TightVNC Client, SSH, TightVNC Server

I have to make some notes on this before I forget. This post attempts to be that note.

Perhaps you have a Virtual Private Server (VPS) or just a server out there somewhere in the ether. You want to share or view a remote desktop, but you want a secure tunnel for those bits to travel down. In this scenario your server is a linux (some variant, lets not start a religious war about it) and you installed tightvncserver. In addition you have SSH running. On your client, lets say windows, you have putty and tightvncserver.

For those with OCD here is a recap:

Server:
1. TightVNCServer.
2. SSH

Client:
3. Putty
4. TightVNC Viewer.

The only note I will make about tightvncserver is that you should have it only listen on loopback (127.0.0.1) since this typically is not a service you want exposed. We use '-nolisten tcp' to ensure we do not allow external tcp connections outside of our SSH tunnel.

In /etc/init.d/tightvncserver you would have a start line such as:

su $USER -c '/usr/bin/tightvncserver -nolisten tcp -localhost :1'

On the client follow the instructions at: http://www.penguintutor.com/linux/tightvnc

In a nutshell, you: 

1. In Putty create a session  with a hostname (or IP) and port of the SSH service running on your remote linux box.
2. Select Connection->SSH->Tunnels and enter source port 5901 and destination of localhost:5901
3. Back to session selection in the left pane and type a name for saved sessions and click save.
4. Then Click open for the session and a SSH window to your target should open where you can login.
5. Once logged in there is now a tunnel in place.
6. Run TightVNCViewer and connect to 'localhost:1'