News
3 new Serverspace GPT API Language Models available now!
JH
Joe Harris
February 1 2021
Updated June 30 2025

How to Securely Connect to a VNC Server Over SSH Tunnel on CentOS 8

CentOS Linux Security VPS

Using another OS?

Select the desired version or distribution.

We recently covered how to install TigerVNC server on CentOS 8. VNC connections are insecure by themselves. Therefore, in this tutorial, we are going to show you how to establish a VNC connection over a SSH tunnel on CentOS 8. This will secure the connection and transmitted data. To successfully complete the steps from this manual, you must complete all the settings from the first part.

SSH configuration

Previously, we created the user username. Now, we need to ensure that this user has permission to connect to the server via SSH. To verify this, attempt to establish an SSH connection to the remote server using the username account. If the connection is successful, the user has the necessary access; otherwise, additional configuration may be required.

username

If this works, you can proceed to the next step. If not, you need to either enable password authorization on the server, or configure a SSH key for username. See chapters SSH configuration and SSH key configuration in the Initial CentOS 8 Server Setup note.

TigerVNC configuration

Open the TigerVNC configuration file:

sudo nano /etc/tigervnc/vncserver-config-defaults

Uncomment the following line:

# localhost

Restart the TigerVNC service:

sudo systemctl restart vncserver@:2

Now it will not be possible to connect via VNC to the server directly from a remote computer, only via a SSH tunnel.

Now let's move on to the client computer.

Creating a SSH tunnel on Linux or MacOS

On any Unix-like operating system, just open a command prompt and enter the following command:

ssh -L 62000:localhost:5902 -N username@TigerVNC_server_IP

Replace username with your login that was created in the first part of the tutorial. And TigerVNC_server_IP with your server address. As you can see, this is a usual ssh command. The -L and -N flags allow it to be used to create a tunnel.

Creating a SSH tunnel on Windows with Putty

In Putty, the differences from regular SSH connection are also not very different. You need to go to the Connection section, then SSH and finally Tunnels. Enter 62000 in the Source port and localhost:5902 in the Destination.

Click Add and Apply.

Establishing a VNC connection over a SSH tunnel

After establishing the SSH tunnel, you can securely connect to the remote VNC server. To do this, open any VNC client (such as TightVNC or RealVNC), just as you did earlier. However, instead of using the server’s IP address, connect to localhost:62000 — this forwards the connection through the encrypted SSH tunnel to the remote VNC service.

localhost:62000

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.