Recently, Macs on our LAN have been experiencing penetration efforts via VNC (on port 5900). I am wondering if there is anyway to configure the Mac OS X included Apple VNC server so that it only responds to connections made via an SSH tunnel.
There have been several posting regarding a related topic, but it looks like they all presume a LAN behind a NAT router. My question pertains to Macs (Mac OS X 10.8.5—Mountain Lion) all having individual public IP addresses (ie, NOT behind a NAT router) running the included Apple VNC server. I don't have any difficulty setting up iOS Remoter to access these Macs via an SSH tunnel with standard VNC server port configurations (ie, 5900). I can change the Mac OS X VNC default port (ie, to not be 5900) and also within the iOS Remoter configurations—everything works fine. Presumably though, a port scan could find such alternate port.
Is there anyway to configure the Mac Apple VNC server so that it only responds to connections made via an SSH tunnel.
TIA
May God bless your day.