VNC (Virtual Network Computing) is a free product that you can use to create a virtual desktop on a remote system and then use the VNC client program running on your machine to display this desktop.  There are VNC client and server programs available for most platforms, including Linux, Windows, or MacOS. Since you can run GUI/X programs within the VNC desktop, you can then display them remotely from your local system.

One caveat with VNC is that the connection is not encrypted so in order to use it securely you will need to use what is called SSH tunneling.  This way, all network traffic goes over an encrypted SSH connection so it is secure.  Opening the native VNC ports in the firewall is generally not done since it exposes your session to snooping and potential data loss.

Below are some examples of how to use VNC with ssh tunneling for security for Windows, Mac, and Linux.

Example 1: Windows Client -> Linux Server

For this example, we will use burrow.luddy.indiana.edu as the server on which you will start your VNC server but you replace this hostname, as needed.  Here are the steps to do this:

1. Install PuTTY -  On your Windows system, you will need to install an SSH client program.  Putty is a very popular one and you can download it from the Putty download site.  We recommend that you download and install the Windows Installer which will be named something like putty-x.y-installer.exe
   
   
2. Install a VNC Client - There are several VNC client programs available for Windows and you can use the one of your choosing but TigerVNC is a popular one.  Just download and install the program of your choice but for this example we will assume you are using TigerVNC.  Note that if you are running the VNC server on a remote Linux system and just displaying that on your Windows system, you only need the VNC Viewer.  For 64bit Windows, you can just download the vncviewer64-N.N.N.exe program (where N.N.N will be the latest version number) and run that.
   
   
3. Log Into Server - Using PuTTY,  SSH into the linux server (e.g., burrow.luddy.indiana.edu).
   
   

4. Start the VNC Server - You can now start the VNC server on the remote linux system by running vncserver as follows:

   $ vncserver
   
   You will require a password to access your desktops.
   
   Password:
   Verify:
   Would you like to enter a view-only password (y/n)? n
   A view-only password is not used
   
   New Xtigervnc server 'silo.luddy.indiana.edu:1 (janedoe)' on port 5906 for display :6.
   
   
   NOTE:  If the display is shown using the short hostname (eg. silo:6) you will need to use the fully qualified hostname using the luddy.indiana.edu domain.  For example, if the display is reported as "silo:6" you will need to use the fully qualified hostname "silo.luddy.indiana.edu" when connecting.

   The first time you run vncserver, it will prompt you for an access password that you will need when you connect from your vnc client.  You must NOT use a password here that you are using anywhere else (ie. do not use your IU network ID passphrase).  This password is stored in a very weakly encrypted format in your ~/.vnc/passwd file so someone getting read access to that file could easily determine your password.  If you happen to forget your password, you can remove this ~/.vnc/passwd file and vncserver will create a new one the next time you run it.

   In addition, you will need to know the server display name which will be of the form "server.domain:N".  In the above example, the display name is silo.luddy.indiana.edu:6.  You will also need the VNC server port number which is just 5900 plus the display number.  So, in this example our display number is 6 so the remote port number is 5906.  You will use this number in the next step.
   
   Finally, if you have trouble getting vncserver to start, you may want to check if you have an old .vnc directory that is causing trouble.  If so, you can just move or remove that ~/.vnc directory and try again.
   
   

5. Start the SSH Tunnel - Now, armed with the remote server port number from the previous step (5906 in this example) and the remote server hostname (silo.luddy.indiana.edu in this example), you can now set up the ssh tunnel.  Start up putty and do the following:
        * In the Session settings, enter the Host Name (silo.luddy.indiana.edu in our example).   Leave the port number in this section at the default, 22.
        * Go to the Connection > SSH > Tunnels section and set both the Source port to the port number from the previous step (5906 in this example) and set the Destination to localhost:5906 (replacing the 5906 with your port number) and then click Add.  If done properly, you should see an entry under "Forwarded Ports" that looks something like "L5906   localhost:5906".
        * Click Open.  The first time you do this, you will need to Accept the host keys.  Then, at the login prompt, log in with your IU username and passphrase and DUO, as prompted.
   
