Control Your Mac from Afar
Subject:   VNC via SSH
Date:   2003-09-23 15:48:49
From:   tychay
Response to: Great article, but there's a better downside to VNC

Here are two .command scripts that will start and stop your an SSH VNC tunnel:

USERNAME=<username on remote machine>
HOSTNAME=<ip address of remote machine>
BINDPORT=<local port to bind to: VNC # + 5900>
VNCPORT=<remote port to bind to: VNC # + 5900>
VNCSESSION=<path to VNCSession file>

ssh -c blowfish -l $USERNAME $HOSTNAME -L $BINDPORT:localhost:$VNCPORT -f -N

Obviously you have to customize the first part. The first VNC port is the bind port you have on your VNC client (for instance 1->5901 and you are binding to localhost:5901 in your VNC session file. The first line contains the syntax to set up the tunnel and the secibd line opens your VNC session file that is bound to localhost:6901--NOTE: I use VNCDimension not ChickenOfTheVNC so YMMV! Note also that this does not start the VNCServer running on the remote computer/Mac. You have to use OSXvnc or "Share My Desktop" to do that and there is the caveat that if you logout of VNC your session is killed and needs to be restarted! Note also that this script isn't automated since it will ask you for a password (your password on the remote machine). To fix this you have to follow a hint which I won't give (it's in the OReilly Mac OS X hacks book as many other places) and use an SSH keychain tool. For the cheap among you, do a lookup of "ssh-agent" and Mac clients for it as well as passwordless ssh login for tutorials on the web.

To close the script down....
BINDPORT=<local port to bind to: VNC # + 5900>
VNCPORT=<remote port to bind to: VNC # + 5900>

for X in `ps xww | grep $BINDPORT:localhost:$VNCPORT | grep -v grep | awk '{ print $1 }'`; do
kill $X;

This will destroy your tunnel but it leaves the VNC server running on the remote machine.

Write these as text files with the name "start.command" and "stop.command" (or whatever) and then turn on executable (with get info) and double click. Obviously with AppleScript Studio and the AppleScript basics provided in this article, you can roll your own interface. :)

Note, I should mention that on LANs this is not much of an issue. VNC uses a challenge/response password verification system that will protect the password from being hacked so the only thing you are transmitting out in the open are the VNC controls.

Take care and happy hacking,


1 to 1 of 1
1 to 1 of 1