Tunneling-Tightvnc-via-PuTTY-to-x11vnc-on-Pi 1. FIRST LOG INTO Pi: Start PuTTY, select newssh for the connection type, and put in the destination IP (Pi's local IP on the home network) address and the SSH port for the Pi. The default SSH port is 22. 2. CHANGE THE DEFAULT SSH PORT: To change the SSH port from 22 to, for example, newssh: a. sudo nano /etc/ssh/sshd_config NOTE: Make sure it's sshd_config, NOT ssh_config Replace Port 22 with Port newssh Save the file and exit b. Restart the SSH service to make it take effect with the command: sudo service ssh restart 3. TEST THAT THE SSH Port CHANGE WORKED: a. Exit PuTTY b. Repeat Step 1 using Port newssh instead of Port 22 c. If it doesn't connect, go back to using Port 22, repeat Steps 1, 2 and 3 carefully again. d. If it connect using newssh, Exit PuTTY 4. NOW SETUP AN SSH TUNNEL: NOTE: TUNNELING should be done only AFTER you have done the "ReallyHeadlessPiSetup" successfully. a. Start PuTTY again using Port newssh but don't open the connection yet. b. Click on Connection, then SSH, then Tunnels c. Make sure the "Local" and "Auto" buttons are selected d. Under Source put, for example, newsource. NOTE: Port newsource will be used by the tightvnc client on the source end of the tunnel which is the PC that's running PuTTY. e. Under Destination put localhost:5900. NOTE: This is the loopback connection 127.0.0.1:5900 where 5900 refers to the X11 display :0, 5901 would be display :1 etc. f. Now after doing all that work, go back to the Session menu in PuTTY, put "tunnel" in the "Saved Sessions" box, and click "Save" so you can "Load" it later and not have to repeat all that effort! 5. VERIFY TIGHTVNC CLIENT SETUP IS WORKING Connect tightvnc to x11vnc by setting VNC's "Remote Host" to the Pi's "Local IP":5900. This goes outside the tunnel directly to x11vnc. This connects to the Pi's X11 Desktop independently from PuTTY. If this doesn't work, go through the "RealHeadlessPiSetup" again and get that working. You should still "load" the "tunnel" connection to connect to Pi using PuTTY since you have a new SSH port. 6. CONNECT TIGHTVNC CLIENT THROUGH THE TUNNEL Setup the tunnel by "load"ing the "tunnel" connection in PuTTY and connecting to Pi. Set VNC's "Remote Host" as localhost:newsource (127.0.0.1:newsource) and connect via x11vnc to Pi's X11 Desktop. Congratulations! You're now done! NOTES: This can all be done and tested on your local home network. If you later want to use it over the internet you must first set up your home router to forward your newssh port, using port knocking to enable the forwarding port only temporarily. Notice that only port newssh is forwarded, not 22 (which you changed to newssh) or newsource (which goes through the tunnel) or 5900 (which comes out at the Pi's end of the tunnel). When you log into Pi with PuTTY, use your home's external "real IP":newssh for PuTTY's "Host Name" and "Port". Also it's essential to at least use a different hard to guess username instead of well-known standard "Pi", and a strong password instead of "Raspberry". Remember when you've finished using the tunnel you should take it down by closing the PuTTY connection. This external access to your Pi will be the subject of another topic.