Change VNC server port

If you are going to use SSH to tunnel then you don't need to change any ports on any of your services as you don't open your firewall to those ports. With SSH tunneling you only open tcp port 22 on your router/firewall.

If you subsequently lock down SSH logins to use public key authentication only then you are really secure.

Designate one of your macs to be the SSH server. Then give that mac a fixed local IP address. Then forward port 22 from your router to that mac.

Then to login remotely in your terminal use the following command

ssh -L 5901:localhost:5900 yourpublicip

Then in your vnc client use a server address of localhost:5901

Mac 1 internal address of: 192.168.168.22
Mac 2 internal address of: 192.168.168.23

Public IP address: 208.xxx.yyy.zzz

So I'm out on the road... Lets say I want to connect to Mac 1 VNC:

How do I do it? Currently my firewall has SSH directed to Mac 2...

That is the step I'm stumbling on is how to get to two macs behind a firewall? Maybe I'm just missing something.

Tell your Router to Forward Port 22022 to Mac 1's port 22 (192.168.168.22)

Tell your Router to Forward Port 22023 to Mac 2's port 22 (192.168.168.23)

Now when you want to connect to Mac 1 you use

ssh -p 22022 ...

and when you want to connect to Mac 2 you use

ssh -p 22023 ...

I do this all the time. I've got 5 Macs with unique port forwarding combinations on my Firewall.

try this:

ssh -L35900:localhost:5900 -L25900:192.168.168.22:5900 mark@208.xxx.yyy.zzz (.23 is the one with ssh port forwarded to it -- note the second port forward switch is directed to the other computer, not to .23's localhost interface)

then in screen sharing or vnc client, to connect to .23:
localhost:35900

and in screen sharing or vnc client, to connect to .22:
localhost:25900

I notice you are in Ft Collins CO; if you are on DSL with Qwest, and you have one of their 2-Wire 2701 modems, you can cross-connect ports on the "Edit Firewall Settings" configuration page by adding new user-defined applications (e.g., "ssh22" and "ssh23") and defining what port it is using on the WAN side and what port and LAN IP to map to on the LAN side. If you have one of Qwest's ActionTec DSL modems, you can't cross-connect ports; that modem is not that robust. But if you have a 2-Wire modem, you could try this:

map external WAN port 22022 to 192.168.168.22's port 22 and
map external WAN port 23022 to 192.168.168.23's port 22, then

ssh -p22022 -L25900:localhost:5900 mark@208.xxx.yyy.zzz
and to vnc to .22, connect to
localhost:25900
or
ssh -p23022 -L35900:localhost:5900 mark@208.xxx.yyy.zzz
and to vnc to .23, connect to
localhost:35900

if you need access to both simultaneously open a second Terminal session to handle the second simultaneous ssh session

You could do the same thing with file sharing (so long as file sharing is turned on on .22 and .23) by adding additional -L switches to tunnel ports to the destination computers' port 548 in your ssh command, then in Finder, connect to server localhost:{tunneled port number}