VNC over SSH Bastion host

You may ask why and the answer is just sometimes you have to do stupid things.

bastion == jump host

Setup a tunnel

$ ssh -f -N -p 22 -L 55901:10.35.5.6:5901 -i customer-priv-key opc@<bastion public IP>

Run vnc server

$ vncserver 
New 'ociserver:1 (opc)' desktop is ociserver:1
Starting applications specified in /home/opc/.vnc/xstartup
Log file is /home/opc/.vnc/ociserver:1.log

Note above vncserver also has a custom startup to bypass the systemwide xinit whihc was spawning gnome desktop.

$ pwd
/home/opc/.vnc

$ more xstartup 
#!/bin/sh
# unset SESSION_MANAGER
# unset DBUS_SESSION_BUS_ADDRESS
#exec /etc/X11/xinit/xinitrc
#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

Connect

$ vncviewer localhost:55901
TigerVNC Viewer 64-bit v1.7.0
Tue Feb 20 13:14:43 2018
 DecodeManager: Detected 1 CPU core(s)
 DecodeManager: Decoding data on main thread
 CConn:       connected to host localhost port 55901
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: Choosing security type VeNCrypt(19)

Tue Feb 20 13:14:44 2018
 CVeNCrypt:   Choosing security type TLSVnc (258)

Tue Feb 20 13:14:51 2018
 X11PixelBuffer: Using default colormap and visual, TrueColor, depth 24.
 CConn:       Using pixel format depth 24 (32bpp) little-endian rgb888
 CConn:       Using Tight encoding
 CConn:       Enabling continuous updates