Wednesday, April 08, 2009

How to VNC from an Android phone to a Linux Computer Securely with an encrypted ssh tunnel.

I know I have not posted anything in forever, but this is just so nerdy I had to post it. I got my full Ubuntu Linux desktop on my T-Mobile G1, and I did it very securely. Here is how you can do it too (provided of course you have an Android powered handset, Linux at home and a desire to show off to nerds everywhere).

To create a secure SSH tunnel to your Linux computer from an android phone;

This guide assumes a few things; that you have an ssh server and VNC server running on your home system, and that you have your home router setup to forward ssh traffic to your home computer. Every router is slightly different so I cannot write a guide for them all, but it should be quite easy to figure out with some basic Google searching. I recommend dyndns to get your routers external facing IP updated through DNS to you can connect with less of a headache when your ISP changes your IP.

1) Download ConnectBot to your phone from the android marketplace, put in your computers IP or hostname information (and password of course). You may want to test this first step to make sure you can ssh in before you set up the port forward.

2) In ConnectBot click menu key on the phone.

3) Click Port Forwards on the screen.

4) Click menu on the phone.

5) Click Add port forward on the screen.

6) Enter the following settings.

Nickname: VNC

Type: Local

Source Port: 5901

Destination: 192.168.X.X:5900 (the Xs of course representing your local IP address on your home system, not the IP address of your Internet facing router. You can find your you IP with the ifconfig command)

7) Download androidVNC to your phone from the android marketplace.

8) Open androidVNC and enter the following settings.

Nickname: (leave this field blank)

Password: (The password you set up on your remote computer for VNC, check the Keep box)

Address: 127.0.0.1

Port: 5901

9) Click connect and you should be connected!

30 Comments:

Blogger fepus said...

worked like a charm! thx for the recipe. Droid meet X11. X11 meet Droid.

Too bad using vim or wmii WM is tough on the droid ;(

6:02 PM  
Anonymous Anonymous said...

Now how do I route *everything* through a tunnel for browsing on public access points?

8:45 PM  
Anonymous Anonymous said...

You sir are a God, now I have an encrypted Ubuntu Desktop on my Android. This is promethean. Thanks so much.

1:29 PM  
Anonymous jimrecht said...

Darn! I’m using an iMac and trying to connect with my rooted HTC Hero using Android-VNC and ConnectBot. I followed your excellent instructions to the letter, with one exception: for “Destination” I entered 10.0.1.144:5900 instead of 192.168.X.X:5900 (I think that’s correct, since I’m using Mac OS X). But I can’t connect!

3:32 PM  
Anonymous Anonymous said...

Yo are da man, I'ev been pissing around trying to get this to work for a week now. Part I was missing was the ConnectBot port forwarding ... Cheers.

8:39 PM  
Anonymous Anonymous said...

Is there any reason why the destination
has to be on the local network? Couldn't
it be any accessible ip address?

8:35 PM  
Blogger RamosXP said...

Congrats on the new member of your family, lets raise him to be just like us Linux nerds :) Thanks for the post, it was very helpful.

8:45 AM  
Blogger Stephen said...

For the user asking why it had to be the loopback address, a quick explanation of what this is accomplishing.

First, by setting up port forwarding you are allowing your Droid to make a secure encrypted connection to the computer at home.

Then by pointing VNC to the loopback address (127.0.0.1) you are telling the VNC viewer to try to connect from the droid back to itself. ConnectBot takes that connection attempt and sends it through the encrypted connection you already made.

You can take these instructions a step further and config your computer to listen for SSH connections on port 443 in addition to the standard 22. This allows you to tunnel from behind many restricted networks (like the over-locked down one at the college campus).

5:39 AM  
Anonymous Anonymous said...

This tried for me the first time but not connectbot keeps saying the host is disconnected. I'm thinking maybe I started the ssh daemon wrong on my computer this time. I'm using sudo /etc/init.d/ssh any ideas what i'm doing wrong?

7:39 PM  
Anonymous Anonymous said...

Hi, thanks for this guide. However, I have a problem with connectbot.
The 'port forward' option seems to be greyed out with 'local' type. Am I missing something here?

6:45 PM  
Anonymous Anonymous said...

Sorry for that. My bad. I got it working now. Thanks!

1:59 AM  
Anonymous Anonymous said...

