This page describes how to set up PuTTY ssh for tunneling VNC and Windows share connections. This allows you to export your Linux box's desktop to any Windows computer.

VNC: Export your Linux desktop to your home Windows box.

1. Set the Linux server machine's firewall to accept VNC connections (port 5901) ONLY from localhost, NOT from any other machine. While you're at it, block ALL access to port 5801 (VNC http access).

2. On the windows machine, start up PuTTY ssh. Go to SSH/Tunnels. In 'Source port' type 5901. In 'destination' type 'localhost:5901'. You should see the display "L5901 localhost:5901" which means that local port 5901 ("L"5901) gets forwarded to localhost on the ssh server, port 5901.

3. Set a VNC server password: run command vncpasswd on the Linux box.

4. Start the VNC server on the Linux box. For example, I do "tightvncserver :1 -geometry 1920x1080 -localhost", which starts the server on screen 1 at a resolution of 1920x1808. ALWAYS SPECIFY THE -localhost FLAG!!!! It is for security, so that ONLY ssh tunneled connections are enabled.

5. On the Windows machine, FIRST connect to the Linux box via ssh. THEN start up the vnc viewer, and indicate that the machine is "localhost". It should connect and ask you for your VNC password. I use the RealVNC windows client (realvnc.com).

When starting X windows applications, remember that your screen is :1, not :0 (the usual default).

I put a file named "startup" in my home directory that has some useful commands to start up an icewm session:


#!/bin/sh

#xsetroot -solid mediumseagreen
xsetroot -solid rgb:19/c2/ab

xmodmap $HOME/.xmodmaprc

#font='-misc-fixed-medium-r-normal-*-16-*-*-*-*-*-*-*'
font='-*-lucidatypewriter-medium-r-*-*-12-*-*-*-*-*-*-*'

fg=black
#bg=white
bg=rgb:ff/f9/e8

#fg=black
#bg=white

cursorcol=red

args="-cr $cursorcol -fn $font -sb -sl 2000 -fg $fg -bg $bg +bdc -selbg yellow -selfg blue +ulc"

xterm $args -geom 125x33+0+0    &
xterm $args -geom 142x33+900+0   &
xterm $args -geom 125x44+0+452  &
xterm $args -geom 142x44+900+452 &

Windows shares: See your work Linux disks on your Windows 7 box at home.

This relies on Samba being run on the ssh server, so set up Samba on the Linux box first. Then, follow the same procedure as above for VNC, but forwarding the following ports:
137, 138, 139, 445.

Make sure the Linux box firewall allows Samba ports (listed above) to be accessed from localhost (and only the localhost!).

Once that is all done, the list of "Forwarded ports:" on the PuTTY ssh machine should look like this:
L5901 localhost:5901
L137 localhost:137
L138 localhost:138
L139 localhost:139
L445 localhost:445

Now a problem is that Windows 7 (and earlier versions) will not let you bind to port 445. You can diagnose this problem by starting up putty ssh at this point, left click on the 2 computers icon in the upper left corner of putty's window, and select "Event Log". Scroll down and you might well see an entry to the effect that "Local port 445 forwarding to localhost:445 failed: Network error: Permission denied".

To fix this, you can permanently turn off MS networking for files and printers on the Windows 7 box. (There might be other ways to fix this problem, but I haven't tried them.) To do this: Click on the Start button, and enter "Services" in the search box, and press return. The "Component Services" window should open up. Then, double click on "Services (local)". Scroll down and select "Server". Right click and select "Properties". Under the drop down menu for "Startup type:" select "Disabled". Click "OK", etc. Reboot the windows box.

You should be able to bind to port 445 now. Start up putty and check the Event Log to make sure port 445 is being forwarded.

Next, on the Windows machine you are running PuTTY on, go to "My Computer", then menu item "Tools", then "Map Network Drive...". Type in, for example, "\\localhost\pierce". It should ask you for your Samba username and password. I use my standard unix box login name and password, and it should bring up the remote directory. Voila!


Last updated: 2013-02-25