Setting up your server for remote administration is one thing; making sure this remote administration happens in a secure way is another thing. By default, VNC traffic is sent over the network unencrypted. Tunneling VNC over SSH is an easy solution for that problem:
1. On your workstation, use the command ssh -X [email protected] -L 5901:yourserver:5901. This makes sure that all traffic addressed to local port 5901 is forwarded to port 5901 on your server.
2. Now from your workstation, use a tool like vncviewer to connect to the local VNC port. Note that you shouldn't connect to port 5901 but to port 1, which is an internal VNC port.
You can now access VNC, just like you did when connecting to it without encryption. The only difference is that when the tool asks for passwords, they aren't sent in plain text over the network anymore.
Was this article helpful?