SSH VNC tunnel setup problems

I'm trying to follow this guide in order to setup an SSH tunnel for VNC onto an ubuntu desktop from a Windows desktop.

I can connect via SSH but the moment I start the VNC connection to localhost::5902 I immediately get the following message:

"Connection has been gracefully closed".

Any ideas what could be causing this? Is it a bad setting on the Ubuntu computer I'm trying to VNC into? Did I configure PuTTY or TightVNC wrong? Is it because I changed the default SSH port number? Is there something I need to do on my router other than port forward the ssh connection appropriately (which I already did)? Is there an alternate method you would suggest?

Ubuntu 16.04 LTS & Windows 10, both 64 bit.
LVL 13
Brandon LyonSenior Frontend DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

can you show us the exact ssh command that you typed and tell us how you started vnc on your target ubuntu machine. (to see on which port it is listening locally)

I suspect as you hint already a port number mismatch somewhere in your setup.
Brandon LyonSenior Frontend DeveloperAuthor Commented:
The remote port used instead of 22 is 5999.
The rest was done following the steps in the guide I linked.
The local ssh session was started with
ssh -p 5999 [redacted server ip]
The command run locally once I was SSH in was
"x11vnc -safer -localhost -nopw -once -display :0"
Then I started PuTTy and followed the instructions in the guide I linked.
Please correct me if this is NOT what you want to do:

you want to start a vnc service on the remote host, that will listen only on localhost for a one shot vnc connection ond you want it to be connect to display :0

You can do this on the remote machine with the command
x11vnc -safer -localhost -nopw -once -display :0

Open in new window

you want to run a vnclient on your local machine and port 5902 on your localhost is not used.

therefore you start an ssh command that performs local port forwarding to your remote host. after this connection is istablished localhost 5902 shall be redirected to 5900 on your local machine

the openssh command for this is

ssh -p remote_ssh_port -L local_listening_port:localhost:remote_listening_port

Open in new window

in your case the command should be

ssh -p 5999 -L 5902:localhost:5900 [redacted server ip]

Open in new window

probably you want to type the ssh command and after connecting you will type in this connection
x11vnc -safer -localhost -nopw -once -display :0

Open in new window

now you can start your vncclient on your local machine and connect to localhost:2 (as you chose port 5902)

If it's still not working we can do some step by step debugging.
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

Brandon LyonSenior Frontend DeveloperAuthor Commented:
Your description sounds correct, but I am not sure how I would enter a raw ssh command from a Windows machine, such as
ssh -p 5999 -L 5902:localhost:5900 [redacted server ip]

Open in new window

The guide I linked describes using PuTTY for that purpose but as far as I can tell I cannot enter raw terminal commands until a connection is made.
if putty is in your search path or if you know the location of putty.exe

you can try

putty -ssh -P 5999 -L 5902:localhost:5900 [redacted server ip]

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brandon LyonSenior Frontend DeveloperAuthor Commented:
Thanks I didn't think to try launching from a command prompt.

I tried that command and got an "Error in TightVNC Viewer: No security types supported. Server sent security types, but we do not support any of them."
For portforwarding without command line you might try in the putty GUI (I don't have windows so I can't try)

Putty -> Configuration -> SSH -> Tunnels:

Destination: local
source port 5902
destination: localhost:5900
Brandon LyonSenior Frontend DeveloperAuthor Commented:
I tried the configuration you just recommended and it says "specified forwarding already exists"
Brandon LyonSenior Frontend DeveloperAuthor Commented:
I tried a different VNC client (VNC Viewer) and upon connecting to localhost::5902 I got an error message of "the connection closed unexpectedly"
sorry our messages crossed.

probably you had still the other port forwarding from command line open.

I think the port forwarding is now working.

The issue that you have now is, that your x11vnc does not provide any authentication method, that is known by tour tightvnc client.

I don't have a windows PC to try, but you can try following:

start an x11vnc saession with a password:

using the commands:

x11vnc -storepasswd

x11vnc -safer -localhost -usepw -once -display :0
Brandon LyonSenior Frontend DeveloperAuthor Commented:
Thanks. I just tried the usepw switch you recommended after storepasswd. I get the original error message of "connection gracefully closed" or "connection closed unexpectedly" depending on which viewer I use.
I guess, that when trying to do port forwarding once from command line and once from the GUI lost the forwarding.

I suggest to
: close all putty windows (or if you want to be even safer. restart your local PC)

- then use the putty command with port forwarding
- start the x11vnc command ( "x11vnc -safer -localhost -nopw -once -display :0" )
   you should get the error about "No security types supported. "

then you try the same with the other x11vnc command ( x11vnc -safer -localhost -usepw -once -display :0  )

please note:

you cannot have putty windows with identical port forwarding, the second putty will fail and not forward.
Brandon LyonSenior Frontend DeveloperAuthor Commented:
Aha! After a bit more searching the internet for those error messages I at least partially figured it out with your help.

Vino (The built in Ubuntu VNC server service) has require-encryption set to true. If I use the following command on the remote computer:

gsettings set org.gnome.Vino require-encryption 'false'

Open in new window

In combination with your suggestion of starting putty via the command line

putty -ssh -P 5999 -L 5902:localhost:5900 [redacted server ip]

Open in new window

I was able to get it to work.

I think I'm alright with the require-encryption settings for now since it's behind various firewalls and requires SSH connection, still requires login to use, and isn't on by default.

Thanks for the help!

Enjoy and have fun.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.