How to Encrypt VNC Traffic with Putty


Before starting this tutorial, please read this post, to learn more about the VNC Server setting that we are using in this tutorial.
By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on 127.0.0.1(localhost) and tunnel it over secure SSH tunnel (For this,there are options in Putty).
In this example, I am using CentOS 6.2 as VNC server and VNC Viewer & PuTTY as VNC client on Windows 7.
On CentOS, edit /etc/sysconfig/vncservers file:

sudo nano /etc/sysconfig/vncservers


Add the option “-localhost“:

VNCSERVERS="1:arbab 2:ali"
VNCSERVERARGS[1]="-geometry 1024x600 -localhost"
VNCSERVERARGS[2]="-geometry 1024x600 -localhost"


Restart the VNC Service:

sudo service vncserver restart


Below steps illustrate how to connect to VNC Server through PuTTY(SSH) from Windows Machine.
Run PuTTY,enter the IP address or hostname of the VNC Server:

On the left-hand panel, Go to Connection -> SSH -> Tunnels:

Source Port:590x(Where x is a value that we set in vncservers file,like 1 for arbab)
Destination:localhost:590x(Same x value that we used above in source port)


Click Open button in order to connect to the Server via SSH:

Login to the CentOS (VNC Server) with username and password:

Upon successful connection to VNC Server, we’ll find port 5901 is in listening mode on localhost:

netstat -a


Run VNC Viewer and enter the localhost:1(:1 is for arbab user, that we defined in vncservers file):

Enter the password, in order to connect to the VNC Server:

Now, we are connected to remote VNC Server through ssh tunnel:

Hope this will help you!


Leave a Reply

Your email address will not be published.