Linux: Setup SSH To Tunnel VNC Traffic Though Internet

I have UNIX workstation and Linux server at work and Ubuntu desktop at home. It is recommended that I use ssh tunnel the VNC protocol for secure communication. How do I access my UNIX workstation desktop here at home over the Internet using ssh?

VNC can be accessed over the Internet using ssh protocol. This will improve security as traffic will be encrypted.

Sample Setup

 +----------------+                   +-----------------+
 | Laptop @ Home  |---> Internet ---> | UNIX PC @ Work  |
 +----------------+                   +-----------------+
                                       vncserver port 5901  

 +----------------+                   +-----------------+
 | Laptop @ Home  |---> Internet ---> | Router/firewall |
 +----------------+                   | port forwarding |
                                            | ssh/tcp22
                                          //   \\
                                          /      \
                                       | UNIX/Linux /OS X| 
                                       | at work         |
                                       vncserver @ port 5901

Your work pc may be directly connected to the Internet. Otherwise most offices have a router and firewall installed. You need to make sure your firewall allows port forwarding for TCP port 22 to your UNIX / OS X / workstation or server called It works as follows:

 | SSH Client |-------> Internet ssh connection with encryption  
 | with       |                         |
 | vncviewer  |                         |
 +------------+                         |
                             | SSH server at port 22  |
                             | Vncserver at port 5501 |

You connect from your local ssh client (localhost) to your ssh server ( installed at your work UNIX pc with port forwarding at router / firewall level. I’m assuming that port forwarding is correctly configured at your office. Now, open the terminal and type the following command:

ssh  -N -f -L 5000:localhost:5901

The above command will start an ssh connection to and also listen on port 5000 on localhost and forward vnc connection to port 5901 on Usaully local and remote port numbers are same to avoid confusion:

ssh  -N -f -L 5901:localhost:5901

Now, you can use vncviewer at your home as follows:
vncviewer localhost:5901
You can also use GUI tool and set VNC server location to localhost:5901

Fig.01: Setup ssh to tunnel VNC traffic over the Internet

Fig.01: Setup ssh to tunnel VNC traffic over the Internet

Once connected you will get desktop login windows or last session window as follows:
Fig.02: VNC in action and more secure using SSH

Fig.02: VNC in action and more secure using SSH

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • Scott Jul 16, 2010 @ 2:54

    Awesome – I can use this at work. Thanks,

  • saneep Jul 24, 2010 @ 4:37

    Superb …..very much informative

  • linuxnownever Jul 28, 2010 @ 17:31

    how do you expect to log in to your company’s network without a VPN to allow port 22. Why would your sever be directly connected to the internet?

  • MichaelGuoj Sep 21, 2015 @ 11:44

    Thank you very much!

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum