Securely connect to a VNC server tunneled over SSH from Windows with this procedure. We use SSH tunneling for the insecure VNC protocol as for other insecure protocols like RDP. This procedure works from a local Windows PC to a remote VNC server on Linux, macOS, etc. We assume the remote server computer has an SSH server and VNC server already setup.
On the local client computer, add to the ~/.ssh/config for this Host a line like:
LocalForward 5990 localhost:5900
where 5900 is the VNC port on the remote PC, and 5990 is an arbitrary distinct port on the local PC to avoid clashes on 5900. Note: the VNC server might use port other than 5900. On Linux a common default VNC port is 5901.
To connect, ssh to the server as usual, then use VNC Viewer to connect to
When the SSH connection (tunnel) is closed, so is the VNC connection.
Reference: macOS network ports