Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Connect to Windows Oracle Cloud Infrastructure Compute Instances using VNC Viewer with Secure Shell Tunnel

Introduction

Oracle Cloud Infrastructure (OCI) allows users to access virtual machine (VM) instances using a console connection. In cases where standard Remote Desktop Protocol (RDP) or Secure Shell (SSH) access is not available, you can use a VNC viewer to access the instance through a secure SSH tunnel. This tutorial will guide you through setting up a VNC connection to an OCI Compute instance using SSH.

Objectives

• Connect to OCI Compute instances using VNC Viewer with SSH tunnel.

Prerequisites

• A running OCI Compute instance.

• A console connection created for your instance.

• The private SSH key (.key) file associated with your OCI Compute instance.

• SSH client for your respective Operating System.

  • MacOS/Linux: The built-in ssh command-line utility terminal.

  • Windows: Use PuTTY or Git Bash.

• A VNC Viewer or VNC client like RealVNC or TigerVNC.

Note: In this tutorial, we are using Windows server and RealVNC Viewer.

Task 1: Verify your OCI Compute Instance Console Connection

Ensure that you have created a console connection in the OCI Console.

1. Log in to the OCI Console, navigate to Compute and click Instances.

2. Select your instance.

3. Click Console Connections and Create Console Connection.

4. Click Copy VNC connection for Linux/Mac.

   

Task 2: Establish an SSH Tunnel for VNC

We need to create an SSH tunnel that forwards VNC traffic on port 5900 from your local machine to the OCI Compute instance.

1. Update the following command while replacing the necessary parts, and then run it in your terminal.

   ssh -i replace-ssh-key.key \
   -o ProxyCommand="ssh -i replace-ssh-key.key -W %h:%p -p 443 \
   ocid1.instanceconsoleconnection.xxxxxxxxxxxxxxxxxxxxx@instance-xxxxxxxxxx.xxxxxxxxxxx" \
   -o HostKeyAlgorithms=+ssh-rsa \
   -o PubkeyAcceptedAlgorithms=+ssh-rsa \
   -N -L localhost:5900:ocid1.instance.oc1.xxxx.xxxxx:5900 \
   ocid1.instance.xxxxxxxxxxxxxxxxxxxxxxxxxxx
   

   Note: Explanation of the command:

   • ssh -i replace-ssh-key.key: Uses your private SSH key.
   • -o ProxyCommand="ssh -i replace-ssh-key.key -W %h:%p -p 443": Uses an intermediate connection to tunnel the request.
   • -o HostKeyAlgorithms=+ssh-rsa and -o PubkeyAcceptedAlgorithms=+ssh-rsa: Enables legacy RSA key authentication.
   • -N: Prevents the execution of remote commands (used for tunneling only).
   • -L localhost:5900:...:5900: Maps local port 5900 to the remote instance port 5900.
   • ocid1.instance...: Specifies the OCID of OCI instance.

2. After running this command, you may be prompted to accept the SSH key with a yes or no option. Enter Y and press Enter to proceed.

   Once the command runs successfully, you will not see any output or prompt in the terminal, this is expected. Do not close the terminal session, as this confirms that the SSH tunnel has been successfully established.

   

Possible Errors and Fixes

• Error 1: Unable to negotiate with UNKNOWN port 65535: no matching host key type found.

  • Fix: Ensure ssh-rsa is enabled using the -o HostKeyAlgorithms=+ssh-rsa option.

• Error 2: Permission denied (publickey).

  • Fix: Ensure the correct private key is used and has proper permissions (chmod 600 replace-ssh-key.key).

Task 3: Connect to the OCI Compute Instance using a VNC Viewer

Once the SSH tunnel is established, you can connect to your OCI Compute instance using a VNC Viewer.

1. Open VNC Viewer (RealVNC, TigerVNC, or any other VNC client).

2. In VNC Server, enter localhost:5900 and click OK.

   

3. Click Connect, if prompted, click Continue.

   

4. The VNC connection window will open. Move your cursor to the top of the RealVNC Viewer window and click Press Ctrl + Alt + Delete to unlock to bring up the Windows login screen. Enter the Username and Password for your instance to access the compute environment.

   

Verify and Troubleshoot

If the connection fails, ensure that the SSH tunnel is still running and verify that port 5900 is correctly mapped. Check OCI security rules to allow console access.

Next Steps

You have now successfully established a VNC connection to your OCI Compute instance through SSH tunneling. This method is useful for troubleshooting inaccessible instances or for cases where direct SSH/RDP connections fail.

If you need further customization, consider adding additional security measures like restricting access using firewalls or VPN tunneling.

Related Links

• Creating an Instance Console Connection

• Troubleshooting Instances Using Instance Console Connections

Acknowledgments

• Author - Akarsha I K (Cloud Architect)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Connect to Windows Oracle Cloud Infrastructure Compute Instances using VNC Viewer with Secure Shell Tunnel

G27495-01

February 2025

Copyright ©2025, Oracle and/or its affiliates.