Secure VNC with SSL

A detailed explanation of how to make VNC work over SSL can be found here. Reading that and the e-mail discussions here, I’d like to summarize the procedure:


  • Create the certificate stunnel.pem (Follow the instructions given at the link above)
  • Run VNC server: vncserver :5
  • Create a secure tunnel: stunnel -d 5950 -r 5905 -p /path/to/stunnel.pem
  • Download the source code of x11vnc. Copy the VncViewer.jar and SignedVncViewer.jar into a folder accessible by the webserver, e.g. “/vnc
  • Create an index.html file with the following content (replace YOUR-HOSTNAME with your hostname):
    <applet code="VncViewer.class" archive="VncViewer.jar" width="800" height="600">
    <param name="PORT" value="5950" />
    <param name="HOST" value="YOUR-HOSTNAME" />
    <param name="Open New Window" value="no" />
    <!-- the following helps in Opera:
    <param name="Cursor shape updates" value="Disable" />


From a web browser you can access to the following address:


Even better, if you setup the directory under SSL domain:



Remote access to your parents’ computer

You can’t always be there for your parents when they need your help desperately for their computer problems. I resolved this issue with some basic software that I’d like to share. I’d like to give the basics first and I will provide more details when I have more time.

What is the problem?

  • Remote computer (Possibly Windows PC) do not have a public address.
  • You have a Linux server with a public IP address.
  • You want to be able to securely access the remote computer.

What software?

  • Putty
  • TightVNC


  1. Install TightVNC and launch TightVNC server
    1. Set a password
    2. Optional: Only allow connections from localhost for security
  2. Install Putty
    1. Create a session to connect to your Linux server
    2. In the SSH options click on the tunnel and create a remote port forwarding. (Source: 5900, Destination: localhost:5911, Remote option selected)
    3. Save and connect to your server
    4. Optional: You can create keys to login to your server without a password. One less password to remember for them.
  3. At the Linux server, launch vncviewer to port 5911, i.e. vncviewer localhost:11

Some security tips

  • We are using putty because tunneling VNC over SSH makes it secure. You can also setup VNC over SSL and access their computer from any browser. Check out this post.
  • Allowing only local access makes it more secure against external attacks. TightVNC server only responds if the Putty is running.