ssh tunneling and vnc
vnc is insecure by nature. Thus, use it through ssh tunneling: ssh -L 999:localhost:5900 <—on local host port 999, listen for local connections, and “bind it to remote host’s localhost:5900 (remote host’s localhost = remote host). Now, vnc to localhost port 999. It’ll go through ssh’s port 22.