如果您使用虚拟网络计算(Virtual Network Computing)( VNC ) 协议连接到远程桌面,您的连接可能不安全。一些VNC客户端,例如流行的TightVNC,在初始登录阶段之后不会加密您的连接。要解决此问题,您可以通过安全外壳(Secure Shell)( SSH ) 隧道建立VNC连接。
SSH隧道不仅为VNC提供完全安全的连接,而且还允许您在典型的VNC端口(端口 5901)被阻塞时使用VNC连接。(VNC)一些公司网络会为了额外的安全性而阻止端口 5901 等常见端口,因此通过SSH建立(SSH)VNC隧道可以让您绕过这个问题。
设置 PuTTY(Setting Up PuTTY)
得益于Windows PowerShell(Windows PowerShell) , Windows 10 确实内置了SSH客户端,但这只是最近的开发。如果您想知道如何通过SSH建立(SSH)VNC隧道,建议您使用PuTTY连接到您的SSH服务器。
PuTTY提供了一个图形用户界面,可以轻松配置该界面以允许您通过连接隧道连接其他软件,例如您的VNC查看器。为此,您需要在您希望通过VNC连接的远程桌面 PC 或服务器上安装合适的(VNC)SSH服务器。
- 首先,下载PuTTY并打开客户端。
- 主会话(Session )菜单允许您键入服务器 IP 地址或主机名。在主机名(或 IP 地址)(Host Name (or IP address))文本框中输入您的SSH服务器地址。如果您的SSH端口与标准端口 22 不同,请在端口(Port)框中键入此端口。
- 您还需要保存此会话,因此在Saved Sessions文本框中,为您的(Saved Sessions)SSH连接添加一个合适的名称,然后单击Save按钮。
- 在左侧菜单中,展开Connection选项卡,然后对SSH执行相同操作。点击隧道(Tunnels)。
- 在Tunnels菜单的(Tunnels)Port forwarding部分,您将提供详细信息以允许PuTTY通过(PuTTY)SSH建立您的VNC连接。在源端口(Source port)文本框中,输入 5901。在目标(Destination)文本框中,输入您的远程 IP 地址:5901(remote IP address:5901),使用远程桌面 PC 或服务器的 IP 地址。例如,192.168.1.100:5901 将是合适的。
- 返回“会话”(Session)部分,单击“已保存会话”下的已保存会话名称,(Saved Sessions)然后单击“保存(Save)”以保存设置。
- 准备好PuTTY设置后,单击底部的打开建立(Open)SSH连接。当PuTTY(PuTTY)进行尝试时,您将需要插入建立SSH连接所需的用户名和密码。
- 登录过程完成后,您将可以访问远程桌面的SSH终端窗口。
激活到远程桌面服务器的SSH隧道后,您现在可以建立VNC连接。您可以使用您选择的任何VNC客户端,但本指南将介绍如何使用TightVNC进行连接,这是一款适用于(TightVNC)Windows和Linux的流行且免费的VNC客户端。
您可以在连接处于活动状态时最小化PuTTY 。
使用 TightVNC 连接(Connecting Using TightVNC)
如果您的SSH连接处于活动状态,则使用TightVNC进行连接非常简单。这假定您的VNC服务器正在远程 PC 或服务器上运行。
- 打开 TightVNC 开始。在Connection部分中,在Remote Host文本框中键入localhost::5901或127.0.0.1::5901 。PuTTY正在监视此端口,并在尝试时自动将此连接转发到您的远程服务器。
- 您可以通过单击选项进一步配置您的(Options)VNC连接,但如果您准备好连接,请单击连接(Connect)。
- 系统将要求您提供VNC服务器密码,因此请在VNC 身份验证(VNC Authentication)弹出窗口中提供此密码,然后单击OK。
如果您的SSH连接正常工作,TightVNC应该会加载您的远程VNC桌面窗口,供您使用。
支持隧道的 SSH 客户端(SSH Clients With Tunneling Support)
虽然TightVNC是用于VNC连接的流行Windows客户端,但它不支持客户端内部的SSH隧道,需要您使用(SSH)PuTTY进行连接。
但是,其他VNC客户端确实在客户端本身内包含(VNC)SSH隧道。一个例子是SSVNC,虽然它是基本的,但会在建立VNC连接之前通过SSH进行隧道传输。(SSH)Windows和Linux操作系统支持SSVNC 。
- 打开SSVNC客户端,然后在SSVNC客户端主窗口中填写必填字段。在VNC Host:Display下,键入SSHusername@remoteIPaddress:1. 将SSHusername替换为您用于SSH连接的用户名,并将remoteIPaddress替换为您的远程桌面 IP 地址。例如,[email protected]:1。
- 确保在连接之前选择使用 SSH(Use SSH)或SSL+SSL 选项。准备好后,单击“连接(Connect)”按钮。
- 系统会在弹出的终端窗口中询问您的SSH密码。(SSH)提供您的密码,然后按键盘上的 Enter 键。
一旦SSH隧道处于活动状态,您的VNC连接将开始,您的VNC客户端窗口应该会出现,您可以在其中开始使用远程桌面。
虽然默认情况下VNC连接未加密,但 Microsoft 自己的远程桌面协议 已(is)加密。如果您运行的是Windows并且计划连接到远程Windows PC 或服务器,则可以改用远程桌面连接(Remote Desktop Connection)工具进行连接。
How to Tunnel VNC over SSH
If you’re connecting to a remote desktоp using the Virtual Network Computіng (VNС) protocol, your connection might not be ѕecure. Some VNC clients, like the poрular TightVNC, don’t encrypt your connection beyond the initial sign-in stage. To get around the problem, you can tunnel a VNC connection over a Secure Shell (SSH) tunnel.
