Perhaps you were searching for a way to tunnel the unix socket provided by qemu or kvm for vnc through an ssh tunnel, too? When I was searching for an answer, I found ssvnc, which I did not give a try, because I wanted to solve the problem with socat and ssh.

I started kvm on the remote machine using the following command:

kvm -vnc unix:/home/services/vms/vnc-socket ...

Then I connected socat locally on the remote machine to test the settings:

socat STDIO UNIX-CONNECT:/home/services/vms/vnc-socket

Which worked pretty fine. On the local side we need a listener on a tcp port around port 5500+ (not a must, but the standard vnc port), which can be created like that:

socat STDIO TCP-LISTEN:5500

As reading and writing is not possible with a single pipe, one cannot just do pipe into socat like this:

ssh root@tee.schottelius.org "socat STDIO UNIX-CONNECT:/home/services/vms/vnc-socket" | socat STDIO TCP-LISTEN:5500

But socat has another nice option, the EXEC parameter, which solves the problem:

socat TCP-LISTEN:5500 EXEC:'ssh root@tee.schottelius.org "socat STDIO UNIX-CONNECT:/home/services/vms/vnc-socket"'

And now I can connect locally via tightvnc:

xtightvncviewer -encodings "copyrect tight hextile zlib corre rre raw" localhost:5500

I specify a different order for the encodings, because xtightvncviewer prefers raw "encoding", if it connects to localhost, which is not desired here.

And that's it, vnc connected to a unix socket from kvm tunneled through ssh!