How to connect to a VNC machine that is behind a firewall using SSH tunneling, OS X and Chicken of the VNC


VNC is a very useful program for accessing a computer remotely. These are instructions for accessing a remote machine using OS X, Chicken of the VNC, and Vine Server when there is a firewall in the way.

VNC SSH Tunnel

Normally it is a fairly straightforward process to connect from a VNC client to a VNC server running on a remote machine. A firewall in the middle can complicate the process a bit.

Normal:
MY MACHINE -> VNC CLIENT < - -> VNC SERVER < - REMOTE MACHINE Behind firewall: REMOTE MACHINE -> VNC SERVER -> SSH TUNNEL < - -> VNC CLIENT < - MY MACHINE

  1. On MY MACHINE, create a local SSH user account and password – call it vnc_user
  2. On MY MACHINE, determine my public IP address – go to whatismyip.com (MY_IP_ADDRESS)
  3. On REMOTE MACHINE, turn on the Vine Server and set the password
  4. On REMOTE MACHINE, open up Terminal and enter the following command:

    ssh vnc_user@MY_IP_ADDRESS -R 5900:127.0.0.1:5900

    where MY_IP_ADDRESS is the IP address of MY MACHINE.

  5. Enter the password for the vnc_user. You should now be connected to MY MACHINE over SSH.
  6. On MY MACHINE, open up Chicken of the VNC. Connect to localhost and enter the password for the REMOTE MACHINE.
  7. You should now be connected to REMOTE MACHINE’s VNC server and be seeing their screen.
  8. Notes:

    • Make sure that you are not running a VNC server on MY MACHINE, or that it is turned off
    • If you are running a firewall on your own network, you may need to enable port forwarding for SSH to ensure that SSH requests on port 22 are connected to MY MACHINE and not blocked by your own firewall.

    Thanks to this article that describes how to do this and also includes an Applescript that makes the connection.


2 responses to “How to connect to a VNC machine that is behind a firewall using SSH tunneling, OS X and Chicken of the VNC”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

sell diamonds