34,333
edits
Changes
→Establishing a Secure Remote Desktop Session
== Establishing a Secure Remote Desktop Session ==
The remote desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewallperimeter. When a remote session is required over an internet connection a more secure option is needed. This achieved by tunneling the remote desktop through a secure shell (SSH) connection.
Before a secure connection is established the SSH server must be installed in the desktop to which the connection is to be established. For detailed steps on installing the SSH server on an Ubuntu Linux system see [[Configuring Ubuntu Linux Remote Access using SSH]].
</pre>
In the above example, ''hostname'' is either the hostname host name or IP address of the remote system. Log in using your account and password. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel. Leaving the ssh session running in the other terminal window, launch another terminal and enter the following commandto use vncviewer:
<pre>
</pre>
Alternatively, to use vinagre: <pre>vinagre localhost:5900</pre> The vncviewer or vinagre session will prompt for a password if one is required, and then launch the VNC corresponding viewer providing secure access to your desktop environment.
If you are connecting to the remote desktop from outside the firewall keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the LAN IP address of the remote system (since this IP address is not visible to those outside the firewall). You will also need to configure your firewall to forward port 22 (for the ssh connection) to the IP address of the system running the desktop. It is not necessary to forward port 5900. Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration.
