This tutorial will walk you through the steps to running a SSH server on your Windows machine and using it to create a secure tunnel through the Internet to use VNC.
Install the SSH server:
- Log into Windows with Administrative privileges
- If there is no password set for this user, set one in the Control Panel. *(a password is required)
- Create a cygwin folder in the C: drive (C:\cygwin)
- Download setup.exe from cygwin.com and save it to C:\cygwin
- Run C:\cygwin\setup.exe
- Install from the Internet and save to C:\cygwin\
- For Local Package Directory, use C:\cygwin\
- Select a download site from the large list.
- On the Select Package screen, click View once so “Full” appears.
- Scroll down to openssh in the package column, and click on “Skip” so an “X” will appear in column “Bin?”.
- After the packages have been downloaded, finish the installation
- Right click My Computer, Properties > Advanced > Environment Variables
- Under System Variables, click New, add CYGWIN as the variable name, add ntsec as the variable value
- Under System Variables, scroll down to Path, click Edit, add ;c:\cygwin\bin to the end of the string already in the field
- Open Cygwin on the desktop and type in ssh-host-config
- “Privilege Separation?” Yes
- “Create local user SSHd?” Yes
- “Install SSHd as a service?” Yes
- “CYGWIN = ” enter ntsec
- While in the same Cygwin window, enter net start sshd to start the SSH server
- If you ever need to stop the SSH server, enter net stop sshd
- In the Cygwin window enter mkpasswd –local > /etc/passwd to copy over the Windows user settings to Cygwin
- In the Cygwin window enter mkgroup –local > /etc/group to copy over the Windows group settings to Cygwin
Test the SSH server:
- Enter ssh localhost in a Cygwin window
- Any time you SSH into a server for the first time, you will get an authenticity warning. The RSA key will be listed and it will ask you if you want to continue. Type in ‘yes‘ to continue.
- If you get a prompt without any errors, enter ls -lh /cygdrive/c
- If you see a directory listing of your C:\ drive, everything went right
Install the VNC server:
- Install your VNC client of choice. Make sure you install the server portion of the client
- If you are given the option to “allow loopback connections” choose Yes
- Make sure you register the VNC Server as a system service. Various clients do this in different ways
- Once it’s registered as a service, it will auto-run at Windows startup as a service
Tweak your firewall (if applicable) to allow port 22:
- In your firewall, open TCP port 22 for SSH use
- Example: in Norton Internet Security, Personal Firewall > Configure button > Advanced tab > General button > click Add. Permit to and from connections for TCP port 22. Name the rule something like SSH
- Example: in Windows Firewall for SP2, Start > Control Panel > Windows Firewall > Exceptions Tab > Add port > port name SSH, port 22 TCP
Tweak your router (if applicable) to forward port 22:
- If you’re behind a router, forward TCP port 22 to your internal IP
- This means that any traffic coming in through port 22 (the SSH port) will be passed through the router and directed (forwarded) to your internal IP
SETUP: Remote machine
Install the SSH client and create a tunnel:
- Install your SSH client of choice (mine is PuTTY)
- Create a tunnel to your SSH server
- In PuTTY, click the Add button under the tunnels section
- Make the source port = 5900 and the destination = 127.0.0.1:5900
- In the SSH Secure Shell client, edit your profile and go to the Tunneling tab
- Make the listen port 5900, the Destination host 127.0.0.1 and the destination port 5900. Choose TCP for the type and uncheck “Allow local connections only.”
Configure PuTTY for auto-login (if you choose to use PuTTY):
- Make a shortcut to putty.exe on your Desktop
- Right click the shortcut, Properties > Shortcut tab > Target field
- Add the following to the end of the string in the field: -load “[your profile name]” -l [login name] -pw [password]
- Example: -load “home” -l Mark -pw mypassword
Install the VNC viewer:
- Find a VNC program of your choice and install the VNC Viewer portion of the package.
EXECUTE: VNC over SSH
- Open your SSH client, connect to your remote IP address
- Open your VNC viewer, connect to 127.0.0.1:5900
Wow, you published this a while ago. It’s almost like Lifehacker copyed your how to and made it into a Geek to Live.
Keep them coming!
I tried this so many times and it doesn’t work.
First, for some reason, all of the tutorials I saw (like this one) ommit the login process; jumping from
ssh localhostto the
ls -lh /cygdrive/c.
After synchronising Windows user accounts with Cygwin I use my Windows user password but I get “Permission Denied”.
My windows 2000 server is not on a domain, but I couldn’t see the group GID in /etc/passwd records, so I tried editing /etc/group as described on http://pigtail.net/LRP/printsrv/passwd-group.html but it didn’t work either.
Also, by default, when sshd Windows user account is created on my system, it is disabled by default.
I’m not sure how all this works. In my setup I have ssh running and tested. From my remote workstation I can use ssh. On my PC I can see that ssh works only when Windows Firewall has port 22 listed as an exception. This all seems fine.
My problem is getting my remote workstation to connect using VNC.
1.) What needs to be setup on the PC in order for my workstation vncviewer to connect?
2.) What if anything needs to change on the remote workstation setup?
My goal is to have the PC setup to allow remote secure VNC connections via ssh.
Hi. This is very helpful material! Just a question. In configuring Putty, what are the profile name, login name, and passwords that I should use? Thanks 🙂
When you first set up PuTTY, enter in the server info and use the Saved Session section to save the profile. That’s what your profile is called. The login and password are the actual values you use on your SSH server.
for more advanced vnc over setup : http://users.rcn.com/tushar.manglik/
whenever i want to test the ssh
i type in ssh localhost
it asks for the password
but i cant type anything
no password nothin
i just can click enter and get permission denied
i removed my user password and sync’ed it again
so now m not supposed to have any passwords
and type in nothing and click enter
i still get permission denied
i tried doin same thing from dos using other commands
same thing happens when it asks for my password
matter of fact this message comes
Permission denied (publickey,password,keyboard-interactive).
help and thank u
One little trick that i have found out is opening the onscreen keyboard and then typing your password will work. The only problem is that it doesn’t show what you have typed and it is very annoying to do everytime you login. Hopefully this will help solve your problem until they fix the program(if it is a program error), or until i find out a way to fix this(although i have searched the web up and down and can’t seem to find anything)…….Cheers!
I have configured tunneling via PuTTy as well as manually by entering ssh -C -L 5902:192.168.1.200:5902 -l 1shay 192.168.1.250 from a command prompt. Everything appears fine from a connection perspective. I am logged in as expected ps -ef | grep vnc shows that I have the process listening on port 2:1shay as expected.
The problem I am having is that once I initiate the session from VNC [127.0.0.1:2 or localhost:2] on my XP client, nothing happens. No password prompt, no remote window opens…nothing. output from /var/log/secure indicates the following:
Received request to connect to host 192.168.1.200 port 5902, but the request was denied.
This would indicate that I can’t open the 5902 connection on my XP client. I’ve searched over a hundred different sites attempting to nail down this issue but haven’t found any answer yet. Anyone have any ideas? Anyone seen this happen before?
Very useful tutorial for helping my users setup their first SSH server …
There has got to be an easier way to do this.
I have set up the ssh server and it works fine for “ssh [username]@localhost” in my command prompt at server but it doesn’t work for “ssh [username]@192.168.x.xx” which is also localhost. I have turned off all the windows firewall.
The error message is:
ssh: connect to host 192.168.x.xx port 22: Connection timed out
Would appreciate if there is any advice.
It works perfectly even though I am new to CYGWIN.
Thanks a lot!!
Comments are closed.