In this howto I will cover how to use OpenSSH (running in Cygwin) and TightVNC to access your Windows desktop from your phone. Please note that while the use of OpenSSH is optional, it is highly recommended since it allows you to encrypt all communication between your VNC server and client.

Before we begin download Cygwin (Homepage | Direct Link) and TightVNC (Homepage | Direct Link). If you are on Windows 7, follow the links to the TightVNC 2 Beta version on the download page instead of downloading the stable build.

For all intents and purposes you can think of Cygwin as a VM that enables you to install, configure and run Linux programs in Windows either as services or from the command line. The setup procedure is pretty straight forward:

1. Start setup.exe and follow along with the default settings and download-mirror of your choice until you are prompted to choose packages
2. Click on the Net-branch and select the OpenSSH package for installation – Cygwin will automatically select the package dependencies

3. Complete the installation
4. Start Cygwin (start as administrator if you’re using Windows Vista or Windows 7) and enter the following command at the command line:

• ssh-host-config

5.  OpenSSH will prompt you with a number of options, they should be answered as follows:

• Privilege Separation: Yes
• Create local user: Yes
• environment variable CYGWIN: ntsec tty

6. It is recommended that you disable SSH protocol 1 for security reasons, unless you absolutely need it for some reason, in which case you probably don’t need this how-to. Open the file

• c:\cygwin\etc\defaults\etc\sshd_config

in notepad and search for the line that reads:

• #Protocol 2

if you are using the stable version it may read:

• #Protocol 2,1

change it so that it reads:

• Protocol 2

(i.e. remove the # and the ,1) and save the file.

7. Go back to your Cygwin prompt and run the following command to start OpenSSH:

• net start sshd

If the return is:

• The CYGWIN sshd service is starting.
• The CYGWIN sshd service was started successfully.

OpenSSH was succefully installed and you can move on to create an account and password with which to access it.

8. In Cygwin, run the following command:

• ssh-user-config

This will create a variety of public/private key combinations with different encryption mechanisms as well as enable password-based access for the account. To avoid headaches, it is recommended that you use the same password for all of these. Please also note, that depending on your SSH client, it is possible to gain remote access using one of these public/private key-sets without having to enter a password, however, this can pose a great security-risk (in the form of automated full access to your computer) if your phone is ever stolen so it will not be covered here.

9. Optionally, you can enable OpenSSH as a service that is started automatically when Windows starts. To do so hit the Start button, click Control Panel, double click Administrative Tasks, open Services and set CYGWIN sshd to automatic.

To conclude the OpenSSH installation, you need to open and forward the port 22 to access OpenSSH remotely:

8. SSH connections run on port 22 by default, if you are behind a firewall you will need to open that port to inbound traffic. If you are running Windows Vista check here for instructions or if you are running Windows 7, check here to open ports on the built in firewalls. If you are running custom firewall software, please consult the manuals for more information on this.

9. More likely than not, you are also behind a router of some sort. If so, make sure that port 22 is forwarded to the box you are trying to access or that DMZmode is enabled for it. Again, please consult the device specific manuals for help with this.

10. On your phone, download the ConnectBot App from Android Market and run it.

11. Click through the introductory notes and select ssh from the drop-down list when you can, in the text field enter the following values:

• username@hostname:22

into the input field. Username is your windows username (please note, it is case SENSITIVE); hostname is either your IP address or some other unique identifier (such as a dyndns address). If you use your IP address make sure to use your public IP-address, not the one used for your home network. If you are unsure how to determine this address got to:  http://whatismyipaddress.com/ to find out. If you elected to run OpenSSH on a custom port (i.e. not on port 22), make sure to reflect that in your settings as well.

12. ConnectBot will now attempt to connect to your OpenSSH servervia the internet (Tip: depending on your network configuration and ISP, you may have trouble connecting if your box and phone are sharing an internet connection, disable wifi on your phone to avoid this). Enter your password when prompted. Eventually (it may take up to 3 minutes or so depending on your data speed) you should see a console similar to the Cygwin console. Enter the following command:

• pwd

It should return something like:

• /home/username

13. Hit the back button on your phone and you will notice that your connection has been saved. Long-click it (about 2 seconds) until a context menu appears and select

• Edit host

Make sure to set the following options:

• Use pubkey authentication: Do not use keys
• Compression: Checked
• Start Shell Session: Unchecked
• Stay Connected: Checked

Hit the back button to return to the connections list.

14. Again, long-click the connection and select

• Edit port forwards

from the context menu. In the following screen hit the menu key and click

• Add port forward

Add the following values:

• Nickname: tight vnc tunnel
• Type: Local
• Source port: 5900
• Destination: localhost:5900

and click create port forward.

This concludes the configuration of your SSH server and client and it is time to get VNC up and running.

15. The tight VNC installation is rather straight forward and you should be good with the default settings (make sure to install TightVNC as a service if you want the added convenience). Once installed, right click the VNC Icon in your Notifications Bar and select Configure.

16. Note: the following reference points are for TightVNC 2 Beta, if you downloaded the stable version, you might have to do some clicking around but equivalents should be available for all options. In the Server tab verify at least the following settings:

• Accept incoming connections: checked
• Main server port 5900
• Require VNC authentication: checked

In the Access Control tab verify at least the following settings:

• Allow loopback connections: checked (this enables SSH to connect to VNC on the smae machine)
• Allow only loopback connections (this creates an added layer of security by blocking connections that aren’t initiated locally)

Hit OK to accept your settings and VNC is good to go. Now how do we pull it all together?

Well, there are a number of VNC client programs out there but androidVNC seems to lead the pack in terms of speed and functionality.

17. Go to the market and download and start androidVNC (you are of course free to use another VNC client but this howto will only cover how to set up android VNC).

18. Select the following settings on the initial screen:

• Connection: New
• Nickname: My Computer
• Password: The password set in TightVNC
• Address: localhost
• Port: 5900
• Color Format: 256 colors (while up to 24-bit color depth is supported, life will be more fun at 256 colors as this will reduce loading times significantly)

Hit connect and you should see your your computer’s screen magically appear on your phone within less than a minute.