How to encrypt VNC connection? SSH port forwarding?

Question

I'm trying to secure/encrypt my VNC connection (personal computer to linux/ubuntu server) using SSH port-forwarding to secure the connection:

ssh -L 5901:localhost:5901 joe@laptop

This is from: https://help.ubuntu.com/community/VNC#port-forwarding

So I type this command from my personal computer to the linux server and I am able to connect with ssh, as in login. Seems successful.

However, when I VNC (using RealVNC) to the linux server, it still warns that my connection is unencrypted. I have port-forwarded ports 5901 and 22 on my router to my local machine.

What am I missing?

Note1: I am currently using RealVNC (free version) and tightvncserver (on the linux/ubuntu server).

Note2: I am using this guide to find a way to get a secure VNC connection: https://help.ubuntu.com/community/VNC/Servers

Answer 1

Please note that you are NOT VNC to the linux server. Instead, you VNC to your local machine as if it is the VNC server. If you are interested in more details, please read on.

This way, the VNC connection will actually consists of 3 sections:

1. local VNC client port (dynamic allocated) to local:5901 , this is NOT encrypted.
2. Above traffic then forwarded to remote_server:22, this is encrypted.
3. From remote_server:22 to remote_server:5901, this is NOT encrypted.

This picture illustrates a typical ssh local port forwarding scenario: http://lgfang.github.io/images/local-port-forwarding-3.png In your case, the only difference is that the "target" and "ssh_server" are the same.