Using the VNC viewer to access your workstation securely

Using the VNC viewer to access your workstation securely

Note: The following instructions assume the VNC server is running on the target workstation, and that an ssh server is running on the target, or on a gateway that provides access to the target.

First you must establish secure port forwarding to your VNC server. In an MS-DOS window, change to the directory where you extracted the client software and execute the following commands:

set HOME=.
ssh -C -L 59xx:NNN.NNN.NNN.NNN:59xx -l USERNAME HOST

NNN.NNN.NNN.NNN is the IP address of your workstation.
59xx is the port to forward. Typically, if only one VNC server is running, this will be 5900, (meaning Display 0). Display 1 would be 5901 and so on.
USERNAME is your username on the secure gateway machine.
HOST is the name or IP address of the gateway.
-C enables Compression for the ssh session.

After supplying your password, minimize the MS-DOS window. Run vncviewer.exe. At the Display prompt, enter 127.0.0.1:0 This connects to display 0, (port 5900), on the local machine, which is forwarded securely by the ssh session to the VNC server on the workstation. To access other Displays on the same server, replace :0 with :1 etc. Once connected you will be prompted for the VNC server password.

IMPORTANT NOTE: When finished be sure to exit the ssh session. Otherwise you are leaving a secure connection open through the firewall.

Tips:

Set the workstation display to 16 million colors. (Not True Color.)
Use a single color background, and a blank screen saver.
Do not clutter your desktop with icons. Use the Office Quick Launch bar.
Disable animated GIFs in your browser. (For example, in IE, go to Tools -> Internet Options -> Advanced, and deselect "Play Animations" in the Multimedia options.)
On the viewer, select "Restrict pixels to 8 bits" in the "Connection Options" menu item, (click on the VNC icon on the left of the title bar). This reduces the viewer's color depth to 256 colors.
You can send Ctrl-Alt-Del from the VNC menu.
Once logged on, you can select Full Screen to view the full desktop.
On the server select "Poll Full Screen" in the VNC server Properties. (This can be slower, but polling active windows only is confusing.)