VNC connections over SSH

Use X11 for the moment.

VNC can be helpful for getting quick remote display performance over imperfect network connections. Because VNC’s default protocol is not secured, the following instruction setup the connect through an SSH tunnel.

Quick Setup

On Windows with MobaXterm

1. 1. Start an interactive session on the grid following the usual instructions, including qlogin to get to a compute node. In the example below the use connects to signals26

user@engineering-grid2$ qlogin -q instruction.q
Your job 9330449 ("QLOGIN") has been submitted
waiting for interactive job to be scheduled ...
Your interactive job 9330449 has been successfully scheduled.
Establishing /mnt/nokrb/sge/etc/sshwrap session to host signals26.bu.edu ...
SGE job: 9330449

1. 1. On the remote shell, run vncserver and make up a password to secure your VNC session. Importantly, note the screen number assigned to your session after the hostname, like hostname:1 for screen 1.

user@signals26$ vncserver

New 'signals26:1 (jkgoebel)' desktop is signals26:1

Creating default config /home/user/.vnc/config
Starting applications specified in /home/user/.vnc/xstartup
Log file is /home/user/.vnc/signals26:1.log

1. In a MobaXterm tab with a local shell (click the little “plus” icon at the top of the terminal pane to get a local shell if needed), run:

   $ ssh 9999:hostname:59XX username@eng-grid.bu.edu
   

   You’ll need to fill these parts:

   • the hostname of the system the grid assigned you
   • the digits for the screen number vncserver assigned you (5901 for :1, etc)
   • your username
2. Make a new VNC-type session in MobaXterm (this can be re-used later) with these settings:
   • remote host: localhost
   • port: 9999
3. Connect using the VNC session and enter the custom password.

More Details

If your home client is running a full version of vncviewer (such as the one that comes with most Linux distributions), you can use vnc’s “-via” switch. These instructions assume you are logging into the Engineering Grid as described in the main instructions but you can do this to any UN*X system you have access to just by ignoring the “qlogin” part.

STEP 1: From a bash window on your local client, you will ssh to the remote server:

ssh to eng-grid.bu.edu or eng-grid2.bu.edu and once you’re logged in, run:

$ qlogin

(or qlogin -q interactive.q or bme.q or wherever you need to be)

$ vncserver :XX -geometry 1024x768 -depth 16 -name yourloginname

where XX is some two-digit number that you will remember.  If the VNCserver says it's already taken, pick a different one.

$ vncpasswd

STEP 2: In a separate bash window, you will run vncviewer from the local client:

$ vncviewer -via remote-machine-name.bu.edu localhost:XX

(where remote-machine-name.bu.edu is the remote machine that you qlogin'ned into)

STEP 3: Back in your first bash window:

$ export DISPLAY=localhost:XX

Now you can run whatever you want from here, such as:

$ mwm &
$ xterm &

and this will get you a very simple, fast window manager, and an xterm in your VNC window. Run whatever else you want from there. You may want to edit your ~/.vnc/xstartup file and uncomment the two lines that it says to uncomment for “normal desktop”, and then you’ll get your full window manager, same as you’d see on any Linux lab machine in ENG.

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

Using VNC without Integrated SSH

If your VNC client doesn’t have ssh support compiled in, you will have to use an additional step to open the tunnel from your SSH client. (Use the PuTTy client — do a google search for it and download it if you don’t already have it.)

Alternate STEP 2 for Windows with PuTTy:

Start up a PuTTy session and connect to eng-grid or eng-grid2, and do STEP 1 from there.

Now start a new PuTTy session.  For the host name, choose eng-grid or eng-grid2 again.  But before you click Open, go to the Category menu and choose Connection-->SSH-->Tunnels

Under Add new forwarded port, use source port 59XX and destination port remote-machine-name.bu.edu:59XX

(Remember this is the remote-machine-name of the machine that you qlogin'ned into and the same XX that you chose for vncserver in Step 1.)

Now connect to the remote machine, and then run your local VNCviewer application (an excellent free one is TightVNC) and connect to localhost:XX (or localhost:59XX, depending on your VNC client.)

Now proceed with step 3.

Alternate STEP 2 for MacOS with command-line ssh:

Open a terminal window and ssh to eng-grid or eng-grid2 and do STEP 1 from there.

Now open a new terminal window and run:
ssh your-login-name@eng-grid.bu.edu -L 59XX:remote-macine-name.bu.edu:59XX

(remember this is the remote-machine-name the machine that you qlogin'ned into in and the same XX that you chose for vncserver in Step 1.)

Now run your local VNCviewer application (an excellent free one is Chicken of the VNC) and connect to localhost:XX

Not Using the Grid

NOTE: If you are trying to connect over VNC to your own Linux box (not the Grid), skip the qloginwrap step, and if you get an error like this while connecting to your remote machine

 CConn:       connected to host localhost port 5599
channel 3: open failed: administratively prohibited: open failed
 main:        End of stream

then your /etc/ssh/sshd_config file is set up to block TCP Forwarding. Comment out the line

AllowTcpForwarding no

and restart the service

/etc/init.d/sshd restart

For more information:

• https://blog.mobatek.net/post/ssh-tunnels-and-port-forwarding/
• https://www.techrepublic.com/article/how-to-connect-to-vnc-using-ssh/