How to Encrypt VNC Traffic with Putty

By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on and tunnel it over secure SSH tunnel (For this,there are options in Putty).

In this example, I am using CentOS 6.2 as VNC server and VNC Viewer & PuTTY as VNC client on Windows 7.

On CentOS, edit /etc/sysconfig/vncservers file:

sudo nano /etc/sysconfig/vncservers

Add the option “-localhost“:

VNCSERVERS="1:arbab 2:ali"
VNCSERVERARGS[1]="-geometry 1024x600 -localhost"
VNCSERVERARGS[2]="-geometry 1024x600 -localhost"

Restart the VNC Service:

sudo service vncserver restart

Below steps illustrate how to connect to VNC Server through PuTTY(SSH) from Windows Machine.

Run PuTTY,enter the IP address or hostname of the VNC Server:01

On the left-hand panel, Go to Connection -> SSH -> Tunnels:02

Source Port:590x(Where x is a value that we set in vncservers file,like 1 for arbab)
Destination:localhost:590x(Same x value that we used above in source port)

Click Open button in order to connect to the Server via SSH:03

Login to the CentOS (VNC Server) with username and password:04

Upon successful connection to VNC Server, we’ll find port 5901 is in listening mode on localhost:

netstat -a

05Run VNC Viewer and enter the localhost:1(:1 is for arbab user, that we defined in vncservers file):

Enter the password, in order to connect to the VNC Server:

06Now, we are connected to remote VNC Server through ssh tunnel:

07Hope this will help you!



Leave a Reply