By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on 127.0.0.1(localhost) and tunnel it over secure SSH tunnel (For this,there are options in Putty).
In this example, I am using CentOS 6.2 as VNC server and VNC Viewer & PuTTY as VNC client on Windows 7.
On CentOS, edit /etc/sysconfig/vncservers file:
sudo nano /etc/sysconfig/vncservers
Add the option “-localhost“:
VNCSERVERS="1:arbab 2:ali" VNCSERVERARGS="-geometry 1024x600 -localhost" VNCSERVERARGS="-geometry 1024x600 -localhost"
Restart the VNC Service:
sudo service vncserver restart
Below steps illustrate how to connect to VNC Server through PuTTY(SSH) from Windows Machine.
Source Port:590x(Where x is a value that we set in vncservers file,like 1 for arbab) Destination:localhost:590x(Same x value that we used above in source port)
Upon successful connection to VNC Server, we’ll find port 5901 is in listening mode on localhost:
Enter the password, in order to connect to the VNC Server: