How to setup a graphical host/client connection with a Raspberry Pi and Windows PC
By Ron, Feb 4, 2022
Introduction
The Raspberry Pi is often used on a computer project at a remote location. Physical access to the remote location is normally required to make any software changes or run commands on the Raspberry Pi. If physical access is not possible, an alternative is to gain remote control of the Raspberry Pi over the internet using special software and a secondary computer.
This article describes how to setup a secure encrypted remote-control connection over the internet between a Raspberry Pi (host) and a Windows PC (client) using software based on the Virtual Network Computing (VNC) and Secure Shell (SSH) protocols. Three popular programs will be used; OpenSSH, PuTTY, and RealVNC.
Despite a physical separation, for example, of a hundred kilometers between the Raspberry Pi and the Windows PC, a VNC and SSH connection enables the user to interact with the Raspberry Pi as if the user is sitting directly in front of the Pi.
An SSH connection by its self is a secure keyboard text-based command line interface. A VNC connection is a graphical desktop-sharing system that enables a windows and mouse clicking interface in addition to the keyboard. Combining software based on both protocols (SSH + VNC) provides a secure encrypted Graphical User Interface (GUI) for convenient remote control of the Raspberry Pi.
OpenSSH, PuTTY and RealVNC
OpenSSH was released in 1999, and has become the standard tool for remote management of UNIX-like systems, including the Raspberry Pi. OpenSSH is based on the SSH protocol that encrypts computer communications and was developed in 1995 by Tatu Ylonen http://www.OpenSSH.com .
OpenSSH uses a host server called sshd on the Raspberry Pi and it listens for incoming connections on the network. A client computer makes a request for access to the host. After authentication, the client can have remote control of the host.
PuTTY is a terminal emulator and SSH client that runs on a Windows PC. Together, OpenSSH and PuTTY provide encrypted text-based communications over the internet. https://en.wikipedia.org/wiki/PuTTY .
RealVNC is one of many VNC server/client platforms available for the Raspberry Pi that provide a graphical interface. Running the VNC connection through an SSH tunnel provides an extra layer of security with strong encryption. Authentication is required to create the SSH tunnel and again for creating the VNC connection within the tunnel. https://en.wikipedia.org/wiki/Virtual_Network_Computing .
Port Forwarding can enable communications between computers
Modem/routers are devices used to connect a private local-area network to the internet.
Port Forwarding is done on the modem/router to redirect communications through the firewall of a private local-area network. This redirection of traffic allows remote computers, located outside the network, to connect to a specific computer within the private local-area network.
The Internet Assigned Numbers Authority assigned ports 22 and 5800 to the SSH and VNC protocol, respectively. Additional ports can also be used.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Steps to setup the host and client computers
The following explains how to set up two Raspberry Pi hosts and one Windows PC client. The Windows PC will be capable of remote control of each Pi independently. The Raspberry Pi’s are located on the same private network behind a firewall controlled by the modem/router. The Windows PC is located on a separate private network. Communication between the hosts and client is over the internet.
If required, the steps could be expanded to enable the client to connect to more than two Raspberry Pi’s.
The major steps for setup are as follows:
- Set Port Forwarding on the modem/router on the local network for the Raspberry Pi
- Enable VNC and SSH on the Raspberry Pi with the Configuration Tool
- Edit the Raspberry Pi SSH port settings in the sshd_config file
- Edit the Raspberry Pi boot config file to set the screen resolution for the GUI Windows PC
- Configure PuTTY sessions for remote Raspberry Pi login. An SSH tunnel will be used for the VNC GUI connection
- Configure a VNC session for logging into the Raspberry Pi
After the setup is complete, it is a simple process to gain remote control of a Raspberry Pi with a Windows PC:
- Start PuTTY on the Windows PC. Then (1) Load, and (2) Open, the saved login session to the Raspberry Pi.
- Manually login to the Raspberry Pi.
- Start VNC GUI Viewer on the Windows PC. Then launch a LocalHost:5901 connection to the Raspberry Pi. The first time login requires authentication with a Username and Password. Subsequent logins can be manual or automated.
Step 1 – Set up Port Forwarding on Modem/Router
Login to the modem/router on the local network for the Raspberry Pi’s and select the Port Forwarding option which is commonly found in firewall settings.
Set the port numbers for the corresponding IP addresses for each Raspberry Pi. For example, set one Pi for port 22 and the other for port XXX.
