I was discussing VNC this afternoon with some students and the question came up on how to secure VNC. As you may have noticed most network protocols do not have much for built in security. Many rely on other programs for their network security needs, such as ssh. This is also the case with VNC.
If you use VNC regularly to connect to other Linux machines you may want to consider adding a lower-layer of encryption with ssh. Here is a quick run-down on how that is done:
If you look at the man page for vncviewer (man (1) vncviwer) you’ll notice there is a small section for -via. The -via option, as outlined in the man page will do:
Makes the connection go through SSH to a gateway host. The gateway should be the target host for best connection secrecy.
Basically this is saying that you can tunnel VNC over SSH within your connection command. Let’s give it a try.
vncviewer -via user@host localhost:0
This, of course, will require that you have both ssh and vnc access to a remote machine.