Ubuntu 14.04 и Шифрование VNC

http://linux.die.net/man/1/x11vnc

vencrypt mode

The VeNCrypt extension to the VNC protocol allows
    encrypted SSL/TLS connections. If the -ssl mode is enabled, then VeNCrypt is enabled as well BY DEFAULT (they both use a SSL/TLS tunnel, only the protocol handshake is a little different.)
To control when and how VeNCrypt is used, specify the
    mode string. If mode is "never", then VeNCrypt is not used. If mode is "support" (the default) then VeNCrypt is supported. If mode is "only", then the similar and older ANONTLS protocol is not simultaneously supported. x11vnc's normal SSL mode (vncs://) will be supported under -ssl unless you set mode to "force".
If mode is prefixed with "nodh:", then Diffie Hellman
    anonymous key exchange is disabled. If mode is prefixed with "nox509:", then X509 key exchange is disabled.
To disable all Anonymous Diffie-Hellman access
    (susceptible to Man-In-The-Middle attack) you will need to supply "-vencrypt nodh:support -anontls never" or "-vencrypt nodh:only"
If mode is prefixed with "newdh:", then new Diffie
    Hellman parameters are generated for each connection (this can be time consuming: 1-60 secs; see -dhparams below for a faster way) rather than using the fixed values in the program. Using fixed, publicly known values is not known to be a security problem. This setting applies to ANONTLS as well.
Long example: -vencrypt newdh:nox509:support
Also, if mode is prefixed with "plain:", then
    if -unixpw mode is active the VeNCrypt "*Plain" username+passwd method is enabled for Unix logins. Otherwise in -unixpw mode the normal login panel is provided.
You *MUST* supply the -ssl option for VeNCrypt to
    be active. The -vencrypt option only fine-tunes its operation.