For awhile now, I’ve known that the protocol used by RealVNC isn’t very secure in that it sends passwords and content in cleartext over the network. This isn’t so bad when you’re accessing machines on your local LAN, but I’ve recently been in numerous situations where I needed to VNC to a machine over a WAN, meaning the Internet in my case. And each time I wanted to do this, I had to lookup what command line options I have to pass to SSH to allow it to forward the VNC protocol and ports. I don’t do this enough to remember it, just often enough for it to be a royal PITA that I don’t remember it.
This morning I got frustrated enough to do more research. It turns out that TightVNC makes this easy because it establishes its own SSH connection for you just by providing a simple option when you invoke the vncviewer command. Sooooo much easier!! Here’s an example of how I would connect to a VNC session running on a machine at work once I’ve connected to the work VPN:
vncviewer -via 192.168.1.190 :1
Basically, all you need to do is remember to put the “-via” option in and specify the host to SSH into. In my example above, I’m connecting to a VNC session on the same host I’m SSHing into. If instead I wanted to get to a VNC session on a different machine that’s on the same LAN as my remote SSH host, I’d do:
vncviewer -via 192.168.1.190 anotherHostOnSameLAN:10
It should be noted that you can’t easily have RealVNC installed at the same time as TightVNC since they both work via the same command ‘vncviewer’. So, on my Mac OSX box, I had to do the following to switch:
sudo port deactivate vnc sudo port install tightvnc
Like I said, so much easier to use and for such little trouble! And supposedly TightVNC uses less bandwidth than RealVNC so it is a winner there too.