Another benefit of using VNC over SSH is that your client Mac may be behind a firewall, which you cannot reach directly. If there is some other host, like maybe the firewall itself, which you can SSH to, then you can use SSH port forwarding to “bounce” your VNC session off of that host and connect from there to your client Mac.
This procedure assumes that the remote Mac has SSH (“Remote Login” in Sharing Preferences) enabled, and you can login with it. Suppose that you want to connect to remote.host.com with VNC and your user account on that machine is remoteuser. Open Terminal, and issue the command:
$ ssh -L 5901:remote.host.com:5900 remoteuser@remote.host.com
Login at the prompt. Once you’ve logged in, your SSH tunnel is set up. Now simply connect to vnc://localhost:5901 (via Finder -> Go -> Connect to Server), and your VNC traffic will be automagically transported over a secure SSH tunnel to the remote host, and you should get a VNC login prompt.
$ ssh -L 5901:remote.host.com:5900 remoteuser@dmz.host.com
Login to dmz.host.com, and now when you connect to vnc://localhost:5901, your network traffic will go through an SSH tunnel to dmz.host.com, and will be forwarded from there to remote.host.com. Isn’t SSH wonderful?
