Remote Desktop Access With VNC And SSH Tunnels

Reading time ~2 minutes

Remote Desktop Access With VNC And SSH Tunnels

Remote Desktop Access With VNC And SSH Tunnels

In this article we will discuss about how to access a RaspberryPi desktop remotely with VNC. We will use a VPS with Docker Scripts and sshtunnels as an intermediary between the server and the client, in order to enable a secure communication between them.

1 Enable desktop sharing on RaspberryPi

This article explains in details how to install and start a VNC server on RaspberryPi:

  1. Make sure that realvnc-vnc-server is installed:
    sudo apt update
    sudo apt install realvnc-vnc-server
  2. Enable the VNC server:
    • Run sudo raspi-config
    • Navigate to Interfacing Options.
    • Scroll down and select VNC > Yes

2 Install sshtunnels in an intermediary VPS

The installation steps are listed here:

  1. Install docker:
    curl -fsSL -o
  2. Install docker-scripts:
    apt install m4 git
    git clone /opt/docker-scripts/ds
    cd /opt/docker-scripts/ds/
    make install
  3. Install sshtunnels:
    ds pull sshtunnels
    ds init sshtunnels @sshtunnels
    cd /var/ds/sshtunnels/
    ds make

3 Create and use a tunnel

  1. On the VPS server create a tunnel for the port 5900 on our RaspberryPi:
    cd /var/ds/sshtunnels/
    ds tunnel-add my-rpi 5900

    This command will create the directory tunnels/my-rpi.5900/.

  2. Copy to the RaspberryPi the script tunnels/my-rpi.5900/, and run it like this:
    chmod 700

    This will open a ssh tunnel for port 5900, from the RaspberryPi to the VPS. It will also create the cron job /etc/cron.d/share-port-5900, to check and make sure periodically (each minute) that this tunnel is open.

  3. Copy on a client computer the script tunnels/my-rpi.5900/ and run it like this:
    chmod 700
    ./ 5900

    This will open a tunnel for the port 5900 from our client computer to the VPS. The intermediary VPS will connect both tunnels (from RPi and from the client), and the result will be that if we open localhost:5900 on a VNC viewer on the client, we will actually be accessing the port 5900 on the RaspberryPi.

  4. If we now run the command ./ 5901 on the client, then instead of using localhost:5900 (on a VNC viewer), we should use localhost:5901 (and again it will access the port 5900 on RaspberryPi).

4 Close and destroy a tunnel

  • On RaspberryPi run:
    ./ stop

    This will close the tunnel and also delete the cron job /etc/cron.d/share-port-5900.

  • On the client run:
    ./ stop
  • On the VPS server run:
    cd /var/ds/sshtunnels/
    ds tunnel-del my-rpi 5900

    This will delete the directory tunnels/my-rpi.5900/.

Date: 2019-08-24

Author: Dashamir Hoxha

Created: 2019-08-26 Mon 12:19

Emacs 25.2.2 (Org mode 8.2.10)


Deduplicating Data With XFS And Reflinks

Deduplicating Data With XFS And ReflinksDeduplicating Data With XFS And ReflinksTable of Contents1. Create a virtual block device2. Creat...… Continue reading

Installing NextCloud With Docker Scripts

Published on August 18, 2019

Linux Desktop In a Container

Published on April 17, 2019