The package provides a GUI for Windows, Mac OS X, and Unix that automatically starts up an STUNNEL SSL tunnel for SSL or ssh/plink for SSH connections to any VNC server, such as x11vnc, and then launches the VNC Viewer to use the encrypted tunnel.

The x11vnc server has built-in SSL support, however SSVNC can make SSL encrypted VNC connections to any VNC Server if they are running an SSL tunnel, such as STUNNEL or socat, at their end. SSVNCs SSH tunnel will work to any VNC Server host running sshd that you can log into.

The Enhanced TightVNC Viewer package started as a project to add some patches to the long neglected Unix TightVNC Viewer. However, now the front-end GUI, encryption, and wrapper scripts features possibly outweigh the Unix TightVNC Viewer improvements (see the lists below to compare).

The SSVNC Unix vncviewer can also be run without the SSVNC encryption GUI as an enhanced replacement for the xvncviewer, xtightvncviewer, etc., viewers.

In addition to normal SSL, SSVNC also supports the VeNCrypt SSL/TLS and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and Windows. Via the provided SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS encryption also works with any third party VNC Viewer (e.g. RealVNC, TightVNC, UltraVNC, etc...) you select via Change VNC Viewer.

The short name for this project is "ssvnc" for SSL/SSH VNC Viewer. This is the name of the command to start it.

There is a simplified SSH-Only mode (sshvnc). And an even more simplified Terminal-Services mode (tsvnc) for use with x11vnc on the remote side.

It is a self-contained bundle, you could carry it around on, say, a USB memory stick / flash drive for secure VNC viewing from almost any machine, Unix, Mac OS X, and Windows (and if you create a directory named "Home" in the toplevel ssvnc directory on the drive your VNC profiles and certs will be kept there as well). For Unix, there is also a conventional source tarball to build and install in the normal way and not use a pre-built bundle.

Please read this information on using SSVNC on workstations with Untrusted Local Users.

The bundle unpacks a directory/folder named: ssvnc. It contains these programs to launch the GUI: Windows/ssvnc.exe for Windows MacOSX/ssvnc for Mac OS X Unix/ssvnc for Unix (the Mac OS X and Unix launchers are simply links to the bin directory). See the README for more information.

The SSH-Only mode launcher program has name sshvnc. The Terminal Services mode launcher program (assumes x11vnc 0.8.4 or later and Xvfb installed on the server machine) has name tsvnc.

The Viewer SSL support is done via a wrapper script (bin/ssvnc_cmd that calls bin/util/ss_vncviewer) that starts up the STUNNEL tunnel first and then starts the TightVNC viewer pointed at that tunnel. The bin/ssvnc program is a GUI front-end to that script. See this FAQ for more details on SSL tunnelling. In SSH connection mode, the wrappers start up SSH appropriately.

One user on Windows created a BAT file to launch SSVNC and needed to do this to get the Home directory correct: cd ssvncWindows start ssvncWindowsssvnc.exe (an optional profile name can be supplied to the ssvnc.exe line)

WARNING: if you use ssvnc from an "Internet Cafe", i.e. some untrusted computer, please be aware that someone may have set up that machine to be capturing your keystrokes, etc.

These also work: "sshvnc myprofile" and "sshvnc user@hostname". To switch from the regular SSVNC mode, click "SSH-Only Mode" under Options. This mode is less distracting if you never plan to use SSL, manage certificates, etc.

These also work: "tsvnc myprofile" and "tsvnc user@hostname". To switch from the regular SSVNC mode, click "Terminal Services" under Options.

This mode should be very easy for beginner users to understand and use. On the remote end you only need to have x11vnc and Xvfb available in $PATH, and on the local end you just run something like: tsvnc myname@myhost.com (or start up the tsvnc GUI first and then enter myname@myhost.com and press "Connect").

Normally the Terminal Services sessions created are virtual (RAM-only) ones (e.g. Xvfb, Xdummy, or Xvnc), however a nice feature is if you have a regular X session (i.e displaying on the physical hardware) on the remote machine that you are ALREADY logged into, then the x11vnc run from tsvnc will find it for you as well.

Also, there is setting "X Login" under Advanced Options that allows you to attach to a real X server with no one logged in yet (i.e. XDM/GDM/KDM Login Greeter screen) as long as you have sudo(1) permission on the remote machine.

Nice features to soon to be added to the tsvnc mode are easy CUPS printing (working fairly well) and Sound redirection (needs much work) of the Terminal Services Desktop session. It is easier in tsvnc mode because the entire desktop session can be started with the correct environment.