Double-click the tightVNC logo in the system tray to bring up the config dialog. On the Administration tab, there's a box with three checkboxes: * Disable empty passwords * Allow loopback connections * Allow only loopback connections The first one should be unchecked if you want to be able to use an empty password (not no password, just a password of zero length; there's a difference.). Doesn't really matter. The second one must be checked. It's off by default, to spare you from VNCing into your console from your console (heap bad medicine), and resulting pointer freeze and such. But the way the ssh tunnel ends on the local machine means that the outcoming VNC connection is indeed a loopback connection, and we must allow that. The third one blocks all normal connection; then all that can get through is screen-grabbing horrors (don't do those) and VNC tunneled connections. It's probably wise to enable this at some point, but not necessary.
Most likely anyone can connect to your XP box directly, unless your router is blocking port 5900. This is why is a good idea to configure your VNC server either for asking a password, or alternatively for accepting only clients coming from localhost (i.e., in our case, coming from the ssh tunnel).
I assume that's my.XP.box.IP:0 ? If it's a different display, then that would cause problems (you'd need to change which port you forward to).
For example, you could have two secure LANs, but an insecure WAN connecting the two LANs. You can use ssh/sshd to provide a secure tunnel through the WAN, and thus allowing a secure communication between any machine on the first LAN with any machine on the second LAN. The following convolved example is not really neccesary, but for the sake of the completness, let me elaborate it. Llet us assume that you have a secure LAN at your home, with two machines, with IPs: 145.24.12.10 and 145.24.12.11, The first one is a WindowsXP in which you have installed Cygwin/sshd. The second one is an old Windows98, without any ssh software installed, but with a VNC server running on display 0. At your work, you have a secure LAN, in which it is your desktop PC, running Windows2000, with IP 220.30.140.100. You have a VNC client in this PC, but no ssh software. You would like to connect this VNC client in the Windows2000 machine, with the VNC server of your Windows98 PC, at home. However, the insecure WAN connecting the two LANs is intimidating you... Fortunately, you have your Nokia n810 with you, in which you have a ssh client installed. You connect your n810 to the LAN of your office (and it gots the IP 220.30.140.101), and then you use the ssh in your nokia to make a tunnel to your Windows98 machine at home. Then, you connect the VNC client of your Windows2000 through this tunnel, and you got the desired and secured connection. How could this be done? I left it as an exercise to the reader.. :-)