In this example we are screen sharing a Red Hat Enterprise Linux 7 server from a macOS client. VNC is inherently not a secure protocol. VNC passwords often goes thru clear text or no password at all (think telnet and ftp). SSH can be used to help secure your VNC connection from end to end.
Initial password setup
SSH to the server to set your VNC password, the view-only password is optional. NOTE this password should be treated as an insecure password and should not be re-used elsewhere.
Starting the VNC service
Because the VNC server is terminated upon logout, you may need to start the service first with the following commands.
Identify the service file with your user name to load. The file is in the format of vncserver-username@:#.service
Replace username with yours in the start command
Verify the service has been started
Bug reference https://bugzilla.redhat.com/show_bug.cgi?id=667764
- From the server issue the following "lsof" command to determine which port the VNC server is set to use. In most cases VNC uses port in the 5900 range. The example below shows it using port 5903.
Creating the tunnel with the port number obtained above to the Linux server with another ssh session. The -C flag is optional for compression.
Once the ssh tunnel is established you can launch Screen Sharing via the Terminal or from the Finder
via Finder > Go > Connect to Server...
- When prompted provide your VNC password. NOTE this password should be treated as an insecure password and should not be re-used elsewhere.