Photo by I’ve recently been testing a brand new Apple M1 device for compatibility with my .NET and JetBrains Rider workflow. What’s been interesting is my experience has predominantly been over an SSH tunnel using VNC, a remote screen sharing protocol.
In this short post, We’ll see the few commands we need to connect to a remote machine, determine the VNC port, and start a VNC connection. The approach will likely work on Linux distributions, as well as Windows Subsystem for Linux users.
Creating an SSH Key Pair
There are several ways to log in to an SSH session, but the most convenient is using SSH Keys. In general, our SSH key is our identity to other hosts. If we don’t already use SSH keys for Git, we can generate a new identity key pair by running the following command from a terminal.
> ssh-keygen
The command will generate a new private/public RSA key pair and save it under a .ssh folder in our root directory.
Read more about generating an SSH key pair at SSH.Com.
The Host Setup
Folks will have to install the public key on the host environment. Consult your host machine administrator with enabling screen sharing on the target device. In general, we want to add our public key to the ~/.ssh/authorized_keys on the host machine. We can do that by copying our public key on the host device, then running the following commands.
> mkdir -p ~/.ssh
> touch ~/.ssh/authorized_keys
> cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
We’ve now successfully tied our public ssh key to the current user on our host. Read more about the process in this post. For folks using hosting platforms like AWS, Azure, or Digital Ocean, enabling SSH should be part of the resource allocation process. Check the respective provider for guidance.
The Client Login
From here on out, we’ll need to run commands from a terminal until we start our VNC session. Now that we have our host setup, we need to login to our remote client.
To log in, we need to run the ssh login command.
ssh username@host
The username will be the user account on the host machine. The host will either be the IP address or the host machine’s publicly accessible name.
When successfully logged in, we should see our command line change to reflect our host’s environment.
[username@host1 ~]$ ssh username@host2.somewhere.edu
Last login: Mon Oct 20 09:23:17 2014 from host1.somewhere_else.edu
Determine VNC Server Port
In most cases, the VNC port will be in the range of 59xx. If we don’t know which port VNC is using, we can run the following command on our host while still connected to the SSH session.
sudo lsof -i -P | grep -i "listen"
We can scan through the resulting output to find the exact port number.
launchd 1 root 15u IPv6 0x3af20c046b8704ad 0t0 TCP *:5900 (LISTEN)
launchd 1 root 16u IPv6 0x3af20c046b8704ad 0t0 TCP *:5900 (LISTEN)
launchd 1 root 17u IPv4 0x3af20c046b88327d 0t0 TCP *:5900 (LISTEN)
launchd 1 root 28u IPv4 0x3af20c046b88327d 0t0 TCP *:5900 (LISTEN)
In the example, we can see that our host machine is listening for VNC connections on port 5900.
Creating The Tunnel
We’ll need to exit our SSH session from our previous section. We can close our session by typing exit in the command line. Our goal is to connect our local port of 5900 to the remote host’s port of 5900 from the command line.
ssh -L 5900:localhost:5900 username@host
We should see the same prompt from our previous logins, but now we have established an SSH connection with a tunnel to the VNC Server on port 5900.
Connecting The VNC Client
macOS comes with a built-in VNC Client, but they decided to rename it to Screen Sharing in Apple-being-Apple fashion. To connect to your host machine’s desktop, run the following command in a local command-line session (on your development machine).
open vnc://localhost:5900
Remember, we created a tunnel from our local IP address to our remote host. If we set up everything correctly, we should be looking at our remote host’s desktop.
I hope folks find this post helpful—happy and secure remoting.
