VNC and SSH tunnel

All data in VNC are transmitted as clear-text, including your password.

To have a secure VNC session, you should make vncserver listening on localhost ONLY,

vncserver :2 -localhost

will open a VNC session on display 2 which listens on localhost only. Usually, I make this command as an shell alias so I won't forget adding '-localhost' (put in your shell rc):

alias vnc="vncserver :2 -localhost" # for sh/bash
alias vnc "vncserver :2 -localhost" # for csh/tcsh

Then, use SSH to forward the VNC session. For example,

ssh -L 5901:127.0.0.1:5902 YOUR_USERNAME@linux1.csie.ntu.edu.tw

will forward linux1's display 2 to your computer's display 1. Now, you can use your favorite vncviewer and type '127.0.0.1:1' to connect to localhost display 1 (this is necessary when you use TightVNC, for RealVNC, just use :1). Enjoy! If you do not want to have the SSH running in foreground, you can use

ssh -fN -L 5901:127.0.0.1:5902 YOUR_USERNAME@linux1.csie.ntu.edu.tw

instead. This command makes SSH stay in background after it connected to the server.

If you use PuTTY, you need to adjust your configuration as follows

And use this setting when you connect to linux1.


Drop rafan@ a line for comments and suggestions.