I've been reading some articles on the web about securing VNC connections by tunneling the connection over SSH. However, from the server perspective it will still allow an unsecured connections and you're relying on the client to setup up the SSH tunneling. Is there a way to configure the Linux server to now allow connection over an unsecured channel? Thanks.

If your VNC server supports it (mine doesn't) you could use 'vncserver -localhost'. Else, SPOF-wise good to do regardless, set iptables to block inbound access to the VNC port (range) from -i ethernet device(s).

This sounds like it will block all incoming request regardless of whether they are secure or not. I'm only looking to block unsecured connections. Also what does SPOF stand for?

Your definition of "secure" in this context is "tunneling the connection over SSH", meaning only port TCP/22 and related are seen in flight between client and server. The client connects to the VNC server from the SSH tunnel endpoint which resides on the server. It should be easy for you to verify by doing VNC-over-SSH and check server-side what ports and endpoints are in use for that particular set of connections.

SPOF is the FLA of Single Point of Failure. (FLA being the TLA of Four Letter Acronym).

If you're tunneling through SSH, the incoming connection will be on a user defined port not 5900, as is usual for VNC. SSH will then pass the connection to 5900 internally.

If you have iptables drop all incoming tcp/udp with a source address of anything and destination port of 5900, you will arrive at the following set of circumstances.
1. Any connections coming in to the user defined port using VNC over SSH will be accepted.
2. Any connections just using VNC to the standard port, will be dropped.
3. Any connections to the user defined port, using just VNC will not complete, as SSH will reject them.