Using Xvnc and ssh to securely do X from Vincent
kula@iastate.edu
9 June 2004

This document assumes that you have access to a machine that has a
VNC client and can be ssh'd into. 

Vincent Side:

Make sure /local/etc/xdm-access contains:

 localhost

Add userve and then run:

 vncpasswd 

This will ask you to enter a VNC session password --- it can be really
stupid, since we're tunneling this over ssh and only listening to
localhost (so I guess if you don't trust the people locally on this
machine, make it a good password). If you have ran vncpasswd in the
past and want to use the same password, you can skip this step. If you
want to change the password, run vncpasswd. To remove the auth file,
delete ~/.vnc/passwd

Then run:

 Xvnc :DISPLAY -geometry 1024x768 -depth 24 -rfbwait 120000 -desktop scpa-01 -localhost -query localhost

(all as one line). Replace DISPLAY with some number greater than or equal
to 1 --- if someone else is already using 1, you'll have to use 2, etc.

It will spit out some stuff about "client 4 rejected from local host". Ignore
it.

-desktop is just a descriptive name for the desktop.

Cntl-z and then bg will background the Xvnc. Do 'jobs' to see the
jobs running and 'fg %NUMBER' to foreground a backgrounded job.

Run the following command:

 ssh -R REMOTEPORT:127.0.0.1:DISPLAY+5900 username@remote.ssh.mach.ine

and log in to the remote machine. REMOTEPORT is the port at which the
VNC connection will show up at on the client machine, DISPLAY+5900 should
be 5901 for DISPLAY=1, 5902 for DISPLAY=2, etc. REMOTEPORT should normally
match DISPLAY+5900

Client Side: 

On the client side, run a vnc client. It should connect to 127.0.0.1 port REMOTEPORT (some vnc clients use display numbers, if REMOTEPORT is 5901,
the display is 1, if REMOTEPORT is 5902, the display is 2, etc).