Remote Connections from MacBook Client to RHEL8 Host via VNC tunneled over SSH

Setting up remote connection from MacBook to RHEL8 desktop via VNC tunneled over SSH. When the switchover to policy based networking happens, the only inbound access allowed to any computer outside a data center will be RDP and SSH via gateways that will be set up by DIT. We encourage you to connect via SSH, but if you need to use VNC, it must be tunneled over SSH, or it won't work after the move to policy based networking. If you'd like to proceed with VNC tunnelled over SSH, here are instructions you can follow to get this setup.

Configuration

Host and client need to be configured before connecting.

Step 1: On RHEL Desktops (Server/Host)

Step 1: SSH server must be installed and running:

To check: systemctl status sshd
To Install:
sudo dnf install -y openssh-server to install openssh server
sudo systemctl enable --now sshd to enable ssh
sudo firewalld-cmd --permanent --add-service=ssh to allow SSH traffic
sudo firewall-cmd --reload to apply changes
sudo systemctl status sshd to check ssh status

Step 2: Install VNC Server:
sudo dnf install -y tigervnc-server to install

Step 3: Set VNC Password:
vncpasswd
Set to a secure password that meets UMD's password requirements

Step 4: Start VNC Server for initial setup:
vncserver
Should start a session on :1 which maps to port 5901

Step 5: Stop server to start configuring
vncserver -kill :1

Step 6: Create/edit file ~/.vnc/xstartup
gedit ~/.vnc/xstartup
Ensure it includes:
[ -x /etc/X11/xinit/Xsession ] && exec /etc/X11/xinit/Xsession
exec gnome-session
chmod +x ~/.vnc/xstartup

Step 2: On Macbook (Client):

Step 1: Create SSH Tunnel:
ssh -L 5901:localhost:5901 username@desktop_hostname ex: [labadmin or ncdcheks, ENEELDREN033278.eng.umd.edu]
This forwads the MacBooks local port 5901 to the remote machine's VNC port 5901
Leave this terminal window open to keep the tunnel active

Step 2: From MacBook, Connect with to the desktop with a VNC viewer


Option 1: Built-in Screen Sharing
In finder, press cmd + K or click go, then connect to server
Enter: vnc://localhost:5901
Enter the vnc password when prompted

or

Option 2: Other VNC viewers
If you want to use a different VNC viewer (like TigerVNC or RealVNC), you'll have to install them
After installing, open the viewer and connect to localhost:5901

 

Connecting

Each time you want to connect via VNC:

Step 1: On RHEL Desktop

Step 1: Start VNC server on the desktop/host
vncserver
You can ssh into the desktop to run this command if connecting remotely: ssh username@desktop_hostname https://ask.eng.umd.edu/132048 https://ask.eng.umd.edu/131322 

Step 2: On Macbook (Client)

Step 1: Open SSH Tunnel
ssh -L 5901:localhost:5901 username@desktop_hostname [labadmin or ncdcheks, ENEELDREN033278.eng.umd.edu ]
Leave this terminal window open to keep the tunnel active
Step 2: Connect to the desktop using option 1 or option 2 (built-in screen sharing or VNC Viewer) to connect to localhost:5901


Keywords:
rhel8 vnc tigervnc ssh 
Doc ID:
153578
Owned by:
Ojie O. in Engineering IT
Created:
2025-07-17
Updated:
2025-08-25
Sites:
University of Maryland Engineering IT