At this link is information on securing VNC over SSH. Apparently, the server invocation of VNC is unchanged. And the difference between unsecured and secured is due to invoking SSH with these arguments, shown, and then invoking the viewer with arguments that are different from what would be done in the unsecured scenario.
ssh user@server -L 5901/127.0.0.1/5901
vncviewer 127.0.0.1:5901
Reading the SSH man page's description of the -L
option is clear as mud. Of course 127.0.0.1 is a local address but other than that, please explain what each argument instructs the corresponding program to do and why 5901 is used when 5900 is known to be the VNC port. Is the author (carelessly?) presuming that I use the :1 argument on the server side? Why do we loopback to accomplish this?