3

I'm trying to secure/encrypt my VNC connection (personal computer to linux/ubuntu server) using SSH port-forwarding to secure the connection:

ssh -L 5901:localhost:5901 joe@laptop

This is from: https://help.ubuntu.com/community/VNC#port-forwarding

So I type this command from my personal computer to the linux server and I am able to connect with ssh, as in login. Seems successful.

However, when I VNC (using RealVNC) to the linux server, it still warns that my connection is unencrypted. I have port-forwarded ports 5901 and 22 on my router to my local machine.

What am I missing?

Note1: I am currently using RealVNC (free version) and tightvncserver (on the linux/ubuntu server).

Note2: I am using this guide to find a way to get a secure VNC connection: https://help.ubuntu.com/community/VNC/Servers

Improve this question
1
  • Some idiot downvoted you without explanation. I've removed it. Good question Commented Aug 24, 2017 at 0:41

1 Answer 1

Reset to default
5

Please note that you are NOT VNC to the linux server. Instead, you VNC to your local machine as if it is the VNC server. If you are interested in more details, please read on.

This way, the VNC connection will actually consists of 3 sections:

  1. local VNC client port (dynamic allocated) to local:5901 , this is NOT encrypted.
  2. Above traffic then forwarded to remote_server:22, this is encrypted.
  3. From remote_server:22 to remote_server:5901, this is NOT encrypted.

This picture illustrates a typical ssh local port forwarding scenario: http://lgfang.github.io/images/local-port-forwarding-3.png In your case, the only difference is that the "target" and "ssh_server" are the same.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

That been said if ssh and vnc are on same server, you can consider your connection secured, fair enough

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.