   Once you are logged in, you can just iconify this putty window but you MUST keep it running to keep the SSH tunnel alive.
6. Start the VNC Client- Back on your Windows machine, you will now need to run the VNC client you installed earlier.  For this example, we will use the TigerVNC vncviewer you downloaded in step 1 and when you start it, you will just set the VNC Server to "localhost:6" (where you will replace 6 with the display number from step 4 for your VNC session.  This is a number from about 1-20 and is auto-assigned and NOT the number you calculated by adding 5900 to the screen number above.
   

   

   Once connected, you should see your VNC destop where you can start any programs you want.  If you just get a blank screen and are using the TightVNC server on the linux system, we recommend replacing that with TigerVNC.  Email sicehelp@indiana.edu if you need help with that.
   
   

7. Kill the VNC Server Session - When you are done, you should kill the VNC session you have running on the remote system.  You can do this logging into the remote server (burrow.luddy.indiana.edu in this example) using PuTTY and killing the session with something like:

   $ vncserver -kill :6

   You will substitute the display number in this example (6) with the actual display number you obtained from step 4.

Example 2: Mac or Linux Client -> Linux Server

1. Install a VNC Client - There are several VNC client programs available for Mac and Linux and you can use the one of your choosing but TigerVNC is a popular one.  Just download and install the program of your choice but for this example we will assume you are using TigerVNC.  Note that if you are running the VNC server on a remote Linux system and just displaying that on your Mac or Linux system, you only need the VNC Viewer.  For Mac, you can download the dmg from the TigerVNC site and for most Linux distributions you will find TigerVNC in the standard repositories (eg. for Ubuntu you can install the viewer with "sudo apt install tigervnc-viewer").
   
   
2. Log Into Server - Using ssh from the command terminal,  SSH into the linux server (e.g., burrow.luddy.indiana.edu).
   
   

3. Start the VNC Server - You can now start the VNC server on the remote linux system by running vncserver as described in step 4 above.  The process is the same for all operating systems.
   
   

4. Start the SSH Tunnel - Now, armed with the remote server port number from the previous step (5906 in this example) and the remote server hostname (silo.luddy.indiana.edu in this example), you can now set up the ssh tunnel.  Start up a command terminal and run the following:

   ssh -4 -N -L 5906:localhost:5906 username@silo.luddy.indiana.edu
   
   In this example, you will need to use the correct values for:
     Port Number - This is the port number from step 3 (5906 in this example) 
     Username - This is your IU username
     Server - The remote server where you ran vncserver (silo.luddy.indiana.edu in this example)

    If prompted, you will need to accept the host key and log in using your IU credentials.
      
   Once you are logged in, you can just iconify this terminal window but you MUST keep it running to keep the SSH tunnel alive.
   
   

5. Start the VNC Client- Back on your Mac or Linux machine, you will now need to run the VNC client you installed earlier.  For this example, we will use the TigerVNC vncviewer you downloaded in step 1 and when you start it, you will just set the VNC Server to "localhost:6" (where you will replace 6 with the display number from step 3 for your VNC session.  This is a number from about 1-20 and is auto-assigned and NOT the number you calculated by adding 5900 to the screen number above.
   

   

   Once connected, you should see your VNC destop where you can start any programs you want.  If you just get a blank screen, then you will need to adjust your startup file so see step 8 below.
   
   

6. Kill the VNC Server Session - When you are done, you should kill the VNC session you have running on the remote system.  You can do this logging into the remote server (burrow.luddy.indiana.edu in this example) using PuTTY and killing the session with something like:

   $ vncserver -kill :6

   You will substitute the display number in this example (6) with the actual display number you obtained from step 4.