VNC via SSH Tunnel

While I typically use a remote shell, occasionally I’ll need use a GUI remotely.  On the remote machine, create the remote server:

vncserver :1 -geometry 1920x1080 -depth 16 -localhost

This creates a new VNC server for X11 display :1 (:0 is the one created on boot, if not a headless machine).  -localhost ensures that the server does not accept remote connections.  Instead, I use SSH tunneling to provide an encrypted channel to the server:

ssh -NL localhost:5901:localhost:5901 SERVERNAME &

Using -L, we bind local port 5901 to port 5901 on the remote server, which is the default VNC port for display :1.

Tear down the server when finished:

vncserver -kill :1

Using an Existing Desktop Session

To mirror an existing X11 session instead, use x11vnc:

ssh -L 5900:localhost:5900 SERVERNAME 'x11vnc -usepw -localhost -forever -display :0;'