  
We also allow cs150 to use kramnik.eecs.berkeley.edu.  Non-instructional 
users in the department may use the department's remote desktop server, 
winterm.eecs.berkeley.edu.