Secure VNC connection over SSH Tunnel


SSH Tunnel to Linux VNC Servers

VNC connections are considered unsafe because they are not encrypted. VNC sessions can be encrypted with OpenSSH, where traffic is routed through a secure SSH tunnel and is protected.

The SSH tunnel requires user login and the VNC port. The client command runs in the Linux CLI as follows:

$ ssh -L 5901: -N -f -l USER

If user USER replaces it with the actual user name, a password is prompted to run the tunnel. Please note that this is the password for the SSH login, the user login to the VNC can ideally be the same UID, then the password is the same. The port that needs to be tunneled is 5901. The command runs on the computer of the VNC viewer. Registration takes place as usual:

login as: USER
USER@'s password:
Last login: Thu Oct 11 07:59:26 2018 from
[USER@fedora ~]$

With the VNC viewer, the virtual desktop session can now be run to the loopback address:


Note: The options must be enabled for the OpenSSH Server in the /etc/ssh/sshd_config configuration file.

AllowTcpForwarding yes
X11Forwarding yes

SSH tunnel on Windows to vnC server

On Windows, an SSH tunnel to the VNC server can be opened using PuTTY or KiTTY, tunneling via the loopback interface and port 5901.

VNC connection over SSH Tunnel, KiTTY Configuration

Under the Category, Connection – SSH – Tunnels, at Source Port 5901 is entered, Destination is, then by clicking on Add the tunnel is added.

Clicking on Open starts the tunnel by logging in to the VNC host.

The secure SSH connection to the VNC server can now be initialized. Remote Host registers the loopback address with port 5901 in the TightVNC viewer:

After registration, Connection provides information about the current connection by clicking on the icon in the menu bar.

Wie hilfreich war dieser Beitrag?

Klicke auf die Sterne um zu bewerten!

Durchschnittliche Bewertung 4.7 / 5. Anzahl Bewertungen: 3

Bisher keine Bewertungen! Sei der Erste, der diesen Beitrag bewertet.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert