haha, saying “secure SSH” is a bit redundant because SSH stands for Secure Shell.
anyways.. I was trying to set up a VNC server on my desktop because .. well, it’s better than Microsoft’s RDP. (but mainly because I broke RDP and couldn’t fix it.) even for only a few hours I couldn’t connect to my home PC from school and that was an annoyance.
however, the default/free version of vncviewer that resides on the fedora9 systems at school does not support encryption, although my personal? edition VNC server on my PC does. so the only way to connect was insecure, exposing my random irrelevant password (and possibly other important data) in the packets that someone may (but unlikely) sniff.
so I finally got to figure out this “SSH tunneling” stuff – I remember being prompted with it as a solution for several other problems, but never actually did it. basically I set up an SSH server on my Windows machine (using Cygwin and OpenSSH) and forwarded a port on my router to the SSH port on my machine. then from the client machine, i would do “ssh -L RandomPort:localhost:VNCServerPort Username@IP -p SSHPort” – (thats a lot of blanks to fill in, huh? RandomPort is any [preferrably uncommon] port of your choosing, VNCServerPort is.. the port that the VNC server is listening on, username is your Windows username, ip/SSHport is the internet IP/port of the router that you’re connecting to from the outside..) and that would set up a secure link to my PC for other apps to access using RandomPort. followed up with “vncviewer localhost:RandomPort”, i can do unencrypted (free) VNC over SSH (free, secure, lol) and get my secure, free remote access.
of course i followed up my setup with Wireshark sniffing my own packets, but I’m not pro enough to actually look for data inside packets that isn’t already in my face.