Using a tunnel to secure your VNC connection to Basho

To begin, you should install a program called Putty. This program allows you to make connections to other computers and has additional features which add security to these connections.

You can download Putty at URL http://chiark.greenend.org.uk/~sgtatham/putty/download.html.

When you establish a VNC connection to basho you are required to type your password.  That password gets encrypted so that someone capturing your transmission across the internet cannot use your password.  However, once the connection gets established, the data your send and receive via your VNC session is not encrypted unless you take the steps we're about to describe.

Normally, one computer connects to another computer on the internet by sending messages to a certain "port" on the other computer.  The VNC server on basho, for instance, answers requests on a particular port.  Except for the password, data travelling to and from this port will not be encrypted.  What we can do, however, is to set up an encrypted link from one computer to another via something called Secure Shell Tunneling.   We create an encrytped, secure, tunnel from one computer to the other over a particular port, which carries traffic destined for a different port on the destination machine.  The data in the tunnel is always encrypted.  

So let's say you're trying to connect to your VNC session on basho at port 5905 (there will be a table of port numbes at the end of these instructions).  If we did not use a tunnel, our machine at home/school would try to open a vnc window by connecting to port 5905 on basho directly.  But we want to use an encrypted tunnel instead, so we use Putty to create the tunnel and forward traffic to and from port 5905 over its encrypted Secure Shell (SSH) link on port 22.

Here is how to forward the vnc session :5 to vastro using Putty and vncviewer:

Start with Putty.  
In Category,  select Connection|SSH|Tunnels and enter the following data:



Then push the "Add" button.  Your window should look something like this:



Click on "Session."  You should make a configuration file for vnc forwarding.  Enter the following into your window:



Then push "Save."  Your window should look like this:



You would select VNCforward from now on when you start your connection using Putty.


Now we can start a secure tunnel with Putty.  
Select the VNCforward session and press "Open."  You will then need to login with your account name and password.
A window such as this will appear:

At this point the tunnel is established.  The window above can be used to run commands which do not require graphics.  You are now ready to start a VNC session through the encrypted tunnel.  Your tunnel begins at your machine, so instead of  starting a vncviewer connection to basho directly, you point vncviewer to your end of the encrypted tunnel.  
In network language, the machine you are sitting on is nicknamed "localhost."  You will start vncviewer pointing at the tunnelled port on your own machine (localhost).  

You can start the vncviewer from the MS-DOS Command Prompt or if you created a shortcut as described earlier, you can double-click on the vncviewer icon.

Here is an example of starting vncviewer from the MS-DOS command prompt:

As usual, after starting vncviewer, you should see the login window that starts your vnc session:

Once you enter your password and click "OK",  your VNC desktop should appear:

That's it!  Your keystrokes are now being encrypted and transferred securely to basho.  

When you are done for today, click the "X" on the upper right corner of the vastro X desktop vncviewer window to close down the program on your Windows PC, then type "logout" in the Putty terminal window connection to basho.
A nice side effect is that besides being encrypted, the tunnel settings (via Putty) can be compressed, so the vnc desktop may respond faster while you are using it.

If you have additional questions, please direct them to the web board.