AndroidVNC doesnt seem to work when connecting to Mac OSX internal VNC server. This process does work with other VNC viewers though (tested with pocketcloud)

10:40 PM  
Anonymous Anonymous said...

Thank you so very much! It worked like a charm.

9:18 PM  
Anonymous Anonymous said...

AndroidVNC to Mac OSX seems to be picky about the default color setting of 64. Crank it up and it works. Personally, Mocha VNC lite works so much faster for me than Android VNC

9:57 PM  
Anonymous Android app developer said...

I absolutely appreciate your way of presenting this column with a excellent suggestion.I want some more about this article. So you can add some interesting information and it will easily to reach the branding.

4:05 AM  
Blogger DarwinIcesurfer said...

This comment has been removed by the author.

11:06 PM  
Blogger DarwinIcesurfer said...

This comment has been removed by the author.

11:07 PM  
Blogger DarwinIcesurfer said...

Rather than following the instruction:
Destination: 192.168.X.X:5900 (the Xs of course representing your local IP address on your home system, not the IP address of your Internet facing router...."
Use 127.0.0.1:5900 This is particularly useful if your ip address changes due to a DHCP login,

11:09 PM  
Anonymous Anonymous said...

Thanks - very useful!

8:03 AM  
Anonymous Anonymous said...

when I try to connect to home with androidVNC I get: ERROR! VNC connection failed! null

4:23 AM  
Anonymous Anonymous said...

Thank you so much for taking the time and effort to share this.This was driving me nuts.

I'm on OS X 10.6.8 and this blog along with Darwinlcesurfer's comment was the final piece of the puzzle for me.

I had to use 127.0.0.1 for BOTH the AndroidVNC setup and ConnectBot's port forward.

Another tip for OS X users get Vine Server. Its a free, open source [but is now maintained by a commercial company] VNC app that allows SSH connections. AFAIK, OS X's native VNC [a.k.a Screen Sharing] doesn't allow SSH connections.
Vine Server also allows lower color depth than OS X's native VNC which only allows 24bit color.


Also, a couple of tips for configuring Vine Server:
Trying to log into my Mac, my password kept getting refused. It turned out that Shift [and Caps] wasn't working. In Vine Server go to:
Preferences/Device set the Keyboard Layout to Unicode Hex Input.

I was also getting intermittent RFB errors. So I went to
Permissions/Advanced and set RFB Protocol to 3.7 and so far I haven't had the RFV error.

Thanks again for this blog. God bless :-)

9:20 AM  
Anonymous Anonymous said...

YESSSSS!

3:31 PM  
Anonymous Anonymous said...

Thanks for this. However, DarwinIcesurfer's is key to making it work correctly through a NAT router.

4:52 AM  
Anonymous developej said...

had to type 127.0.0.1:5901 in connectbot port forward too. 192.168.*.*** wouldn't work.

thanks for the guide though

2:56 PM  
Anonymous clipping path said...

Pretty nice post. I just stumbled upon your blog and wished to say that I have really enjoyed your blog posts.In any case I’ll be subscribing to your feed and I hope you write again soon!…clipping path

2:24 PM  
Anonymous Mark said...

After a few hours' trying to resolve an undocumented bug/'feature', it seems worth putting in a comment in case someone else has similar difficulty:

avoid use of the -localhost flag in the linux vncserver command, as for some reason it blocks even the ssh tunnel/forwarded port from accessing the vnc server

as long as the firewall for the machine that's running the server, is itself blocking vnc / vnc ports, then the ssh tunnel should be the only effective way in

8:14 AM  
Anonymous Clipping Path Service said...

Really this site is very good site and the post include a lot of resource.thanks for share with us.good bye.

11:57 AM  
Anonymous Clipping path service India said...

Thanks for the post and sharing the blog. Valuable and excellent post, as share good stuff with good ideas and concepts.
lots of great information and inspiration. I just would like to say thanks for your great efforts.
I appreciate your excellent post.

1:12 AM  
Anonymous Clipping path Creative said...

unbelievable post, really i appreciate it. Thanks a lot for your nice sharing.
Clipping Path / Clipping Path service / new movies / civil engineering /
WordPress Specialist

9:08 AM  
Anonymous Darlene W. French said...

Amazing post you have published with us . So much thanks for shared .

12:16 AM  

Post a Comment

<< Home