= VNC sessions tunneled over SSH = VNC is a very nice program for running remote graphical sessions on sand.truman.edu, but it relies on one basic assumption: you must trust your network. On the Truman campus, we can generally trust the security of our network, but we have little control over connections that originate outside of Truman. For this reason, sand.truman.edu will reject VNC sessions that originate from outside the Truman network. It is still possible to use VNC from off-campus. The way we do this is to "tunnel" the VNC network connection inside of some other secure connection. The SSH program Putty has the ability to carry insecure network connections within its encrypted secure data stream. To get started, download both Putty and RealVNC and install them. To start a graphical session, begin first with Putty. We need to configure Putty to open an encrypted tunnel between your machine and ice. If you search through various configuration options, you will find a menu for doing exactly this. Set it to forward your local port 5900 to `sand.truman.edu:5900`. To understand what this does, it helps to know that the services we use on the internet all have standard "port numbers" assigned to them. When you access a web page on someone's server, your computer is actually accessing data on port number 80. Secure web sites talk on port 443. When you send mail, your computer talks to port 25. All network programs talk on numbered ports like this, and the standard VNC port numbers are 5900, 5901, 5902, and so on. We're just going to use the first one. Once you have the tunnel configured, connect to sand.truman.edu (on the connection page, make sure that SSH is selected--it is probably the default). Login with your username and password. Once you are on, you may type commands if you like, but what is important is that the tunnel is connected at the same time. So you are ready to begin a graphical session. You may minimize the Putty window if you like, but don't close it. Start the RealVNC client. When it prompts for the display to connect to, use `localhost:0`. The name `localhost` is a standard name that (always) means your own computer, and :0 means the first display (counting from 0), and this corresponds to the port 5900 described above. Putty will forward this connection over its secure link to ice's port 5900. You should get an 800x600 graphical login screen. Login (again) here and you have a secure graphical session going. After you finish with your graphical session, remember to also close your SSH session. Then you are finished. Note: If you wish to work with a larger screen, change the port on ice that you forward to. If you forward to `sand.truman.edu:5901` you get a 1024x768 window. You may also use port 5902 for a 1280x1024 window.