Securely Remote Control your Ubuntu Box from Windows XP / Vista
Here is the complete procedure for setting up VNC over RSA Key protected SSH so you can remotely and securely connect to your Ubuntu PC from a Windows XP or Vista PC. It looks like a lot of steps but mostly because I have tried to explicitly document everything for those Ubuntu noobs like me!
Standard VNC is super unsecure / dangerous because your login credentials are sent over the wire unencrypted and it is a common target for hackers. SSH is a solution to the encryption problem but like VNC, it is a target for hackers as it is a commonly available door to your PC. Simple login / password authentication is too suseptable to a brute force automated attack. So, the solution I settled on was to protect my SSH through RSA Key Pair Authentication and protect my VNC by not making it publicly visible but accessible through SSH Port Forwarding.
Below are the steps I took to connect to my Ubuntu box from a remote Windows XP machine. The process actually goes very quickly and is pretty straight forward with not too much Linux magic };-). If you have any questions or issues post a comment and I will see if I can help.
1. Install SSH on your Ubuntu Box
Install openssh-server using Synaptic Package Manager
- a) Select Synaptic Package Manager from the System Menu – Administration
- b) Click on Search and type in “openssh-server”
- c) Right Click on the openssh-server element and click install
- d) Click on Apply in the upper button menu bar
Ubuntu documentation for SSH : https://help.ubuntu.com/community/SSHHowto
2. Enable VNC on your Ubuntu Box
- a) System Menu –> Preferences –> Remote Desktop
- b) Activate “Allow other users to view my desktop” and “Allow other users to control my desktop” and “Require the user enter this password”
- c) Set the password to some secure and strong password. I like to make mine different from my Ubuntu or Windows user passwords.
Ubuntu documentation for VNC : https://help.ubuntu.com/community/VNC
3. Setup your router to Forward the SSH Port
- a) This varies depending on what router you have but it is usually under the Advanced Setup and then under Port Forwarding in the Web Interface
- b) On your Ubuntu box type ifconfig in a terminal window. Write down your ip address (will probably be 192.168.x.x)
- c) Forward Port 22 to the ip address from the previous step.
- d) While here look for the “Status” link on your Router Web Interface and write down your router’s Public IP Address
4. Download PuTTy and PuTTYgen on your Windows XP / Vista Box
- a) Browse to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- b) Download putty.exe and puttygen.exe
- c) These are the actual executables and you don’t need to install anything. Just save them somewhere that makes sense.
5. Create your RSA Public / Private Key Pair on your Windows XP / Vista Box
- a) Open puttygen.exe
- b) Optional: Change the number of bits from 1024 to 2048 for extra security
- c) Click on the “Generate” button to generate your SSH-2 RSA key
- d) Move your mouse all crazy like in the white box to produce some random data to seed your RSA key.
- e) Under the key comment put something descriptive. I usually use a login-hostname so rich-workpc or similar
- d) IMPORTANT! Type a passpharase and confirm passphrase. This protects your RSA SSH key and is necessary for security.
- e) Click on the “Save Public Key” and “Save Private Key” and place the files somewhere “safe” that you remember.
- f) Leave this window open!
6. SSH into your Ubuntu Box from your Windows Box Using PuTTy
NOTE: Our purpose here is to setup our SSH RSA Key Pair that we created in step 5
- a) Open putty.exe
- b) In the “Host Name (or IP address)” box enter the public IP address of your Ubuntu Box (see step 3d)
- c) Click on Open
- d) Login to your Ubuntu box from the PuTTY terminal just as you would if you were sitting infront of it
- e) Type in: sudo su
- f) Enter your root password
- g) Type in: cd .ssh
- h) Type in: touch touch authorized_keys2
- i) Type in: chmod 600 authorized_keys2
- j) Type in: pico authorized_keys2
- k) In the puttygen window you left open in step 5f Copy all the text in the “Public key for pasting into OpenSSH authorized_keys file” onto your clipboard
- l) In the putty window you now have the pico window open in: Click on the last line.
- m) Paste the information from your clipboard into this window (Putty should allow you to paste the info from your windows clipboard into your open putty window and thus into yoru pico window)
- n) Hit: Control-O to save the changed file
- o) Hit: Control-X to quit pico
- p) Type in: cd /etc/ssh/
- q) Type in: pico ssh_config
- r) Find the following line:
- s) Change to:
- t) Hit: Control-O to save the changed file
- u) Hit: Control-X to quit pico
- v) Type in: sshd reload
- x) Type in: exit
7. Setup PuTTy to use SSH RSA Key Pair Authentication and Port Forwarding for VNC
- a) Open putty.exe
- b) In the putty menu browser on the left, click the + next to SSH to open the menu and Click on “Tunnels”
- c) Enter 5900 in the “Source Port” Field
- d) Enter the ip address of your Ubuntu Box you found in step 3b in the “Destination Field”
- e) Click on the “Add” button
- f) In the putty menu browser on the left, Select the menu item Auth under the SSH menu
- g) Under the “Private key file for authentication:” Header click on Browse and select your private SSH key file you created in Step 5e
- h) In the putty menu browser on the left, Select Session
- i) In the “Host Name (or IP address)” box enter the public IP address of your Ubuntu Box (see step 3d)
- j) Type in a Description under the Saved Sessions Box like My Ubuntu Box
- k) Click the “Save” Button
- l) Click the “Open” Button to try out your settings!
NOTE: You should be prompted to: “Enter passphrase for key” when you connect. Enter the password you set in step 5d and you should be connected.
If you have any issues connecting recheck your settings, double check that the Ubuntu Box has your RSA public key added to ~/.ssh/authorized_keys2 as we set up in steps 6g-6o.
8. Setup the VNC viewer and VNC into your Ubuntu Machine!
- a) Download and Install TightVNC: http://www.tightvnc.com/
- b) Run TightVNC Viewer
- c) Enter: 127.0.0.1 as the VNC Server and Click “Connect”
- d) THAT’S IT! You should now be VNC’ed into your Ubuntu Box from your Windows XP/Vista PC and graphically be browsing your Ubuntu PC from afar!
NOTE: You MUST have your PuTTY session you saved in Step 7k running BEFORE you Connect to the VNC Viewer EVERY TIME because this creates your SSH Tunnel and allows the VNC connection.