Thursday, April 19, 2012

Tunneling VNC over SSH to Mac OS X using bVNC

These instructions pertain to bVNC Secure and Free bVNC Secure, but they can be easily translated to instructions for ssvnc as well. bVNC is an Android and Blackberry 10/Playbook application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for Blackberry Playbook and Blackberry 10 devices.

Ensure you have v3.5.0 of bVNC or newer for this method to work.

0) If the Mac OS X computer is not attached directly to the Internet, forward port 22 to it. Port forwarding instructions are different for every router out there, so look up how to do that for your make and model. Also, having a fixed IP address for the computer helps. Finally, DynamicDNS set up on your router would help you immensely to locate your router on the Internet.

0) Set up Remote Desktop on your Mac:
- Open System Preferences
- Under Internet & Wireless, click on ‘Sharing’

- (a) Enable SSH by selecting the ‘Remote Login’ option (put a check-mark)

- Make sure your 'Remote Login' settings look like the screen-shot above
- The same settings window shows where I've highlighted username (iordan in my case) and hostname or IP address to use (lebigmac.iiordanov.com in my case)

- (b) Enable VNC by selecting the 'Screen Sharing' option (put a check-mark)
- Click on "Computer Settings..."

- Make sure your 'Screen Sharing' settings look like the screen-shot above
- Click OK

1) Start bVNC and configure a VNC over SSH connection:
- Select "VNC over SSH" in Connection Type
- Optionally name the connection in Title.
- Type in your external (Internet) IP address or Dynamic DNS hostname in SSH Server.
- Leave port 22 for SSH port.
- Type in the User name and Password of the Mac user you'd like to connect with in the fields under SSH Tunnel Settings
- Leave localhost in for VNC Server, and port 5900 for VNC port.
- Type the same User name and Password of the Mac user you'd like to connect with in the fields under VNC Connection Settings
- You may need to check "Local mouse pointer" in Advanced Settings, to see where the mouse pointer is.
- Tap "Connect", and you should be in. Please note that not all routers are capable of doing loopback connections, so you may not be able to connect to your Internet IP address while you are BEHIND the router. I.e. unfortunately, due to router limitations, you may have to be elsewhere to test this in some cases.

How to connect to Mac OS X using bVNC

This guide is for configuring Mac OS X for usage with bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client. Only the VNC client configuration would be different.

Ensure you have v3.5.0 of bVNC or newer for this method to work.

Please keep in mind that this method of connecting does not involve encryption and only protects your username and password with a Diffie-Hellman key exchange. There is no session privacy thereafter. To solve both of these problems bVNC Secure supports tunneling your VNC connection over SSH for enterprise-level security of both your authentication credentials and data. If you are concerned with security and privacy, follow my guide for Mac OS X on tunneling VNC over SSH with bVNC. Mac OS X supports tunnelling over SSH out of the box.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


0) Set up Remote Desktop on your Mac:
- Open System Preferences
- Click on Sharing
- Select the Screen Sharing checkbox (put a check-mark)
- Click on "Computer Settings..."

- Make sure the screen looks like the screen-shot above
- Click OK

1) Configure bVNC:
- Start bVNC
- Ensure "Connection Type" is set to Basic VNC
- Optionally name the connection something in Title
- Type the IP or host name of the computer you set up the first step
- Type the User name and Password of the Mac user you would like to connect with
- You may need to check "Local mouse pointer" in Advanced Settings, to see where the mouse pointer is
- Tap "Connect", and you should be in.

How to install and connect to TightVNC on Windows using bVNC

This guide is for configuring Windows for usage with bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client. Only the VNC client configuration would be different.

Please keep in mind that VNC authentication is inherently insecure, because it only allows passwords of up to 8 characters in length. Also, traffic between the VNC client and server is not encrypted and your data is vulnerable to spying. To solve both of these problems bVNC Secure supports tunneling your VNC connection over SSH for enterprise-level security of both your authentication credentials and data. If you are concerned with security and privacy, follow my guide for Windows on tunneling VNC over SSH with bVNC.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


0) Install TightVNC
- Go to: http://www.tightvnc.com/download.php
- Get and install the "Self-installing package for Windows".
- Do a default install and set a (VNC password)** and a control
interface administrative password (up to 8 characters).
- Click on the icon with the "V" in the notification area of the taskbar.
- Disable "Serve Java Viewer to Web clients"
- After you have it working you can look through for any other
settings you want.

