News
Faster Speeds: Bandwidth for vStack Servers in Kazakhstan Increased to 200 Mbps
Log in Sign up
JH
Joe Harris
February 1 2021
Updated May 19 2025

How to Establish TightVNC Connection Over SSH tunnel in Ubuntu 22.04

Linux Security Ubuntu VNC

Using another OS?

Select the desired version or distribution.
Ubuntu 22.04
CentOS 8 Ubuntu 22.04

We recently covered the process of installing and configuring a TightVNC server on Ubuntu 20.04. In addition to this, the process of setting up a secure SSH tunnel for a TightVNC connection will now be described. This is because VNC itself is not secure. Using an SSH tunnel corrects the situation.

Preparation

SSH tunneling is a method that routes network traffic from your application to a remote server. In traditional communication, an application sends data through its own socket, adhering to its own protocol. However, with tunneling, a local service accepts the network packets and redirects them through a secure connection. Upon reaching the remote server, the packets are decapsulated, allowing the application to receive the data as intended.

Install all dependencies for correct implementation:

apt update && apt install xfce4 xfce4-goodies tightvncserver ufw -y
installation
Screenshot №1 — Installation

Set password for correct work:

vncserver
pass
Screenshot №2 — Pass

We need to close port of VNC service on public interface:

ufw deny 5901/tcp

You also need to close all running TightVNC sessions.

vncserver -kill :1

And start a session listening only for internal connections. After opening the SSH tunnel, this will be our connection.

vncserver -localhost

If you have configured the TightVNC service, open its configuration.

nano /etc/systemd/system/vncserver.service

Find the ExecStart parameter and make it look like this:

ExecStart=/usr/bin/vncserver -localhost

Reload systemd:

systemctl daemon-reload

And start (or restart) the service:

systemctl enable --now vncserver

Creating a SSH Tunnel

The following command must be run on the client computer from which you are connecting to the VNC server. It connects port 61000 on the local machine to port 5901 on the server via an SSH tunnel.

ssh -L 61000:localhost:5901 -N -l username VNC_server_IP

The following options are used to create a tunnel:

  • -L - forwarding information from local port 61000 to remote port 5901 via SSH tunnel;
  • -N - specifies to only forward ports, not execute the command;
  • -l - specifies the username to create the tunnel.

Replace username and VNC_server_IP with your own parameters. If you connect using an SSH key, do not forget to add the -i parameter, as with a usual SSH connection.

Using Putty to create a SSH tunnel

Use normal connection parameters in Putty. Besides these, you need to add some settings. Namely, go to Connection - SSH - Tunnels, enter 61000 in the Source port and localhost:5901 in the Destination.

Click Add and Apply.

Connecting to a remote desktop

The tunnel has now been created. To connect to the remote desktop, use the same client as in the first part of the tutorial - any VNC client you like. Enter localhost:61000 as the VNC server.

Vote:
4 out of 5
Аverage rating : 4.7
Rated by: 6
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
Preparation
Creating a SSH Tunnel
Using Putty to create a SSH tunnel
Connecting to a remote desktop

Thanks! Please indicate the reason for the low rating so that we can improve the article

Create account

or sign up with

By signing up you agree to the Terms of Service.

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.