Not only does an SSH tunnel provide an entirely secure connection for VNC, but it also allows you to use VNC connections when the typical VNC port (port 5901) is blocked. Some corporate networks will block common ports like port 5901 for extra security, so tunneling VNC over SSH would allow you to get around this problem.
Setting Up PuTTY
Windows 10 does have an SSH client built-in, thanks to the Windows PowerShell, but this is only a recent development. If you want to know how to tunnel VNC through SSH, it’s recommended you use PuTTY to make the connection to your SSH server.
PuTTY offers a graphical user interface that can easily be configured to allow you to tunnel other software, like your VNC viewer, over the connection. For this to work, you’ll need to have a suitable SSH server installed on the remote desktop PC or server you’re looking to connect to over VNC.
- To start, download PuTTY and open the client.
- The main Session menu allows you to type your server IP address or hostname. Type your SSH server address in the Host Name (or IP address) text box. If your SSH port is different from the standard port 22, type this in the Port box.
- You’ll also want to save this session, so in the Saved Sessions text box, add a suitable name for your SSH connection, then click the Save button.
- In the left-hand menu, expand the Connection tab, then do the same for the SSH. Click on Tunnels.
- In the Port forwarding section of the Tunnels menu, you’ll be providing the details to allow PuTTY to tunnel your VNC connection over SSH. In the Source port text box, type 5901. In the Destination text box, type your remote IP address:5901, using the IP address of the remote desktop PC or server. For instance, 192.168.1.100:5901 would be suitable.
- Return to the Session section, click on your saved session name under Saved Sessions, then click Save to save your settings.
- With your PuTTY settings ready, make the SSH connection by clicking Open at the bottom. You’ll be required to insert the username and password required to make your SSH connection as PuTTY makes the attempt.
- Once the login process is complete, you’ll be given access to the SSH terminal window for your remote desktop.
With the SSH tunnel to your remote desktop server active, you’ll now be able to make a VNC connection. You can use any VNC client you choose, but this guide will run through how to connect using TightVNC, a popular and free VNC client for Windows and Linux.
You can minimize PuTTY while the connection is active.
Connecting Using TightVNC
If your SSH connection is active, connecting using TightVNC is pretty simple. This assumes that your VNC server is running on your remote PC or server.
- Open TightVNC to begin. In the Connection section, type localhost::5901 or 127.0.0.1::5901 into the Remote Host text box. PuTTY is monitoring this port and will automatically forward this connection, when the attempt is made, to your remote server.
- You can configure your VNC connection further by clicking Options but, if you’re ready to connect, click Connect.
- You’ll be asked for your VNC server password, so provide this in the VNC Authentication pop-up window, then click OK.
If your SSH connection is working correctly, TightVNC should load your remote VNC desktop window, ready for you to use.
SSH Clients With Tunneling Support
While TightVNC is a popular Windows client for VNC connections, it doesn’t support SSH tunneling within the client itself, requiring you to use PuTTY to make the connection.
Other VNC clients, however, do include SSH tunneling within the client itself. One example is SSVNC which, while basic, will tunnel over SSH before making a VNC connection. SSVNC is supported by Windows and Linux operating systems.
- Open the SSVNC client and, within the main SSVNC client window, fill in the required fields. Under VNC Host:Display, type SSHusername@remoteIPaddress:1. Replace SSHusername with the username you’d use for your SSH connection, and replace remoteIPaddress with your remote desktop IP address. For example, [email protected]:1.
- Make sure you select the Use SSH or SSL+SSL option before you connect. When you’re ready, click the Connect button.
- You’ll be asked for your SSH password in a pop-up terminal window. Provide your password, then press enter on your keyboard.
Once the SSH tunnel is active, your VNC connection will begin, and your VNC client window should appear, where you can begin using your remote desktop.
While VNC connections aren’t encrypted by default, Microsoft’s own Remote Desktop Protocol is encrypted. If you’re running Windows and you’re planning on connecting to a remote Windows PC or server, you can connect using the Remote Desktop Connection tool instead.
