SSH is one of my favorite networking tools as it is straight forward to use, comes pre-installed on OSX and most Linux distros and provides a great way of securely accessing network services from remote locations.
Because my home server doesn’t have a static IP address I have been using the free service by no-ip.org which updates it’s DNS records when your IP address changes. I then set up my router to forward port 222 (ssh is normally 22 but setting a non standard port means you don’t get as many bots trying to guess your login details) to port 22 of my server on my home LAN.
Once you have setup ssh and have forwarded port 22 from your router to your ssh server you can use the command below in terminal to forward connections:
ssh -L 5901:127.0.0.1:5900 email@example.com -p 222 -N
-L sets up local forwarding
5901 is the local port you will connect to that will be forwarded to the remote system
127.0.0.1 is the remote system that the port will be forward to. 127.0.0.1 is the localhost, or system running the ssh server, but you can use another system on your network such as 192.168.55.3 if you want.
5900 is the remote port that the connection will be forwarded to (5900 is VNC in this case)
firstname.lastname@example.org is your username followed by Internet address of your server
-p 222 specifies a non standard SSH port
-N means that only the tunnel will be created not a remote shell.
In OSX you can then press Command-K in finder and type vnc://127.0.0.1:5901 to view the screen of the remote computer with all traffic between you local and remote system encrypted via ssh.
I recommended using a private public key and not passwords when settings this up for even more security.