Riaan's SysAdmin Blog

My tips, howtos, gotchas, snippets and stuff. Use at your own risk!


VNC over SSH Bastion host

You may ask why and the answer is just sometimes you have to do stupid things.

bastion == jump host

Setup a tunnel

$ ssh -f -N -p 22 -L 55901: -i customer-priv-key opc@<bastion public IP>

Run vnc server

$ vncserver 
New 'ociserver:1 (opc)' desktop is ociserver:1
Starting applications specified in /home/opc/.vnc/xstartup
Log file is /home/opc/.vnc/ociserver:1.log

Note above vncserver also has a custom startup to bypass the systemwide xinit whihc was spawning gnome desktop.

$ pwd

$ more xstartup 
#exec /etc/X11/xinit/xinitrc
xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &


$ vncviewer localhost:55901
TigerVNC Viewer 64-bit v1.7.0
Tue Feb 20 13:14:43 2018
 DecodeManager: Detected 1 CPU core(s)
 DecodeManager: Decoding data on main thread
 CConn:       connected to host localhost port 55901
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: Choosing security type VeNCrypt(19)

Tue Feb 20 13:14:44 2018
 CVeNCrypt:   Choosing security type TLSVnc (258)

Tue Feb 20 13:14:51 2018
 X11PixelBuffer: Using default colormap and visual, TrueColor, depth 24.
 CConn:       Using pixel format depth 24 (32bpp) little-endian rgb888
 CConn:       Using Tight encoding
 CConn:       Enabling continuous updates


Bio Info for Riaan