Accessing your Mac server via VNC directly over the internet can expose you to security risks. A more secure method is to access your server using a Secure Shell (SSH) tunnel, as this allows you to block the VNC port and adds additional encryption to the connection.
This approach only requires an active SSH service on your server and does not need any special VNC configuration.
Setting Up an SSH Tunnel
- Begin by opening the Terminal application on your local computer.
- Execute the following command to create an SSH tunnel. This command maps the local port 12345 to the VNC port 5900 on your server.
ssh -L 12345:localhost:5900 [Your_Username]@[Your_Server_IP]
Replace [Your_Username] with your actual username and [Your_Server_IP] with the IP address of your server.
Initiate the VNC connection
Once logged in through SSH, you can connect to your server using the local port specified in the tunnel:
vnc://localhost:12345
Keep in mind to deny access to the VNC port (5900) using the firewall on your server. For suggestions on how to configure a firewall, see our guide: https://support.greenmini.nl/support/solutions/articles/4000170480-securing-your-mac-server-with-a-software-firewall