Step 2 – Enable VNC and SSH servers on the Raspberry Pi
By default, the SSH server is enabled and the VNC server is disabled. Both can be enabled/disabled with the Raspberry Pi Configuration Tool. Start the Configuration Tool from a Pi terminal session with this command and make the appropriate selections.
$ sudo raspi-config
Select “Item 3 Interface Options” on the menu.
Select Option P2/P3 on the second menu to enable/disable SSH and VNC respectively
Reboot the Raspberry Pi for the changes to take effect.
$ sudo reboot
Once the SSH and VNC servers are enabled they will automatically start each time the Raspberry Pi boots up.
Step 3 – Edit SSH port settings on the Raspberry Pi
If two Raspberry Pi’s are being setup for remote access on the same private network, one should use port 22, which is the default for SSH, and the other Pi must use a different port such as XXX.
There is no need to edit the configuration file for the Raspberry Pi using port 22 since it is default.
Edit the SSH server configuration file for the Raspberry Pi using port XXX as follows. Port 22 will appear in the configuration file as “#Port 22” and this is a placeholder only. Either remove the “#” and replace “22” with “XXX” or add a separate line below such as “Port XXX”.
$ sudo nano etc/ssh/sshd_config
#Port 22
Port XXX
Save the edits to the config file before closing the editor. Reboot the Raspberry Pi for the changes to take effect.
$ sudo reboot
The status of the SSH server can be checked with this command to confirm what port it is listening to.
$ systemctl status sshd
Step 4 – Edit the Pi boot config file to set the GUI screen resolution for the Windows PC
This is required to ensure the Raspberry Pi’s virtual display resolution is compatible with Windows PC client’s screen. For example, if the Windows PC is using a 1920×1200 resolution monitor, edit the Raspberry Pi’s boot config file as follows:
$ sudo nano /boot/config.txt
# VNC virtual desktop resolution
framebuffer_width=1920
framebuffer_height=1200
Reboot the Raspberry Pi for the changes to take effect.
$ sudo reboot
Step 5 – Configure PuTTY for a remote Raspberry Pi Login
A separate PuTTY login session needs to be created for each of the two Raspberry Pi’s (host). The session configuration includes the setup of an SSH encrypted tunnel for the VNC GUI connection. The configuration is done with PuTTY running on a Windows PC. The setup is done with two separate category menus.
‘Session’ category: Sets the basic options.
‘Connection – SSH – Tunnels’ category: Sets the SSH encrypted tunnel port forwarding options.
Session Configuration:
• Place the cursor in the ‘Saved Sessions’ box and enter a name for the session (i.e. Sample Session – Pi 1).
• Enter the modem/router IP address for the local network for the Raspberry Pi (i.e. 133.7.2.167).
• Enter the modem/router port number that is forwarded for the Raspberry Pi. (i.e. 22 or XXX)
Connection – SSH – Tunnels Configuration:
• In the tree menu on the left side, click on the ‘SSH’ label (under Connection) to expand the tree.
• Click on the ‘Tunnels’ branch to display the menu for ‘Options controlling SSH port forwarding’.
• In the Destination box, enter the IP address of the Raspberry Pi ( i.e. 182.175.1.71 ). See below on how to identify the IP address of the Raspberry Pi.
• In the Source Port box, enter ‘5901’. This will be the port for the VNC GUI viewer using the SSH tunnel.
• Click ‘Add’
• Navigate back to the ‘Session’ category menu and click ‘Save’ to save the settings
Finding the IP Address of the Raspberry Pi
A Raspberry Pi can have two IP addresses. One for a wired connection and the other for a wireless connection. Eth0 identifies the wired address and wlan0 identifies the wireless address. Run this command in Terminal to identify the network connections.
$ ifconfig
Step 6 – Configure a VNC session for remote login to a Raspberry Pi
Start the VNC Viewer on the Windows PC.
• Click on File | New connection…
• In the VNC Server: box enter ‘localhost:5901’
• Enter a suitable name that will identify the purpose of the connection.
• Click OK to save.
Conclusion
Remote secure encrypted access to a Raspberry Pi on a separate local network, several kilometers away, can now be achieved with a GUI desktop using only a few mouse clicks and keystrokes:
• Start PuTTY on the Windows PC. Load and open a saved login session for the Raspberry Pi
• Manually login with PuTTY to the Raspberry Pi
• Start VNC Viewer on the Windows PC. Open a Localhost:5901 connection to the Raspberry Pi
