Connecting to a VNC session in a secure manner is a non-trivial process, requiring the use of multiple programs and protocols simultaneously.  This is in part due to the minimal security provided by VNC itself, and thus the need to "wrap" VNC in a more secure protocol: SSH.  VNC has distinct advantages over traditional X11 forwarding:

  • Lightweight: VNC uses the remote CPUs and GPU for display rendering (X11 forwarding uses the client's hardware)
  • Latency Tolerance: Since draw routines and "output" happen remotely, client latency has no effect on drawing (just how long it takes to get the resulting output to you)
  • Persistent: The VNC session persists even if you lose connection (X11 forwarded codes die when the X11 server, which is actually your client, disconnects).

Requirements

  • A Compatible VNC Client: TurboVNC or TigerVNC, are tested and HIGHLY recommended.  RealVNC and the built-in clients lack necessary protocol and/or encryption support.

The instructions below utilize the recommended VNC client (TigerVNC v1.9.0).


Task 1 - Start a VNC Session on Memex


  1. Open the Terminal and SSH to memex.carnegiescience.edu with the following command, replacing "username" with your own username:



  2. Log in with your Carnegie credentials (password + DUO).

  3. Create a new VNC session with the command, "export TVNC_WM=mate-session;vncserver":    

     


    Take note of the "display" number (the number after the colon).  We'll use this number in the next task (":3" in this example).


  4. You can exit out of this terminal if you wish.  The VNC server that was started will persist until you shut it down or Memex is rebooted.


Task 2 - Create an SSH Tunnel (if necessary)

 

  1. Follow our instructions on SSH tunneling, using the following information

    • "Target" Server: localhost
    • "Target Port": 5900 + the "display" number noted above.  If you can't remember your display number, you can look it up on Memex with the following command: vncserver -list
    • "SSH Gateway": memex.carnegiescience.edu

  2. Take note of the "high port" you use when creating the tunnel to Memex

Step 3 - Connect to Your VNC Session


  1. Open the TurboVNC Viewer app
    If this is the first time you've opened the app, click on "Options"
    Otherwise, skip to step 3



  2. Set the encoding to "Tight + Medium".  This setting proved to be the best ballance in quality vs bandwidth vs load in our testing.
    Once set, you can save this as the default under the Global tab.


  3. Connect via SSH Tunneling from Task 2: localhost:##### (where ###### is the local "high" port for the SSH tunnel established in task 2)



  4. Login with your Carnegie credentials


  5. You are now connected to Memex's mate-desktop manager:

Step 4 - Close Your VNC Session

  • If you would like to close your remote desktop, you can issue the command: vncserver -kill :#
    where # is the display number of your remote desktop session.  If you can't remember it, you can find it with the command: vncserver -list