1) Configure bVNC Client:
- Start bVNC
- Ensure "Connection Type" is set to "Basic VNC"
- Optionally name the connection something in Nickname
- Type the IP or hostname of the computer you configured in the first step.
- Type the (VNC password)** you chose from the first step in VNC Auth.
- You will probably have to check "Local mouse pointer", because TightVNC doesn't show a mouse pointer in Windows with bVNC.
- Tap "Connect", and you should be in.

Tuesday, April 17, 2012

Tunneling VNC over SSH to a Windows computer using bVNC

These instructions pertain to bVNC Secure and Free bVNC Secure, but they can be easily translated to instructions for ssvnc as well. bVNC is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.

0) If the Windows computer is not attached directly to the Internet,
forward port 22 to it. Port forwarding instructions are different for
every router out there, so look up how to do that for your make and
model. Also, having a fixed IP address for the Windows machine helps.
Finally, DynamicDNS set up on your router would help you immensely to
locate your router on the Internet.

1a) Install OpenSSH for Windows:
https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH

1b) If the above does not work for you, alternatively install freeSSHd
- Go to: http://www.freesshd.com/?ctt=download
- Download and start freeSSHd.exe
- Do a default installation
- A user reported that running freeSSHd as a system service on his machine does not work properly. So let's play it safe, and when freeSSHd asks you whether you want to run it as a system service, say NO.
- When freeSSHd finishes installing, there will be a freeSSHd icon on your desktop. Drag and drop this item in Start->All Applications->Startup (the list of applications that start when you log in).
- Restart Windows.
- If you are feeling adventurous, you can try running freeSSHd as a system service, but if you experience problems, you have to completely uninstall it, reboot, and then reinstall it.

2) Open port 22 on Windows Firewall
- Control Panel->Windows Firewall
- Ensure the Don't allow exceptions box is not checked.
- Click the "Exceptions" tab
- Click the "Add Port..." button.
- Type sshd for name and 22 for Port number. Leave TCP selected.
- Click "OK", and then "OK" again on the outside dialog.

3) Click on the little icon with the yellow lock in the notification
area of the taskbar (bottom right).
- If the icon isn't there, run Start->All Programs->freeSSHd->freeSSHd
- Click on Tunneling->Allow local port forwarding.
- Click on Users->Add...
- Type the (Login ID)* of an EXISTING user on the system, and next
to "User can use", tick "Shell" and "Tunneling"
- Alternatively, you can create a user by selecting something
other than "NT Authentication" in the "Authorization" box.
- Click "OK" or "Apply"

4) Install TightVNC
- Go to: http://www.tightvnc.com/download.php
- Get and install the "Self-installing package for Windows".
- Do a default install and set a (VNC password)** and a control
interface administrative password (up to 8 characters).
- Click on the icon with the "V" in the notification area of the taskbar.
- Disable "Serve Java Viewer to Web clients"
- Access Control->Loopback Connections->Check "Allow loopback
connections" AND "Allow only loopback connections".
- After you have it working you can look through for any other
settings you want.

5) Start bVNC and configure a VNC over SSH connection:
- Select "VNC over SSH" in Conn. Type.
- Optionally name the connection in Nickname.
- Type in your external (Internet) IP address or Dynamic DNS
hostname in SSH Server.
- Leave port 22 for SSH port.
- Type in the (Login ID)* and the Windows password associated with
it in the fields next to SSH Auth.
- Leave localhost in for VNC Server, and port 5900 for VNC port.
- Type the (VNC password)** from step (4) in VNC Auth.
- You will probably have to check "Local mouse pointer", because
TightVNC doesn't show a mouse pointer in Windows with bVNC.
- Tap "Connect", and you should be in. Please note that not all
routers are capable of doing loopback connections, so you may not be
able to connect to your Internet IP address while you are BEHIND the
router. I.e. unfortunately, due to router limitations, you may have to
be elsewhere to test this in some cases.

6) If you want password-less ssh to your Windows machine, you have to generate an SSH key in bVNC, and export it in some way (say you share it to yourself by email). Then, what you do is save it in C:\Program Files\freeSSHd in a file named the same as (Login ID)* (without ANY extension), where (Login ID)* is the user name of your Windows user that you set up in step (3).