Another benefit of using VNC over SSH is that your client Mac may be behind a firewall, which you cannot reach directly. If there is some other host, like maybe the firewall itself, which you can SSH to, then you can use SSH port forwarding to “bounce” your VNC session off of that host and connect from there to your client Mac.
This procedure assumes that the remote Mac has SSH (“Remote Login” in Sharing Preferences) enabled, and you can login with it. Suppose that you want to connect to remote.host.com with VNC and your user account on that machine is remoteuser. Open Terminal, and issue the command:
$ ssh -L 5901:remote.host.com:5900 firstname.lastname@example.orgLogin at the prompt. Once you’ve logged in, your SSH tunnel is set up. Now simply connect to vnc://localhost:5901 (via Finder -> Go -> Connect to Server), and your VNC traffic will be automagically transported over a secure SSH tunnel to the remote host, and you should get a VNC login prompt.
If remote.host.com is behind a firewall that is preventing access via SSH, but you can access another host via SSH, and that host can access remote.host.com via SSH, then you can forward your traffic through the accessible host. Suppose that host is called dmz.host.com. Run:
$ ssh -L 5901:remote.host.com:5900 email@example.comLogin to dmz.host.com, and now when you connect to vnc://localhost:5901, your network traffic will go through an SSH tunnel to dmz.host.com, and will be forwarded from there to remote.host.com. Isn’t SSH wonderful?