By nature, VNC is not a secure protocol. A well-known security risk of VNC is that you connect to a VNC server via an unencrypted channel across the network. Thus anyone can snoop on an established VNC session. To protect against VNC sniffing, you should try additional out-of-band encryption mechanism, underneath or on top of VNC connections.
One such mechanism is to set up a VNC session through an SSH tunnel. In this tutorial, I will describe how to set up VNC over SSH on Linux.
I assume that you already have a VNC server to connect to set up somewhere on the network.
In order to create an SSH tunnel to a remote host where a VNC server is running, the remote host needs to have SSH server running as well. Thus first install OpenSSH server on the remote host.
The next step is to create an SSH tunnel from a local host to the remote host. In order to do so, run the following command. Here 5900 is the port number which a remote VNC server is listening on.
Once you enter SSH password and successfully log in, an SSH tunnel will be established between 127.0.0.1:5900 and remote_host:5900.
Now you can go ahead and launch VNC client from local host. On VNC client, connect to 127.0.0.1:5900, instead of the remote VNC server. The VNC traffic will then be routed over the SSH tunnel between you and the remote VNC server, and thus be securely protected from packet sniffing.
Subscribe to Xmodulo
You can have daily Linux tutorials and FAQs delivered to your email inbox. Simply enter your email address below to subscribe to our mailing list. You will receive hands-on guides and carefully written tutorials related to Linux, everything for free.